| |
| |||||||
Log-Analyse und Auswertung: Win7 64-Bit: BlueScreen während GMER-ScanWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.07.2015, 09:51
| #1 |
 |  Win7 64-Bit: BlueScreen während GMER-Scan Hallo allerseits, vor einer Woche hat mein Antivirus nach der Installation von Windowsupdates die svchost.exe blockiert. Da ich dies seltsam fand (gerade auch da sie sich im System32 Ordner befindet, also dort wo sie hingehört) habe ich mal Malwarebytes laufen lassen. Ausser einem PUP wurde nichts gefunden. Bei den nachfolgenden Scans wurde nichts mehr gefunden. Zur Sicherheit habe ich noch versucht mit Avast Antirootkit zu scannen, was jedoch fehlgeschlagen ist. Bereits beim ersten herunterladen der Definitionsdatenbanken gab es einen Blue Screen und bei den darauffolgenden Scans stürzte der Scanner immer ab. Mit GMER hingegen funktioniert zwar der Quickscan ohne Probleme, jedoch gibt es einen BlueScreen, wenn ich versuche die gesamte Festplatte zu scannen. Auch listet mir GMER beim starten einige Threads auf und Malwarebytes Antirootkit macht mich beim starten auf den Registryeintrag „AppInit_Dlls“ als Hinweis auf mögliche Rootkitaktivität aufmerksam. Der Scan hingegen bleibt ohne Ergebnisse. Antivirus war bei den Scans immer deaktiviert. Ist es möglich, dass hier tatsächlich ein Rootkit am Werk ist, oder sind das einfach Fehler der Scanner bzw. Inkompatibilitäten mit meinem System? Hier die heutigen Funde beim Starten von GMER Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-07-20 09:51:51
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0001 465.76GB
Running: Gmer-19357.exe; Driver: C:\Users\Marc\AppData\Local\Temp\kwldypog.sys
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [1092:5812] 000007fef6535170
Thread C:\Windows\System32\spoolsv.exe [1228:2692] 000007fef75410c8
Thread C:\Windows\System32\spoolsv.exe [1228:2700] 000007fef7506144
Thread C:\Windows\System32\spoolsv.exe [1228:2704] 000007fef9705fd0
Thread C:\Windows\System32\spoolsv.exe [1228:2708] 000007fef74e3438
Thread C:\Windows\System32\spoolsv.exe [1228:2712] 000007fef97063ec
Thread C:\Windows\System32\spoolsv.exe [1228:2720] 000007fef7165e5c
Thread C:\Windows\System32\spoolsv.exe [1228:2724] 000007fef7195074
Thread C:\Windows\System32\spoolsv.exe [1228:2780] 000007fef7202288
Thread C:\Windows\System32\spoolsv.exe [1228:3244] 000007fef7598760
---- EOF - GMER 2.1 ----
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-07-19 17:19:36
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0001 465.76GB
Running: Gmer-19357.exe; Driver: C:\Users\Marc\AppData\Local\Temp\kwldypog.sys
---- Threads - GMER 2.1 ----
Thread [3604:3612] 0000000077d11415
Thread [3604:3868] 0000000077d22855
Thread [3604:3872] 0000000077d22855
Thread [3604:4252] 0000000077d22855
Thread [3604:4420] 0000000077d22855
Thread [3604:4496] 0000000077d22855
Thread [3604:4668] 0000000077d22855
Thread [3604:4948] 0000000077d22855
Thread [3604:2612] 0000000077d22855
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5772:5420] 000007fefb942bf8
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5772:5488] 000007feebcc5648
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5772:5764] 000007feebcc5648
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5772:6056] 000007fefcbf5124
---- EOF - GMER 2.1 ----
|
|
20.07.2015, 09:54
| #2 |
| /// TB-Ausbilder   | Win7 64-Bit: BlueScreen während GMER-Scan Hi !
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
20.07.2015, 17:49
| #3 |
| | Win7 64-Bit: BlueScreen während GMER-Scan Hallo Warlord,
__________________hier die Logs. FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-07-2015 01
Ran by Marc (administrator) on MARC-PC on 20-07-2015 18:30:01
Running from C:\Users\Marc\Desktop
Loaded Profiles: Marc (Available Profiles: Marc & Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(F-Secure Corporation) C:\Program Files (x86)\Internet Security\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(F-Secure Corporation) C:\Program Files (x86)\Internet Security\apps\CCF_Reputation\fsorsp.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(F-Secure Corporation) C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(F-Secure Corporation) C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Common\FSHDLL64.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\DOLBY PCEE4\pcee4.exe
(F-Secure Corporation) C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Common\FSM32.EXE
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(F-Secure Corporation) C:\Program Files (x86)\Internet Security\fshoster32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2189416 2011-03-09] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1796200 2011-02-23] (Acer Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-14] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-02-15] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Common\FSM32.EXE [310312 2014-10-14] (F-Secure Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [F-Secure Hoster (45119)] => C:\Program Files (x86)\Internet Security\fshoster32.exe [187432 2014-02-19] (F-Secure Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3551491834-2705507183-1249083949-1001\...\Run: [Google Update] => C:\Users\Marc\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2011-09-26]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3551491834-2705507183-1249083949-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3551491834-2705507183-1249083949-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Internet Security\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll [2015-07-13] (F-Secure Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Browsing Protection -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Internet Security\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll [2015-07-13] (F-Secure Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1433A20A-A973-4AA4-AF01-EA2C06C82C35}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6AABAD53-5546-4363-9E79-C7FBB94A9581}: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3551491834-2705507183-1249083949-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Marc\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3551491834-2705507183-1249083949-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Marc\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [{fae157c7-b8ff-46cd-8b5e-85f3785690da}] - C:\Program Files (x86)\Internet Security\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https
FF Extension: Browsing Protection - C:\Program Files (x86)\Internet Security\apps\CCF_Scanning\bin\browser\deploy\fs_firefox_https [2015-02-28]
Chrome:
=======
CHR Profile: C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-22]
CHR Extension: (Google Search) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-22]
CHR Extension: (Search by F-Secure) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkmikccifolokanfakbeadbmgchomeli [2015-02-28]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2015-02-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-13]
CHR Extension: (Google Wallet) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Gmail) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-22]
CHR HKU\S-1-5-21-3551491834-2705507183-1249083949-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gkmikccifolokanfakbeadbmgchomeli] - C:\Program Files (x86)\Internet Security\apps\SafeSearch\Chrome\main.crx [2014-05-09]
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files (x86)/Internet Security/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx [2014-11-27]
StartMenuInternet: Google Chrome - C:\Users\Marc\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 fshoster; C:\Program Files (x86)\Internet Security\fshoster32.exe [187432 2014-02-19] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2014-10-14] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\Internet Security\apps\CCF_Reputation\fsorsp.exe [60456 2015-07-07] (F-Secure Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2011-02-15] (NTI Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [208424 2015-07-13] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\HIPS\drivers\fshs.sys [71080 2015-07-13] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [55336 2015-07-13] ()
R0 fsbts; C:\Windows\SysWOW64\Drivers\fsbts.sys [42672 2013-01-19] ()
R3 fsni; C:\Program Files (x86)\Internet Security\apps\CCF_Scanning\bin\fsni64.sys [95784 2015-07-13] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13248 2013-06-24] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-20 18:30 - 2015-07-20 18:31 - 00018578 _____ C:\Users\Marc\Desktop\FRST.txt
2015-07-20 18:29 - 2015-07-20 18:30 - 00000000 ____D C:\FRST
2015-07-20 18:27 - 2015-07-20 18:27 - 02134528 _____ (Farbar) C:\Users\Marc\Desktop\FRST64.exe
2015-07-20 13:13 - 2015-07-20 13:13 - 02870984 _____ (ESET) C:\Users\Marc\Downloads\esetsmartinstaller_deu.exe
