| |
| |||||||
Log-Analyse und Auswertung: Windows 7: BoBrowser Rückstände entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
16.04.2015, 15:58
| #1 |
 |  Windows 7: BoBrowser Rückstände entfernen Guten Tag, heute Morgen (ab ca. 00:00 Uhr) habe ich "CoreTemp" (eine Software zum Überwachen der Kerntemperatur) installiert und dabei ist etwas mitinstalliert worden. Ich war der Meinung, ich hätte die Häkchen bei der Extrasoftware entfernt. Dem war leider nicht so. Somit hat sich ein sogenannter "BoBrowser" mitinstalliert. Dieser ließ sich anfangs nicht einfach so deinstallieren. Ich ließ MBAM laufen und es fand einige Einträge, die es in Quarantäne stellte und die ich anschließend entfernte. Avira sprang auch mehrere Male an und blockte Zugriffe auf die Registry. Nach einem automatischen Suchlauf von Avira und dem Entfernen der sich in Quarantäne befundenen Einträge in MBAM, konnte ich BoBrowser deinstallieren. Avira hat heute Mittag (16.04.2015) wieder einen Zugriff auf die Registry blockiert. Wenn ich einen neuen Tab in Firefox aufmachen möchte (keine neue Seite laden, einfach auf das "Plussymbol" klicke), kommt folgende Meldung (Die url sieht wie folgt aus: "chrome://quick_start/content/index.html"): "File not found Firefox can't find the file at chrome://quick_start/content/index.html. Check the file name for capitalisation or other typing errors. Check to see if the file was moved, renamed or deleted." Es befinden sich daher sicher noch Reste auf meinem Rechner, deswegen wollte ich um Eure Hilfe bitten. Außer den oben genannten Problemen, die seit heute durch Installation der Software auftraten, hatte ich in der Vergangenheit keine Probleme. Leider ist der MBAM Log von heute morgen für mich nicht auffindbar, deswegen habe ich heute Mittag einen neuen Suchlauf gestartet. Folgende Logs im Post: "defogger_disable.txt", "Addition.txt", "Gmer.txt", → Da Post sonst zu lang als .rar: "FRST.txt", "MBAM_16042015.txt" und "AVSCAN-20150416-145739-20741216" Ich entschuldige mich für Unannehmlichkeiten und bedanke mich im Voraus. Defoggger_disable.txt Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:28 on 16/04/2015 (Windows7)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Addition.txt FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-04-2015 04
Ran by Windows7 at 2015-04-16 14:29:32
Running from C:\Users\Windows7\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.24.3 - Mirillis)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version: - Dylan Fitterer)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version: - The Behemoth)
Camtasia Studio 8 (HKLM-x32\...\{A0FC961E-DC6D-4144-9277-ECDBB99D0AB9}) (Version: 8.5.1.1962 - TechSmith Corporation)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Fahrenheit: Indigo Prophecy Remastered (HKLM-x32\...\Steam App 312840) (Version: - Aspyr)
FileZilla Client 3.10.2 (HKLM-x32\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)
FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Free Audio Converter version 5.0.56.128 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.56.128 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.51.1215 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.51.1215 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.52.1215 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.52.1215 - DVDVideoSoft Ltd.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
Half-Life 2: Update (HKLM-x32\...\Steam App 290930) (Version: - Filip Victor)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Mafia II (HKLM-x32\...\Steam App 50130) (Version: - 2K Czech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3076697788-3242137600-3789678494-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Movie Studio Platinum 12.0 (64-bit) (HKLM\...\{6BE763B0-958D-11E2-A440-F04DA23A5C58}) (Version: 12.0.896 - Sony)
Mozilla Firefox 37.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-GB)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0 - Mozilla)
Mp3tag v2.69 (HKLM-x32\...\Mp3tag) (Version: v2.69 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NewBlue VideoFX for Sony Vegas MSPPS (HKLM\...\NewBlue VideoFX for Sony Vegas MSPPS) (Version: 2.0 - NewBlue)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Oddworld: Abe's Exoddus (HKLM-x32\...\Steam App 15710) (Version: - Oddworld Inhabitants)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
OpenVPN 2.3.6-I603 (HKLM\...\OpenVPN) (Version: 2.3.6-I603 - )
Pesgalaxy.com Patch 2015 (HKLM-x32\...\Pesgalaxy.com Patch 2015 1.01) (Version: 1.01 - Pesgalaxy)
Pesgalaxy.com Patch 2015 (HKLM-x32\...\Pesgalaxy.com Patch 2015 4.00) (Version: 4.00 - Pesgalaxy)
Pesgalaxy.com Patch 2015 DLC Installer (HKLM-x32\...\Pesgalaxy.com Patch 2015 DLC Installer 4.00) (Version: 4.00 - Pesgalaxy)
Poker Night 2 (HKLM-x32\...\Steam App 234710) (Version: - Telltale Games)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
Pro Evolution Soccer 2015 (HKLM-x32\...\Steam App 287680) (Version: - KONAMI Digital Entertainment)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7240 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Rocket League Alpha [Currently Closed] (HKLM-x32\...\Steam App 252950) (Version: - ) <==== ATTENTION!