2015-07-20 09:51 - 2015-07-20 09:51 - 00001046 _____ C:\Users\Marc\Desktop\GMER start 2.log
2015-07-19 17:19 - 2015-07-19 17:19 - 00001506 _____ C:\Users\Marc\Desktop\GMER start.log
2015-07-19 17:10 - 2015-07-19 17:10 - 00262144 _____ C:\Windows\Minidump\071915-22932-01.dmp
2015-07-19 10:45 - 2015-07-20 10:05 - 00233395 _____ C:\Users\Marc\Desktop\GMER.log
2015-07-19 10:35 - 2015-07-19 10:36 - 00262144 _____ C:\Windows\Minidump\071915-22027-01.dmp
2015-07-19 10:12 - 2015-07-19 10:12 - 00380416 _____ C:\Users\Marc\Desktop\Gmer-19357.exe
2015-07-18 11:56 - 2015-07-18 11:56 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-18 11:17 - 2015-06-25 10:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-18 11:16 - 2015-06-25 20:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-18 11:16 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-18 11:16 - 2015-06-20 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-18 11:16 - 2015-06-20 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-18 11:16 - 2015-06-20 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-18 11:16 - 2015-06-20 21:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-18 11:16 - 2015-06-20 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-18 11:16 - 2015-06-20 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-18 11:16 - 2015-06-20 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-18 11:16 - 2015-06-20 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-18 11:16 - 2015-06-20 21:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-18 11:16 - 2015-06-20 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-18 11:16 - 2015-06-20 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-18 11:16 - 2015-06-20 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-18 11:16 - 2015-06-20 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-18 11:16 - 2015-06-20 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-18 11:16 - 2015-06-20 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-18 11:16 - 2015-06-20 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-18 11:16 - 2015-06-20 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-18 11:16 - 2015-06-20 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-18 11:16 - 2015-06-20 20:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-18 11:16 - 2015-06-20 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-18 11:16 - 2015-06-20 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-18 11:16 - 2015-06-20 20:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-18 11:16 - 2015-06-20 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-18 11:16 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-18 11:16 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-18 11:16 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-18 11:16 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-18 11:16 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-18 11:16 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-18 11:16 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-18 11:16 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-18 11:16 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-18 11:16 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-18 11:16 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-18 11:16 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-18 11:16 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-18 11:16 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-18 11:16 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-18 11:16 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-18 11:16 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-18 11:16 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-18 11:16 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-18 11:15 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-18 11:15 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-18 11:14 - 2015-07-09 19:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-18 11:14 - 2015-07-09 19:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-18 11:14 - 2015-07-09 19:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-18 11:14 - 2015-07-09 19:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-18 11:14 - 2015-07-09 19:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-18 11:14 - 2015-07-09 19:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-18 11:14 - 2015-07-09 19:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-18 11:14 - 2015-07-09 19:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-18 11:14 - 2015-07-09 19:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-18 11:14 - 2015-07-09 19:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-18 11:14 - 2015-07-09 19:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-18 11:14 - 2015-07-09 19:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-18 11:14 - 2015-07-09 19:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-18 11:14 - 2015-07-09 19:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-18 11:14 - 2015-07-09 19:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-18 11:14 - 2015-07-09 19:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-18 11:14 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-18 11:14 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-18 11:14 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-18 11:14 - 2015-07-02 22:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-18 11:14 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-18 11:14 - 2015-07-02 22:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-18 11:14 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-18 11:14 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-18 11:14 - 2015-06-27 04:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-18 11:14 - 2015-06-27 04:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-18 11:14 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-18 11:14 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-18 11:14 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-18 11:14 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-18 11:13 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-18 11:13 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-18 11:13 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-18 11:13 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-18 11:07 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-18 11:07 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-18 11:07 - 2015-04-27 21:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-18 11:07 - 2015-04-27 21:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-18 11:07 - 2015-04-27 21:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-18 11:07 - 2015-04-27 21:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-18 11:07 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-18 11:07 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-18 11:07 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-18 11:07 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-18 11:06 - 2015-07-01 22:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-18 11:06 - 2015-07-01 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-18 11:06 - 2015-07-01 22:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-18 11:06 - 2015-07-01 22:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-18 11:06 - 2015-07-01 22:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-18 11:06 - 2015-07-01 22:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-18 11:06 - 2015-07-01 22:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-18 11:06 - 2015-07-01 22:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-18 11:06 - 2015-07-01 22:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-18 11:06 - 2015-07-01 22:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-18 11:06 - 2015-07-01 22:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-18 11:06 - 2015-07-01 22:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-18 11:06 - 2015-07-01 22:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-18 11:06 - 2015-07-01 22:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-18 11:06 - 2015-07-01 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-18 11:06 - 2015-07-01 22:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-18 11:06 - 2015-07-01 22:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-18 11:06 - 2015-07-01 22:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-18 11:06 - 2015-07-01 22:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-18 11:06 - 2015-07-01 22:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-18 11:06 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-18 11:06 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-18 11:06 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-18 11:06 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-18 11:06 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-18 11:06 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-18 11:06 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-18 11:06 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-18 11:06 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-18 11:06 - 2015-07-01 22:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-18 11:06 - 2015-07-01 22:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-18 11:06 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-18 11:06 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-18 11:06 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-18 11:06 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-18 11:06 - 2015-07-01 21:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-18 11:06 - 2015-07-01 21:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-18 11:06 - 2015-07-01 21:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-18 11:05 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-18 11:05 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-18 11:05 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-18 11:05 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-18 11:05 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-18 11:05 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-18 11:05 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-18 11:05 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-18 11:05 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-18 11:05 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-18 11:05 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-18 11:05 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-18 11:04 - 2015-07-09 19:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-18 11:04 - 2015-07-09 19:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-18 11:04 - 2015-07-09 19:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-18 11:04 - 2015-07-09 19:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-18 11:04 - 2015-07-09 19:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-18 11:04 - 2015-07-09 19:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-18 11:04 - 2015-07-09 19:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-18 11:04 - 2015-07-09 19:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-18 11:04 - 2015-07-03 20:05 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-18 11:04 - 2015-07-03 20:05 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-18 11:04 - 2015-07-03 20:05 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-18 11:04 - 2015-07-03 20:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-18 11:04 - 2015-07-03 19:56 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-18 11:04 - 2015-07-03 19:56 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-18 11:04 - 2015-07-03 19:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-18 11:04 - 2015-07-03 19:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-18 11:04 - 2015-07-03 18:52 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-18 11:04 - 2015-07-03 18:42 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-18 11:04 - 2015-06-03 22:16 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-07-18 11:04 - 2015-06-03 22:16 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-07-17 12:16 - 2015-07-17 14:02 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-17 12:14 - 2015-07-18 10:52 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-17 11:21 - 2015-07-17 11:21 - 00262144 _____ C:\Windows\Minidump\071715-31278-01.dmp
2015-07-17 10:22 - 2015-07-17 10:23 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Marc\Downloads\mbar-1.09.1.1004.exe
2015-07-14 10:45 - 2015-07-20 10:40 - 00000000 ____D C:\EEK
2015-07-14 10:45 - 2015-07-14 10:45 - 00000747 _____ C:\Users\Marc\Desktop\Start Emsisoft Emergency Kit.lnk
2015-07-14 10:43 - 2015-07-14 10:43 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MARC-PC-Windows-7-Home-Premium-(64-bit).dat
2015-07-14 09:44 - 2015-07-14 10:01 - 161089928 _____ C:\Users\Marc\Downloads\EmsisoftEmergencyKit.exe
2015-07-13 13:04 - 2015-07-13 13:44 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-13 13:04 - 2015-07-13 13:04 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-13 11:28 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-13 11:28 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-07-13 11:00 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-07-13 11:00 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-07-13 11:00 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-07-13 10:59 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-07-13 10:59 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-07-13 10:59 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-07-13 10:59 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-07-13 10:59 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-07-13 10:59 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-07-13 10:59 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-07-13 10:59 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-07-13 10:59 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-07-13 10:59 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-07-13 10:59 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-07-13 10:59 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-07-13 10:59 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-07-13 10:59 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-07-13 10:59 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-07-13 10:59 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-07-13 10:59 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-07-13 10:59 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-07-13 10:59 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-07-13 10:59 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-07-13 10:59 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-07-13 10:59 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-07-13 10:59 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-07-13 10:59 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-07-13 10:59 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-07-13 10:59 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-07-13 10:59 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-07-13 10:59 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-07-13 10:59 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-07-13 10:59 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-07-13 10:59 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-07-13 10:59 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-07-13 10:59 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-07-13 10:59 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-07-13 10:59 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-07-13 10:59 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-07-13 10:59 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-07-13 10:59 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-07-13 10:59 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-07-13 10:59 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-07-13 10:59 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-07-13 10:59 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-07-13 10:59 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-07-13 10:59 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-07-13 10:59 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-07-13 10:59 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-07-13 10:59 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-07-13 10:59 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-07-13 10:59 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-07-13 10:59 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-07-13 10:59 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-07-13 10:59 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-07-13 10:59 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-07-13 10:59 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-07-13 10:59 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-07-13 10:59 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-07-13 10:59 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-07-13 10:59 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-07-13 10:57 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-07-13 10:55 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-07-13 10:55 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-07-13 10:55 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-07-13 10:55 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-07-13 10:55 