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Urban Trial Freestyle (HKLM-x32\...\Steam App 243450) (Version: - Tate Multimedia)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.3) (Version: 1.3.3 - Xvid Team)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3076697788-3242137600-3789678494-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Windows7\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-3076697788-3242137600-3789678494-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3076697788-3242137600-3789678494-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3076697788-3242137600-3789678494-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3076697788-3242137600-3789678494-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3076697788-3242137600-3789678494-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3076697788-3242137600-3789678494-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3076697788-3242137600-3789678494-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
29-03-2015 21:54:20 Installed Camtasia Studio 8
05-04-2015 00:51:47 Windows Update
12-04-2015 18:10:22 Geplanter Prüfpunkt
15-04-2015 17:55:24 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0C3FCF68-7242-4D96-A12C-C53926DE2B6A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-02-10] (Microsoft Corporation)
Task: {1D8C2AF7-0830-43B1-A579-B242B8A4A4E3} - System32\Tasks\{FD1ACF09-7381-4C15-9968-DD8C350A2142} => pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe"
Task: {297700CA-E94D-4C96-AC21-739EDF88DB85} - \Run_Bobby_Browser No Task File <==== ATTENTION
Task: {37BF58C2-1004-4D87-BDCF-25501A341814} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {5F5E5660-70CC-4544-8CC3-DC02B10F8208} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {640C9B73-B68E-4CD0-B6F5-D9F4BE8AAC03} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Windows7-PC-Windows7 Windows7-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {680B3F20-6D1B-4BB4-B36E-1325625F7641} - System32\Tasks\Core Temp Autostart Windows7 => d:\Program Files\Core Temp\Core Temp.exe
Task: {6BF665B7-A047-411A-AF35-9D6888CBAB33} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {8CFAB49F-E174-48E0-809F-8C131053210C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {A86D113B-2F3E-4E5E-ADF7-DBD739741887} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {AB0378E4-CE9E-4795-8103-2039413053BE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {AF6CA53F-CCE2-4A36-9B7A-D3F751D683CD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B44EC09B-E917-4AF4-8DB4-F4E33B219968} - System32\Tasks\{B8E52995-44C7-49C9-9B59-6DE8F06E2752} => pcalua.exe -a C:\Users\Windows7\Downloads\forge-1.7.10-10.13.1.1217-installer-win.exe -d C:\Users\Windows7\Downloads
Task: {B744EF2A-8A66-4244-9217-D761A9686455} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {BCE26F42-4864-4CCC-A1B9-7BD8F69CA7F4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {CE529D47-63FC-4514-BC02-7F2128F75E66} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {FB3171A3-2C02-47C1-A941-CE846290DD01} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-09-17 19:48 - 2015-03-13 18:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-10-14 18:37 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-02 16:43 - 2015-03-02 16:43 - 00099288 _____ () d:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-01-10 14:41 - 2015-03-30 03:28 - 00568392 _____ () D:\Program Files (x86)\puush\puush.exe
2014-11-21 17:57 - 2014-11-21 17:57 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-11-21 17:56 - 2014-11-21 17:56 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2014-09-20 20:32 - 2015-03-10 08:37 - 00775680 _____ () d:\Program Files (x86)\Steam\SDL2.dll
2015-01-20 21:30 - 2014-12-02 02:29 - 05002752 _____ () d:\Program Files (x86)\Steam\v8.dll
2015-01-20 21:30 - 2014-12-02 02:29 - 01612800 _____ () d:\Program Files (x86)\Steam\icui18n.dll
2015-01-20 21:30 - 2014-12-02 02:29 - 01210368 _____ () d:\Program Files (x86)\Steam\icuuc.dll
2014-09-20 20:32 - 2015-04-14 01:44 - 02371776 _____ () d:\Program Files (x86)\Steam\video.dll
2014-09-20 20:32 - 2014-12-01 23:31 - 02396672 _____ () d:\Program Files (x86)\Steam\libavcodec-56.dll
2014-09-20 20:32 - 2014-12-01 23:31 - 00442880 _____ () d:\Program Files (x86)\Steam\libavutil-54.dll
2014-09-20 20:32 - 2014-12-01 23:31 - 00479744 _____ () d:\Program Files (x86)\Steam\libavformat-56.dll
2014-09-20 20:32 - 2014-12-01 23:31 - 00332800 _____ () d:\Program Files (x86)\Steam\libavresample-2.dll
2014-09-20 20:32 - 2014-12-01 23:31 - 00485888 _____ () d:\Program Files (x86)\Steam\libswscale-3.dll
2014-09-20 20:32 - 2015-04-14 01:44 - 00702656 _____ () D:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-09-20 20:32 - 2015-02-25 03:58 - 34641288 _____ () D:\Program Files (x86)\Steam\bin\libcef.dll
2014-09-20 20:32 - 2015-02-25 03:58 - 01709960 _____ () D:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3076697788-3242137600-3789678494-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Windows7\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-3076697788-3242137600-3789678494-500 - Administrator - Disabled)
Gast (S-1-5-21-3076697788-3242137600-3789678494-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3076697788-3242137600-3789678494-1003 - Limited - Enabled)
Windows7 (S-1-5-21-3076697788-3242137600-3789678494-1001 - Administrator - Enabled) => C:\Users\Windows7
==================== Faulty Device Manager Devices =============
Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/16/2015 02:16:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Ausnahmecode: 0x40000015
Fehleroffset: 0x00093534
ID des fehlerhaften Prozesses: 0x89c
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
Error: (04/09/2015 01:32:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0xeeffee01
ID des fehlerhaften Prozesses: 0x91c
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
Error: (04/08/2015 03:07:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Ausnahmecode: 0x40000015
Fehleroffset: 0x00093534
ID des fehlerhaften Prozesses: 0x940
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
Error: (04/07/2015 02:36:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0xeeffee01
ID des fehlerhaften Prozesses: 0x958
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
Error: (04/06/2015 06:00:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm audacity.exe, Version 2.0.6.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: bf4
Startzeit: 01d070828983cfb2
Endzeit: 2
Anwendungspfad: D:\Program Files (x86)\Audacity\audacity.exe
Berichts-ID: fb770b45-dc75-11e4-8640-448a5b88d092
Error: (04/06/2015 02:35:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Exoddus.exe, Version: 2.0.0.0, Zeitstempel: 0x365b37bb
Name des fehlerhaften Moduls: Exoddus.exe, Version: 2.0.0.0, Zeitstempel: 0x365b37bb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000745ff
ID des fehlerhaften Prozesses: 0xa50
Startzeit der fehlerhaften Anwendung: 0xExoddus.exe0
Pfad der fehlerhaften Anwendung: Exoddus.exe1
Pfad des fehlerhaften Moduls: Exoddus.exe2
Berichtskennung: Exoddus.exe3
Error: (04/06/2015 01:13:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x8ec
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
Error: (04/05/2015 03:00:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Ausnahmecode: 0x40000015
Fehleroffset: 0x00093534
ID des fehlerhaften Prozesses: 0x950
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
Error: (04/04/2015 05:24:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x95c
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
Error: (04/01/2015 02:54:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Name des fehlerhaften Moduls: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00042de8
ID des fehlerhaften Prozesses: 0x9b0
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
System errors:
=============
Error: (04/16/2015 02:16:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Secunia PSI Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/16/2015 00:37:19 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "ClaraUpdater" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (04/15/2015 09:27:13 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{A6DA187A-B404-4E21-BC76-1BAC184D7C02}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Error: (04/15/2015 04:12:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/15/2015 04:12:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (04/12/2015 02:46:40 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{A6DA187A-B404-4E21-BC76-1BAC184D7C02}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Error: (04/10/2015 03:33:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/10/2015 03:33:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (04/10/2015 02:56:29 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{A6DA187A-B404-4E21-BC76-1BAC184D7C02}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Error: (04/10/2015 02:26:44 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 80.