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-07-13 10:55 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-07-13 10:55 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-07-13 10:55 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-07-13 10:55 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-07-13 10:55 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-07-13 10:55 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-07-13 10:55 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-07-13 10:55 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-07-13 10:55 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-07-13 10:55 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-07-13 10:55 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-07-13 10:55 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-07-13 10:55 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-07-13 10:55 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-07-13 10:55 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-07-13 10:55 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-07-13 10:55 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-07-13 10:55 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-07-13 10:55 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-07-13 10:55 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-07-13 10:55 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-07-13 10:55 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-07-13 10:55 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-07-13 10:55 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-07-13 10:55 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-07-13 10:55 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-07-13 10:55 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-07-13 10:55 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-07-13 10:55 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-07-13 10:55 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-07-13 10:55 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-07-13 10:55 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-07-13 10:55 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-07-13 10:55 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-07-13 10:55 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-07-13 10:55 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-07-13 10:55 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-07-13 10:55 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-07-13 10:55 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-07-13 10:54 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-07-13 10:54 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-07-13 10:54 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-07-13 10:54 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-07-13 10:54 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-07-13 10:54 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-07-13 10:54 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-07-13 10:54 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-07-13 10:54 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-07-13 10:54 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-07-13 10:54 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-07-13 10:54 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-07-13 10:54 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-07-13 10:54 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-07-13 10:54 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-07-13 10:54 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-07-13 10:54 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-07-13 10:54 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-07-13 10:54 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-07-13 10:51 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-13 10:51 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-13 10:45 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-07-13 10:45 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-07-13 10:44 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-07-13 10:44 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-07-13 10:44 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-07-13 10:44 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-07-13 10:44 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-07-13 10:44 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-07-13 10:42 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-07-13 10:41 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-07-13 10:41 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-07-13 10:41 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-07-13 10:41 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-13 10:41 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-07-13 10:41 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-07-13 10:41 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-07-13 10:41 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-07-13 10:41 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-07-13 10:41 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-07-13 10:40 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-07-13 10:40 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-07-13 10:40 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-07-13 10:40 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-07-13 10:40 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-07-13 10:40 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-07-13 10:40 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-07-13 10:40 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-07-13 10:40 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-07-13 10:40 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-07-13 10:39 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-07-13 10:39 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-07-13 10:38 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-07-13 10:38 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-07-13 10:38 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-07-13 10:38 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-07-13 10:38 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-07-13 10:38 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-07-13 10:38 - 2015-01-09 05:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-07-13 10:38 - 2015-01-09 05:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-07-13 10:38 - 2015-01-09 05:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-07-13 10:38 - 2015-01-09 04:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-07-13 10:37 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-07-13 10:37 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-07-13 10:37 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-07-13 10:37 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-07-13 10:37 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-07-13 10:35 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-07-13 10:35 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-07-13 10:35 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-07-13 10:35 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-07-13 10:35 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-07-13 10:35 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-07-13 10:35 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-07-13 10:12 - 2014-12-11 19:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-07-13 10:07 - 2014-12-19 05:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-06-24 01:29 - 2015-06-24 01:29 - 01217192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-20 18:31 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-20 18:31 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-20 18:26 - 2011-06-21 11:07 - 01479510 _____ C:\Windows\WindowsUpdate.log
2015-07-20 18:23 - 2009-07-14 06:51 - 00118170 _____ C:\Windows\setupact.log
2015-07-20 18:22 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-20 13:35 - 2011-10-10 19:27 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3551491834-2705507183-1249083949-1001UA.job
2015-07-20 13:11 - 2012-08-16 10:20 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-20 10:35 - 2011-10-10 19:27 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3551491834-2705507183-1249083949-1001Core.job
2015-07-19 17:10 - 2013-01-19 15:42 - 652918503 _____ C:\Windows\MEMORY.DMP
2015-07-19 17:10 - 2013-01-19 15:42 - 00000000 ____D C:\Windows\Minidump
2015-07-19 09:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2015-07-18 14:58 - 2014-03-15 16:39 - 00001683 _____ C:\DelFix.txt
2015-07-18 14:48 - 2014-09-03 20:41 - 00314089 _____ C:\Users\Marc\AppData\Local\census.cache