Microsoft Office Sessions:
=========================
Error: (04/16/2015 02:16:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a82400000150009353489c01d0783e6c585f53C:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exe620ba003-e432-11e4-86c9-448a5b88d092
Error: (04/09/2015 01:32:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82unknown0.0.0.000000000c0000005eeffee0191c01d072b827e09a8dC:\Program Files (x86)\Secunia\PSI\PSIA.exeunknown14948961-deac-11e4-b480-448a5b88d092
Error: (04/08/2015 03:07:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a82400000150009353494001d071fc348a4c2aC:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exe34ef414c-ddf0-11e4-8955-448a5b88d092
Error: (04/07/2015 02:36:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82unknown0.0.0.000000000c0000005eeffee0195801d0712ec0fdd930C:\Program Files (x86)\Secunia\PSI\PSIA.exeunknownaaed96cb-dd22-11e4-8e35-448a5b88d092
Error: (04/06/2015 06:00:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: audacity.exe2.0.6.0bf401d070828983cfb22D:\Program Files (x86)\Audacity\audacity.exefb770b45-dc75-11e4-8640-448a5b88d092
Error: (04/06/2015 02:35:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Exoddus.exe2.0.0.0365b37bbExoddus.exe2.0.0.0365b37bbc0000005000745ffa5001d0705c8001d85ad:\Program Files (x86)\Steam\steamapps\common\Oddworld Abes Exoddus\Exoddus.exed:\Program Files (x86)\Steam\steamapps\common\Oddworld Abes Exoddus\Exoddus.exe6f6bc9ed-dc59-11e4-8640-448a5b88d092
Error: (04/06/2015 01:13:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82unknown0.0.0.000000000c0000005000000008ec01d0705a04ef30c4C:\Program Files (x86)\Secunia\PSI\PSIA.exeunknownf9f2814d-dc4d-11e4-8640-448a5b88d092
Error: (04/05/2015 03:00:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a82400000150009353495001d06f9fb060e7e3C:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exebe19bb27-db93-11e4-85c6-448a5b88d092
Error: (04/04/2015 05:24:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82unknown0.0.0.000000000c00000050000000095c01d06e8554d438c9C:\Program Files (x86)\Secunia\PSI\PSIA.exeunknowna243bfc4-dade-11e4-bbe8-448a5b88d092
Error: (04/01/2015 02:54:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a82c000000500042de89b001d06c4da4e453f7C:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exe472bda85-d86e-11e4-85a5-448a5b88d092
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 24%
Total physical RAM: 8140.43 MB
Available physical RAM: 6129.72 MB
Total Pagefile: 16279.05 MB
Available Pagefile: 13737.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:292.87 GB) (Free:202.2 GB) NTFS
Drive d: () (Fixed) (Total:638.54 GB) (Free:534.22 GB) NTFS
Drive e: (SS9-0E-UT1.2_DES) (CDROM) (Total:6.39 GB) (Free:0 GB) UDF
Drive f: () (Fixed) (Total:931.51 GB) (Free:676.02 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 89075DDC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=292.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=638.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 3C5DE631)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Gmer.txt GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-16 14:39:52
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST31000524AS rev.JC45 931,51GB
Running: minxxoh8.exe; Driver: C:\Users\Windows7\AppData\Local\Temp\uwtyikob.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1684] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000754e1401 2 bytes JMP 7745b1ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1684] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000754e1419 2 bytes JMP 7745b31a C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1684] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000754e1431 2 bytes JMP 774d8f09 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1684] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000754e144a 2 bytes CALL 77434885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1684] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000754e14dd 2 bytes JMP 774d8802 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1684] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000754e14f5 2 bytes JMP 774d89d8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1684] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000754e150d 2 bytes JMP 774d86f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1684] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000754e1525 2 bytes JMP 774d8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1684] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000754e153d 2 bytes JMP 7744fc78 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1684] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000754e1555 2 bytes JMP 774568bf C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1684] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000754e156d 2 bytes JMP 774d8fc1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1684] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000754e1585 2 bytes JMP 774d8b22 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1684] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000754e159d 2 bytes JMP 774d86bc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1684] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000754e15b5 2 bytes JMP 7744fd11 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1684] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000754e15cd 2 bytes JMP 7745b2b0 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1684] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000754e16b2 2 bytes JMP 774d8e84 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1684] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000754e16bd 2 bytes JMP 774d8651 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000754e1401 2 bytes JMP 7745b1ef C:\Windows\syswow64\kernel32.dll
.text C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3820] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000754e1419 2 bytes JMP 7745b31a C:\Windows\syswow64\kernel32.dll
.text C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000754e1431 2 bytes JMP 774d8f09 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000754e144a 2 bytes CALL 77434885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3820] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754e14dd 2 bytes JMP 774d8802 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754e14f5 2 bytes JMP 774d89d8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3820] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000754e150d 2 bytes JMP 774d86f8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000754e1525 2 bytes JMP 774d8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000754e153d 2 bytes JMP 7744fc78 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3820] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000754e1555 2 bytes JMP 774568bf C:\Windows\syswow64\kernel32.dll
.text C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000754e156d 2 bytes JMP 774d8fc1 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000754e1585 2 bytes JMP 774d8b22 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3820] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000754e159d 2 bytes JMP 774d86bc C:\Windows\syswow64\kernel32.dll
.text C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754e15b5 2 bytes JMP 7744fd11 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754e15cd 2 bytes JMP 7745b2b0 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754e16b2 2 bytes JMP 774d8e84 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Windows7\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754e16bd 2 bytes JMP 774d8651 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000754e1401 2 bytes JMP 7745b1ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1008] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000754e1419 2 bytes JMP 7745b31a C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000754e1431 2 bytes JMP 774d8f09 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000754e144a 2 bytes CALL 77434885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1008] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754e14dd 2 bytes JMP 774d8802 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754e14f5 2 bytes JMP 774d89d8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000754e150d 2 bytes JMP 774d86f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000754e1525 2 bytes JMP 774d8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000754e153d 2 bytes JMP 7744fc78 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1008] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000754e1555 2 bytes JMP 774568bf C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000754e156d 2 bytes JMP 774d8fc1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000754e1585 2 bytes JMP 774d8b22 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000754e159d 2 bytes JMP 774d86bc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754e15b5 2 bytes JMP 7744fd11 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754e15cd 2 bytes JMP 7745b2b0 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754e16b2 2 bytes JMP 774d8e84 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754e16bd 2 bytes JMP 774d8651 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077a3f9dc 5 bytes JMP 0000000166a2ea93
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey 0000000077a3fa24 5 bytes JMP 0000000166a2f0f8
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 0000000077a3fa3c 5 bytes JMP 0000000166a2d830
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtQueryKey 0000000077a3fa8c 5 bytes JMP 0000000166a2d38c
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 0000000077a3faa4 5 bytes JMP 0000000166a2d67d
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey 0000000077a3fb3c 5 bytes JMP 0000000166a2f338
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 0000000077a3fc34 5 bytes JMP 0000000166a3a713
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateKey 0000000077a3fd48 5 bytes JMP 0000000166a2d1d4