2015-07-18 14:48 - 2014-09-03 20:41 - 00113449 _____ C:\Users\Marc\AppData\Local\ars.cache
2015-07-18 12:02 - 2009-07-14 06:45 - 00338488 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-18 11:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-18 11:56 - 2014-05-06 19:17 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-18 11:44 - 2011-09-26 19:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-18 11:32 - 2013-08-24 17:09 - 00000000 ____D C:\Windows\system32\MRT
2015-07-17 12:01 - 2014-07-05 11:30 - 00007599 _____ C:\Users\Marc\AppData\Local\Resmon.ResmonCfg
2015-07-17 10:38 - 2011-10-10 19:33 - 00002358 _____ C:\Users\Marc\Desktop\Google Chrome.lnk
2015-07-17 10:30 - 2011-10-10 19:27 - 00004084 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3551491834-2705507183-1249083949-1001UA
2015-07-17 10:30 - 2011-10-10 19:27 - 00003688 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3551491834-2705507183-1249083949-1001Core
2015-07-17 10:14 - 2012-08-16 10:20 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-17 10:14 - 2012-08-16 10:20 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-17 10:14 - 2012-08-16 10:20 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-14 10:33 - 2014-09-18 19:52 - 00000000 __SHD C:\Users\Marc\AppData\Local\EmieUserList
2015-07-14 10:33 - 2014-09-18 19:52 - 00000000 __SHD C:\Users\Marc\AppData\Local\EmieSiteList
2015-07-13 18:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-07-13 14:20 - 2011-06-21 11:44 - 00702338 _____ C:\Windows\system32\perfh007.dat
2015-07-13 14:20 - 2011-06-21 11:44 - 00151044 _____ C:\Windows\system32\perfc007.dat
2015-07-13 14:20 - 2009-07-14 07:13 - 01628664 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-13 14:06 - 2012-08-29 20:00 - 01602944 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-07-13 13:42 - 2012-05-11 14:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-07-13 13:42 - 2012-05-11 14:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-07-13 13:42 - 2010-11-21 05:47 - 00218998 _____ C:\Windows\PFRO.log
2015-07-13 13:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-07-13 13:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Dism
2015-07-13 13:04 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-07-13 13:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2015-07-13 13:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-07-13 11:27 - 2012-05-11 14:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-07-13 10:07 - 2013-01-19 15:49 - 00055336 _____ C:\Windows\system32\Drivers\fsbts.sys
2015-07-13 10:01 - 2012-08-29 19:59 - 00000000 ____D C:\Program Files (x86)\Internet Security
2015-07-03 08:43 - 2011-09-22 10:46 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Files in the root of some directories =======
2014-09-03 20:41 - 2015-07-18 14:48 - 0113449 _____ () C:\Users\Marc\AppData\Local\ars.cache
2014-09-03 20:41 - 2015-07-18 14:48 - 0314089 _____ () C:\Users\Marc\AppData\Local\census.cache
2014-09-03 13:47 - 2014-09-03 13:47 - 0000036 _____ () C:\Users\Marc\AppData\Local\housecall.guid.cache
2015-05-27 18:25 - 2015-05-27 18:25 - 0002855 _____ () C:\Users\Marc\AppData\Local\recently-used.xbel
2014-07-05 11:30 - 2015-07-17 12:01 - 0007599 _____ () C:\Users\Marc\AppData\Local\Resmon.ResmonCfg
2011-09-26 18:34 - 2011-09-26 18:34 - 0017408 _____ () C:\Users\Marc\AppData\Local\WebpageIcons.db
2011-06-21 11:30 - 2011-06-21 11:33 - 0015147 _____ () C:\ProgramData\ArcadeDeluxe5.log
2011-04-06 12:36 - 2010-03-02 23:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe
2014-09-10 13:39 - 2014-09-10 13:39 - 0000032 _____ () C:\ProgramData\PS.log
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-13 17:59
==================== End of log ============================
FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by Marc at 2015-07-20 18:32:04
Running from C:\Users\Marc\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3551491834-2705507183-1249083949-500 - Administrator - Disabled)
Gast (S-1-5-21-3551491834-2705507183-1249083949-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3551491834-2705507183-1249083949-1002 - Limited - Enabled)
Marc (S-1-5-21-3551491834-2705507183-1249083949-1001 - Administrator - Enabled) => C:\Users\Marc
Admin (S-1-5-21-3551491834-2705507183-1249083949-1003 - Administrator - Enabled) => C:\Users\Admin
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Computer Security (Enabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17}
AS: Computer Security (Enabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.85 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1510 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1510 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3006 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3004 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Backup Manager V3 (x32 Version: 3.0.0.85 - NTI Corporation) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.6.1.2 - Broadcom Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.6.1.2 - Broadcom Corporation)
Computer Security 14.106.103.0 (release) (x32 Version: 14.106.103.0 - F-Secure Corporation) Hidden
Crusader Kings II (HKLM-x32\...\Steam App 203770) (Version: - Paradox Development Studio)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
F-Secure CCF Reputation (x32 Version: 1.1.25.2280 - F-Secure) Hidden
F-Secure CCF Scanning 1.51.111.300 (release) (x32 Version: 1.51.111.300 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.02.136 (x32 Version: 1.02.136 - F-Secure Corporation) Hidden
F-Secure SafeSearch 1.03.146.0 (release) (x32 Version: 1.03.146.0 - F-Secure Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKU\S-1-5-21-3551491834-2705507183-1249083949-1001\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.0.82.0 - Intel)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Acer Inc.)
Launch Pad (HKLM-x32\...\F-Secure ServiceEnabler 45119) (Version: 2.06.303.0 - F-Secure Corporation)
Launch Pad (x32 Version: 2.06.303.0 - F-Secure Corporation) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.11 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8942 - NTI Corporation) Hidden
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Online Safety 2.107.2565.1702 (x32 Version: 2.107.2565.1702 - F-Secure Corporation) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6329 - Realtek Semiconductor Corp.)
Satinavs Ketten (HKLM-x32\...\{94A7C36D-3529-43ED-93ED-49C074D9BD65}) (Version: 1.2 - Deep Silver)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Shredder (Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.0 - Synaptics Incorporated)
The Banner Saga (HKLM-x32\...\Steam App 237990) (Version: - Stoic)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3102 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WinRAR 4.01 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3551491834-2705507183-1249083949-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Marc\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3551491834-2705507183-1249083949-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Marc\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3551491834-2705507183-1249083949-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Marc\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3551491834-2705507183-1249083949-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Marc\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3551491834-2705507183-1249083949-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Marc\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3551491834-2705507183-1249083949-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Marc\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3551491834-2705507183-1249083949-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Marc\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3551491834-2705507183-1249083949-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Marc\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3551491834-2705507183-1249083949-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Marc\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
18-07-2015 14:58:05 Ende der Bereinigung
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-03-09 11:43 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0B3AAC88-2335-4ED8-869D-42427D1021B3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3551491834-2705507183-1249083949-1001UA => C:\Users\Marc\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {47CEB040-9475-4787-B6DA-6CAEE4189C46} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-17] (Adobe Systems Incorporated)
Task: {712C293C-C43E-4B91-8331-589CF0205DA8} - System32\Tasks\{13D3D045-E120-4A84-A4C4-B03BFCE0BB2E} => pcalua.exe -a C:\Users\Marc\Downloads\Vuze_Installer.exe -d C:\Users\Marc\Downloads