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077a3fd60 5 bytes JMP 0000000166a39d35
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 0000000077a3fd94 5 bytes JMP 0000000166a3a030
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077a3fe40 5 bytes JMP 0000000166a2e668
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 0000000077a3fe58 5 bytes JMP 0000000166a39e5e
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077a400b0 5 bytes JMP 0000000166a39b7a
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077a401c0 5 bytes JMP 0000000166a2d9d8
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtCreateKeyTransacted 0000000077a40750 5 bytes JMP 0000000166a2f3da
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtDeleteFile 0000000077a409e0 5 bytes JMP 0000000166a39d72
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtDeleteKey 0000000077a409f8 5 bytes JMP 0000000166a2cfa8
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077a40a40 5 bytes JMP 0000000166a2db8e
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtFlushKey 0000000077a40b7c 5 bytes JMP 0000000166a2d0be
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeKey 0000000077a40f6c 5 bytes JMP 0000000166a2e01b
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a40f84 5 bytes JMP 0000000166a2e1b7
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx 0000000077a41014 5 bytes JMP 0000000166a2f185
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyTransacted 0000000077a4102c 5 bytes JMP 0000000166a2f2a8
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyTransactedEx 0000000077a41044 5 bytes JMP 0000000166a2f215
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 0000000077a41338 5 bytes JMP 0000000166a39f47
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey 0000000077a41478 5 bytes JMP 0000000166a2de8e
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtQuerySecurityObject 0000000077a41524 5 bytes JMP 0000000166a2e37b
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtRenameKey 0000000077a41714 5 bytes JMP 0000000166a2dd06
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationKey 0000000077a41a54 5 bytes JMP 0000000166a2d535
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\SysWOW64\ntdll.dll!NtSetSecurityObject 0000000077a41b98 5 bytes JMP 0000000166a2e4fd
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007743103d 5 bytes JMP 0000000166a13904
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077431072 5 bytes JMP 0000000166a13d68
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007745c9b5 5 bytes JMP 0000000166a13a1e
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\kernel32.dll!WinExec 00000000774b3041 5 bytes JMP 0000000166a13c62
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076822642 5 bytes JMP 0000000166a13f75
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 0000000077249ebd 5 bytes JMP 000000015fe86fd4
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 0000000077250afa 5 bytes JMP 000000015fe8b735
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000077251361 5 bytes JMP 000000015fe99366
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\USER32.dll!ValidateRect 0000000077257849 5 bytes JMP 00000001600817e7
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\SHELL32.dll!SHParseDisplayName 0000000075727edb 5 bytes JMP 000000015ff681aa
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076496143 5 bytes JMP 000000016061d2e8
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\ole32.dll!CoResumeClassObjects + 7 000000007649ea09 7 bytes JMP 0000000166a4e370
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\ole32.dll!OleRun 00000000764a07de 5 bytes JMP 0000000166a4de9e
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\ole32.dll!CoRegisterClassObject 00000000764a21e1 5 bytes JMP 0000000166a51745
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\ole32.dll!OleUninitialize 00000000764aeba1 6 bytes JMP 0000000166a4de15
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\ole32.dll!OleInitialize 00000000764aefd7 5 bytes JMP 0000000166a4ddcd
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\ole32.dll!CoGetClassObject 00000000764c54ad 5 bytes JMP 0000000166a4fdbb
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\ole32.dll!CoInitializeEx 00000000764d09ad 5 bytes JMP 0000000166a4dd6d
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\ole32.dll!CoUninitialize 00000000764d86d3 5 bytes JMP 0000000166a507cf
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000764d9d0b 5 bytes JMP 0000000166a514ec
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000764d9d4e 5 bytes JMP 0000000166a4f3c7
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\ole32.dll!CoSuspendClassObjects + 7 00000000764fbb09 7 bytes JMP 0000000166a4dee6
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\ole32.dll!CoRevokeClassObject 000000007651eacf 5 bytes JMP 0000000166a4fa7c
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\ole32.dll!CoGetInstanceFromFile 000000007655340b 5 bytes JMP 0000000166a508cf