Task: {F7656026-DAFB-4799-83F0-2D01258CFFF6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3551491834-2705507183-1249083949-1001Core => C:\Users\Marc\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3551491834-2705507183-1249083949-1001Core.job => C:\Users\Marc\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3551491834-2705507183-1249083949-1001UA.job => C:\Users\Marc\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2014-09-05 10:55 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-01-22 01:45 - 2009-01-22 01:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2011-12-30 20:25 - 2011-05-28 23:05 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2011-04-06 13:14 - 2011-03-26 02:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-05 10:53 - 2014-07-02 22:48 - 00013272 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-01-19 15:39 - 2014-10-14 17:33 - 00045608 _____ () C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Anti-Virus\FSAVHRES.eng
2014-02-19 14:56 - 2014-02-19 14:56 - 00220200 _____ () C:\Program Files (x86)\Internet Security\daas2.dll
2011-02-15 20:37 - 2011-02-15 20:37 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-02-15 20:36 - 2011-02-15 20:36 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-02-15 20:37 - 2011-02-15 20:37 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2013-01-19 15:46 - 2013-01-19 15:46 - 00030888 _____ () C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Anti-Virus\minifilter\hashlib_x86.dll
2013-01-19 15:39 - 2015-07-13 10:01 - 00175144 _____ () C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Gemini\fsgem.dll
2013-01-19 15:39 - 2015-02-28 13:40 - 00949288 _____ () C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\Anti-Virus\fm4av.dll
2013-01-19 15:39 - 2014-10-14 17:33 - 00056360 _____ () C:\Program Files (x86)\Internet Security\apps\ComputerSecurity\FSGUI\fsavures.eng
2014-12-07 15:53 - 2014-12-07 15:53 - 00592936 _____ () C:\Windows\WinSxS\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.79_none_b59ec33311fcd586\QtMultimediaKit1.dll
2011-04-06 12:30 - 2010-09-14 03:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:5925E400
AlternateDataStreams: C:\ProgramData\Temp:5D458568
AlternateDataStreams: C:\ProgramData\Temp:9B750A13
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\72441296.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\72441296.sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3551491834-2705507183-1249083949-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{6E7F0282-320B-4A28-912C-2063B3B942AC}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{AD8A6F6E-A646-42D5-A2FD-61A6F9CF7DD1}] => (Allow) LPort=2869
FirewallRules: [{A0BE558E-616C-4229-BB74-4F7BC3821DF3}] => (Allow) LPort=1900
FirewallRules: [{2B9CF7D8-C987-42D6-A0BD-6954CA361EAA}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{22E6644E-20F1-46D7-8807-152D2BCDBA2E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C0E09681-0F0A-4913-8F73-98BD881E7CC1}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{9CE9435F-E2CC-47A6-A54C-42B245E58D98}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{5E0DAD1B-D6A7-4767-A7F5-5247DC428F16}] => (Allow) C:\Users\Marc\Downloads\SweetImSetup (1).exe
FirewallRules: [{FC1877C8-83F1-409A-90AA-D0C1B7511868}] => (Allow) C:\Users\Marc\Downloads\SweetImSetup (1).exe
FirewallRules: [{A5F2F4C2-5AF5-4785-8AE8-73C08343AA2D}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{0B337D75-B669-4CD1-8CC3-DB336737391B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E0876F00-7CD1-4071-B521-B20EE7632C61}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CA0FF7D4-AF4E-49C9-8E99-F1C8C0B44DBE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E0AE54EB-1558-47E8-AED3-620A542F5F14}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9AD04CCE-BEA9-4A39-9943-B15067A6EB17}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{CDE5691A-E550-427E-8444-DCF6D7275E3D}] => (Allow) C:\Steam\Steam.exe
FirewallRules: [{B38FCDDF-972E-4043-8FFD-65025BAFF858}] => (Allow) C:\Steam\Steam.exe
FirewallRules: [{650FC14B-E9F7-4583-96E6-509130B229E0}] => (Allow) C:\Steam\bin\steamwebhelper.exe
FirewallRules: [{B3643EE9-ADC9-4902-A940-694220F3949C}] => (Allow) C:\Steam\bin\steamwebhelper.exe
FirewallRules: [{D6ABF716-D76A-452C-815C-FAE0DB80D544}] => (Allow) C:\Steam\SteamApps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{6A0B35CB-09CB-4A90-BF87-99F89549BD29}] => (Allow) C:\Steam\SteamApps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{3290D652-373B-4297-85EB-27E6F154D276}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9399867E-35DC-46A7-8374-C69BA146402A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0D301FBD-B480-411B-AFF2-323A89BDAA6B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{6439981E-8B0A-4151-8D47-2E307E81C252}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{2C057CFD-704A-4565-9DB1-3CE57B42E0D0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DD457368-652E-4D1F-9142-0C3D760CE5CD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{231E1A68-8CC2-446A-9DC6-119AF3AF62B6}] => (Allow) C:\Steam\SteamApps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{D2FB8CEF-199F-4D61-A657-1F42BCE6552D}] => (Allow) C:\Steam\SteamApps\common\Crusader Kings II\CK2game.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/20/2015 06:27:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (07/20/2015 06:24:20 PM) (Source: FSecure-FSecure-F-Secure Management Agent) (EventID: 103) (User: )
Description: 1 2015-07-20 18:24:19+02:00 MARC-PC MARC-PC\Marc F-Secure Management Agent
F-Secure Management Agent encountered an internal failure. It cannot monitor the status of a module or a plug-in and it may not be functional until the computer is restarted. If you see this message frequently, contact the system administrator or reinstall F-Secure products.
Error: (07/20/2015 06:23:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/20/2015 01:15:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (07/20/2015 01:02:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/20/2015 01:02:52 PM) (Source: FSecure-FSecure-F-Secure Management Agent) (EventID: 103) (User: )
Description: 1 2015-07-20 13:02:52+02:00 MARC-PC MARC-PC\Marc F-Secure Management Agent
F-Secure Management Agent encountered an internal failure. It cannot monitor the status of a module or a plug-in and it may not be functional until the computer is restarted. If you see this message frequently, contact the system administrator or reinstall F-Secure products.
Error: (07/20/2015 09:39:35 AM) (Source: FSecure-FSecure-F-Secure Management Agent) (EventID: 103) (User: )
Description: 1 2015-07-20 09:39:35+02:00 MARC-PC MARC-PC\Marc F-Secure Management Agent
F-Secure Management Agent encountered an internal failure. It cannot monitor the status of a module or a plug-in and it may not be functional until the computer is restarted. If you see this message frequently, contact the system administrator or reinstall F-Secure products.
Error: (07/20/2015 09:39:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/20/2015 09:27:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/20/2015 09:27:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Marc-PC.local already in use; will try Marc-PC-2.local instead
System errors:
=============
Error: (07/20/2015 06:24:24 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7
Error: (07/20/2015 06:24:24 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x800700b7hxxp://+:10243/WMPNSSv4/2811996591/
Error: (07/20/2015 06:24:24 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7
Error: (07/20/2015 06:24:24 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x800700b7hxxp://+:10243/WMPNSSv4/2811996591/
Error: (07/20/2015 06:23:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/20/2015 01:02:54 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7
Error: (07/20/2015 01:02:54 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x800700b7hxxp://+:10243/WMPNSSv4/2811996591/
Error: (07/20/2015 01:02:54 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7
Error: (07/20/2015 01:02:54 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x800700b7hxxp://+:10243/WMPNSSv4/2811996591/
Error: (07/20/2015 01:01:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office:
=========================
Error: (07/20/2015 06:27:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Marc\Downloads\esetsmartinstaller_deu.exe
Error: (07/20/2015 06:24:20 PM) (Source: FSecure-FSecure-F-Secure Management Agent) (EventID: 103) (User: )
Description: 1 2015-07-20 18:24:19+02:00 MARC-PC MARC-PC\Marc F-Secure Management Agent
F-Secure Management Agent encountered an internal failure. It cannot monitor the status of a module or a plug-in and it may not be functional until the computer is restarted. If you see this message frequently, contact the system administrator or reinstall F-Secure products.