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\ole32.dll!OleRegEnumFormatEtc 000000007659cfd9 5 bytes JMP 0000000166a4de56
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000076a63e59 5 bytes JMP 000000015febf708
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000076a63eae 5 bytes JMP 000000015fedc57b
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000076a64731 5 bytes JMP 000000015ff4c244
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000076a65dee 5 bytes JMP 000000015ff59bf9
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\OLEAUT32.dll!RegisterActiveObject 0000000076a927a6 5 bytes JMP 0000000166a503db
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\OLEAUT32.dll!RevokeActiveObject 0000000076a9329c 5 bytes JMP 0000000166a4dd25
.text C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE[4968] C:\Windows\syswow64\OLEAUT32.dll!GetActiveObject 0000000076aa8f68 5 bytes JMP 0000000166a5056f
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077a3f9dc 5 bytes JMP 0000000166a2ea93
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey 0000000077a3fa24 5 bytes JMP 0000000166a2f0f8
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 0000000077a3fa3c 5 bytes JMP 0000000166a2d830
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtQueryKey 0000000077a3fa8c 5 bytes JMP 0000000166a2d38c
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 0000000077a3faa4 5 bytes JMP 0000000166a2d67d
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey 0000000077a3fb3c 5 bytes JMP 0000000166a2f338
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 0000000077a3fc34 5 bytes JMP 0000000166a3a713
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateKey 0000000077a3fd48 5 bytes JMP 0000000166a2d1d4
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077a3fd60 5 bytes JMP 0000000166a39d35
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 0000000077a3fd94 5 bytes JMP 0000000166a3a030
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077a3fe40 5 bytes JMP 0000000166a2e668
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 0000000077a3fe58 5 bytes JMP 0000000166a39e5e
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077a400b0 5 bytes JMP 0000000166a39b7a
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077a401c0 5 bytes JMP 0000000166a2d9d8
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtCreateKeyTransacted 0000000077a40750 5 bytes JMP 0000000166a2f3da
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtDeleteFile 0000000077a409e0 5 bytes JMP 0000000166a39d72
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtDeleteKey 0000000077a409f8 5 bytes JMP 0000000166a2cfa8
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077a40a40 5 bytes JMP 0000000166a2db8e
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtFlushKey 0000000077a40b7c 5 bytes JMP 0000000166a2d0be
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeKey 0000000077a40f6c 5 bytes JMP 0000000166a2e01b
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a40f84 5 bytes JMP 0000000166a2e1b7
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx 0000000077a41014 5 bytes JMP 0000000166a2f185
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyTransacted 0000000077a4102c 5 bytes JMP 0000000166a2f2a8
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyTransactedEx 0000000077a41044 5 bytes JMP 0000000166a2f215
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 0000000077a41338 5 bytes JMP 0000000166a39f47
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey 0000000077a41478 5 bytes JMP 0000000166a2de8e
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtQuerySecurityObject 0000000077a41524 5 bytes JMP 0000000166a2e37b
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtRenameKey 0000000077a41714 5 bytes JMP 0000000166a2dd06
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationKey 0000000077a41a54 5 bytes JMP 0000000166a2d535
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtSetSecurityObject 0000000077a41b98 5 bytes JMP 0000000166a2e4fd
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007743103d 5 bytes JMP 0000000166a13904
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077431072 5 bytes JMP 0000000166a13d68
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007745c9b5 5 bytes JMP 0000000166a13a1e
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\kernel32.dll!WinExec 00000000774b3041 5 bytes JMP 0000000166a13c62
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076822642 5 bytes JMP 0000000166a13f75
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 0000000077249ebd 5 bytes JMP 000000015fe86fd4
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 0000000077250afa 5 bytes JMP 000000015fe8b735
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000077251361 5 bytes JMP 000000015fe99366
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\USER32.dll!ValidateRect 0000000077257849 5 bytes JMP 00000001600817e7