Error: (07/20/2015 06:23:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/20/2015 01:15:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Marc\Downloads\esetsmartinstaller_deu.exe
Error: (07/20/2015 01:02:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/20/2015 01:02:52 PM) (Source: FSecure-FSecure-F-Secure Management Agent) (EventID: 103) (User: )
Description: 1 2015-07-20 13:02:52+02:00 MARC-PC MARC-PC\Marc F-Secure Management Agent
F-Secure Management Agent encountered an internal failure. It cannot monitor the status of a module or a plug-in and it may not be functional until the computer is restarted. If you see this message frequently, contact the system administrator or reinstall F-Secure products.
Error: (07/20/2015 09:39:35 AM) (Source: FSecure-FSecure-F-Secure Management Agent) (EventID: 103) (User: )
Description: 1 2015-07-20 09:39:35+02:00 MARC-PC MARC-PC\Marc F-Secure Management Agent
F-Secure Management Agent encountered an internal failure. It cannot monitor the status of a module or a plug-in and it may not be functional until the computer is restarted. If you see this message frequently, contact the system administrator or reinstall F-Secure products.
Error: (07/20/2015 09:39:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/20/2015 09:27:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/20/2015 09:27:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Marc-PC.local already in use; will try Marc-PC-2.local instead
CodeIntegrity Errors:
===================================
Date: 2014-03-09 10:42:17.951
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-03-09 10:42:17.779
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-08-23 11:57:28.688
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Marc\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-08-23 11:57:28.666
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Marc\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-08-22 21:25:40.978
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Marc\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-08-22 21:25:40.963
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Marc\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-08-11 15:46:01.828
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Marc\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-08-11 15:46:01.781
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Marc\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-08-11 15:04:57.601
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Marc\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-08-11 15:04:57.554
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Marc\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 40%
Total physical RAM: 3947.86 MB
Available physical RAM: 2352.85 MB
Total Virtual: 7893.93 MB
Available Virtual: 5902.27 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:450.66 GB) (Free:326.42 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 3F1DE35C)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450.7 GB) - (Type=07 NTFS)
==================== End of log ============================
|
|
20.07.2015, 17:54
| #4 |
| | Win7 64-Bit: BlueScreen während GMER-Scan GMER Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-07-20 10:05:38
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0001 465.76GB
Running: Gmer-19357.exe; Driver: C:\Users\Marc\AppData\Local\Temp\kwldypog.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b3e080 5 bytes JMP 0000000100191018
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b3e5d0 5 bytes JMP 0000000100190018
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077b3e680 5 bytes JMP 0000000100192018
.text C:\Windows\system32\lsm.exe[756] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000778d27e0 5 bytes JMP 0000000100193018
.text C:\Windows\system32\lsm.exe[756] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000778e1870 5 bytes JMP 0000000100194018
.text C:\Windows\system32\lsm.exe[756] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077959100 5 bytes JMP 0000000100195018
.text C:\Windows\system32\lsm.exe[756] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefda157b0 5 bytes JMP 000007ff7f969018
.text C:\Windows\system32\lsm.exe[756] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefda18770 5 bytes JMP 000007ff7f968018
.text C:\Windows\system32\lsm.exe[756] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefda18e80 5 bytes JMP 000007ff7f966018
.text C:\Windows\system32\lsm.exe[756] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefda199f0 5 bytes JMP 000007ff7f96c018
.text C:\Windows\system32\lsm.exe[756] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefda1ceb0 5 bytes JMP 000007ff7f96d018
.text C:\Windows\system32\lsm.exe[756] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefda237d0 5 bytes JMP 000007ff7f967018
.text C:\Windows\system32\lsm.exe[756] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefda26190 5 bytes JMP 000007ff7f96a018
.text C:\Windows\system32\lsm.exe[756] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefda44310 5 bytes JMP 000007ff7f96b018
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007feff95642c 5 bytes JMP 000007ff7f963018
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff956484 5 bytes JMP 000007ff7f960018
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007feff956518 5 bytes JMP 000007ff7f962018
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff956c34 5 bytes JMP 000007ff7f961018
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9575e8 5 bytes JMP 000007ff7f965018
.text C:\Windows\system32\lsm.exe[756] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff95790c 5 bytes JMP 000007ff7f964018
.text C:\Windows\system32\winlogon.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b3e080 5 bytes JMP 00000001001c1018
.text C:\Windows\system32\winlogon.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b3e5d0 5 bytes JMP 00000001001c0018
.text C:\Windows\system32\winlogon.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077b3e680 5 bytes JMP 00000001001c2018
.text C:\Windows\system32\winlogon.exe[784] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000778d27e0 5 bytes JMP 00000001001c5018
.text C:\Windows\system32\winlogon.exe[784] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000778e1870 5 bytes JMP 00000001001c6018
.text C:\Windows\system32\winlogon.exe[784] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077959100 5 bytes JMP 00000001001c7018
.text C:\Windows\system32\winlogon.exe[784] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefda157b0 5 bytes JMP 000007ff7f969018
.text C:\Windows\system32\winlogon.exe[784] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefda18770 5 bytes JMP 000007ff7f968018
.text C:\Windows\system32\winlogon.exe[784] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefda18e80 5 bytes JMP 000007ff7f966018
.text C:\Windows\system32\winlogon.exe[784] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefda199f0 5 bytes JMP 000007ff7f96c018
.text C:\Windows\system32\winlogon.exe[784] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefda1ceb0 5 bytes JMP 000007ff7f96d018
.text C:\Windows\system32\winlogon.exe[784] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefda237d0 5 bytes JMP 000007ff7f967018
.text C:\Windows\system32\winlogon.exe[784] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefda26190 5 bytes JMP 000007ff7f96a018
.text C:\Windows\system32\winlogon.exe[784] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefda44310 5 bytes JMP 000007ff7f96b018
.text C:\Windows\system32\winlogon.exe[784] C:\Windows\system32\USER32.dll!SetWindowsHookExW 00000000779ff874 5 bytes JMP 00000001001c4018
.text C:\Windows\system32\winlogon.exe[784] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077a18c20 5 bytes JMP 00000001001c3018
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b3e080 5 bytes JMP 00000001002d1018