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\SHELL32.dll!SHParseDisplayName 0000000075727edb 5 bytes JMP 000000015ff681aa
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076496143 5 bytes JMP 000000016061d2e8
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\ole32.dll!CoResumeClassObjects + 7 000000007649ea09 7 bytes JMP 0000000166a4e370
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\ole32.dll!OleRun 00000000764a07de 5 bytes JMP 0000000166a4de9e
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\ole32.dll!CoRegisterClassObject 00000000764a21e1 5 bytes JMP 0000000166a51745
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\ole32.dll!OleUninitialize 00000000764aeba1 6 bytes JMP 0000000166a4de15
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\ole32.dll!OleInitialize 00000000764aefd7 5 bytes JMP 0000000166a4ddcd
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\ole32.dll!CoGetClassObject 00000000764c54ad 5 bytes JMP 0000000166a4fdbb
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\ole32.dll!CoInitializeEx 00000000764d09ad 5 bytes JMP 0000000166a4dd6d
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\ole32.dll!CoUninitialize 00000000764d86d3 5 bytes JMP 0000000166a507cf
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000764d9d0b 5 bytes JMP 0000000166a514ec
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 00000000764d9d4e 5 bytes JMP 0000000166a4f3c7
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\ole32.dll!CoSuspendClassObjects + 7 00000000764fbb09 7 bytes JMP 0000000166a4dee6
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\ole32.dll!CoRevokeClassObject 000000007651eacf 5 bytes JMP 0000000166a4fa7c
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\ole32.dll!CoGetInstanceFromFile 000000007655340b 5 bytes JMP 0000000166a508cf
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\ole32.dll!OleRegEnumFormatEtc 000000007659cfd9 5 bytes JMP 0000000166a4de56
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\oleaut32.dll!SysFreeString 0000000076a63e59 5 bytes JMP 000000015febf708
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\oleaut32.dll!VariantClear 0000000076a63eae 5 bytes JMP 000000015fedc57b
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\oleaut32.dll!SysAllocStringByteLen 0000000076a64731 5 bytes JMP 000000015ff4c244
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\oleaut32.dll!VariantChangeType 0000000076a65dee 5 bytes JMP 000000015ff59bf9
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\oleaut32.dll!RegisterActiveObject 0000000076a927a6 5 bytes JMP 0000000166a503db
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\oleaut32.dll!RevokeActiveObject 0000000076a9329c 5 bytes JMP 0000000166a4dd25
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[4988] C:\Windows\syswow64\oleaut32.dll!GetActiveObject 0000000076aa8f68 5 bytes JMP 0000000166a5056f
---- Processes - GMER 2.1 ----
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [4968] 000000005fe60000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\csi.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [4968] 000000005aba0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\ACEOLEDB.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [4968] 0000000066230000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [4988] 000000005fe60000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\riched20.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [4988] 00000000648c0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\MSPTLS.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [4988] 0000000063c60000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\csi.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [4988] 000000005aba0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\ACEOLEDB.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [4988] 0000000066230000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\ACECORE.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [4988] 00000000656b0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\1031\ACEWSTR.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [4988] 0000000066350000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\ACEES.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [4988] 0000000065610000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\VBAJET32.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [4988] 0000000066200000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\expsrv.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [4988] 00000000661a0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\ACEERR.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [4988] 0000000064810000
---- EOF - GMER 2.1 ----
|
| Themen zu Windows 7: BoBrowser Rückstände entfernen |
| .dll, adware, antivirus, avira, bobrowser, bobrowser entfernen, converter, cpu, defender, desktop, entfernen, file, firefox, flash player, ftp, geforce, helper, install.exe, installation, launch, log, monitor, mp3, office 365, onedrive, opera, programm, security, software, warnung, windows |
Baum-Darstellung