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b3e5d0 5 bytes JMP 00000001002d0018
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077b3e680 5 bytes JMP 00000001002d2018
.text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000778d27e0 5 bytes JMP 00000001002d5018
.text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000778e1870 5 bytes JMP 00000001002d6018
.text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077959100 5 bytes JMP 00000001002d7018
.text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefda157b0 5 bytes JMP 000007ff7f969018
.text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefda18770 5 bytes JMP 000007ff7f968018
.text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefda18e80 5 bytes JMP 000007ff7f966018
.text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefda199f0 5 bytes JMP 000007ff7f96c018
.text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefda1ceb0 5 bytes JMP 000007ff7f96d018
.text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefda237d0 5 bytes JMP 000007ff7f967018
.text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefda26190 5 bytes JMP 000007ff7f96a018
.text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefda44310 5 bytes JMP 000007ff7f96b018
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007feff95642c 5 bytes JMP 000007ff7f963018
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff956484 5 bytes JMP 000007ff7f960018
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007feff956518 5 bytes JMP 000007ff7f962018
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff956c34 5 bytes JMP 000007ff7f961018
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9575e8 5 bytes JMP 000007ff7f965018
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff95790c 5 bytes JMP 000007ff7f964018
.text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b3e080 5 bytes JMP 0000000100191018
.text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b3e5d0 5 bytes JMP 0000000100190018
.text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077b3e680 5 bytes JMP 0000000100192018
.text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000778d27e0 5 bytes JMP 0000000100195018
.text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000778e1870 5 bytes JMP 0000000100196018
.text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077959100 5 bytes JMP 0000000100197018
.text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefda157b0 5 bytes JMP 000007ff7f969018
.text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefda18770 5 bytes JMP 000007ff7f968018
.text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefda18e80 5 bytes JMP 000007ff7f966018
.text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefda199f0 5 bytes JMP 000007ff7f96c018
.text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefda1ceb0 5 bytes JMP 000007ff7f96d018
.text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefda237d0 5 bytes JMP 000007ff7f967018
.text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefda26190 5 bytes JMP 000007ff7f96a018
.text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefda44310 5 bytes JMP 000007ff7f96b018
.text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007feff95642c 5 bytes JMP 000007ff7f963018
.text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff956484 5 bytes JMP 000007ff7f960018
.text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007feff956518 5 bytes JMP 000007ff7f962018
.text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff956c34 5 bytes JMP 000007ff7f961018
.text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9575e8 5 bytes JMP 000007ff7f965018
.text C:\Windows\system32\nvvsvc.exe[952] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff95790c 5 bytes JMP 000007ff7f964018
.text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b3e080 5 bytes JMP 00000001002b1018
.text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b3e5d0 5 bytes JMP 00000001002b0018
.text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077b3e680 5 bytes JMP 00000001002b2018
.text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000778d27e0 5 bytes JMP 00000001002b5018
.text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000778e1870 5 bytes JMP 00000001002b6018
.text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077959100 5 bytes JMP 00000001002b7018
.text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefda157b0 5 bytes JMP 000007ff7f969018
.text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefda18770 5 bytes JMP 000007ff7f968018
.text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefda18e80 5 bytes JMP 000007ff7f966018
.text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefda199f0 5 bytes JMP 000007ff7f96c018
.text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefda1ceb0 5 bytes JMP 000007ff7f96d018
.text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefda237d0 5 bytes JMP 000007ff7f967018
.text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefda26190 5 bytes JMP 000007ff7f96a018
.text C:\Windows\system32\svchost.exe[992] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefda44310 5 bytes JMP 000007ff7f96b018
.text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007feff95642c 5 bytes JMP 000007ff7f963018
.text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff956484 5 bytes JMP 000007ff7f960018
.text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007feff956518 5 bytes JMP 000007ff7f962018
.text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff956c34 5 bytes JMP 000007ff7f961018
.text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9575e8 5 bytes JMP 000007ff7f965018
.text C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff95790c 5 bytes JMP 000007ff7f964018
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b3e080 5 bytes JMP 0000000100401018
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b3e5d0 5 bytes JMP 0000000100400018
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077b3e680 5 bytes JMP 0000000100402018
.text C:\Windows\System32\svchost.exe[464] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000778d27e0 5 bytes JMP 0000000100405018
.text C:\Windows\System32\svchost.exe[464] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000778e1870 5 bytes JMP 0000000100406018
.text C:\Windows\System32\svchost.exe[464] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077959100 5 bytes JMP 0000000100407018
.text C:\Windows\System32\svchost.exe[464] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefda157b0 5 bytes JMP 000007ff7f969018
.text C:\Windows\System32\svchost.exe[464] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefda18770 5 bytes JMP 000007ff7f968018
.text C:\Windows\System32\svchost.exe[464] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefda18e80 5 bytes JMP 000007ff7f966018
.text C:\Windows\System32\svchost.exe[464] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefda199f0 5 bytes JMP 000007ff7f96c018
.text C:\Windows\System32\svchost.exe[464] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefda1ceb0 5 bytes JMP 000007ff7f96d018
.text C:\Windows\System32\svchost.exe[464] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefda237d0 5 bytes JMP 000007ff7f967018
.text C:\Windows\System32\svchost.exe[464] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefda26190 5 bytes JMP 000007ff7f96a018
.text C:\Windows\System32\svchost.exe[464] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefda44310 5 bytes JMP 000007ff7f96b018
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007feff95642c 5 bytes JMP 000007ff7f963018
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff956484 5 bytes JMP 000007ff7f960018
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007feff956518 5 bytes JMP 000007ff7f962018
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff956c34 5 bytes JMP 000007ff7f961018
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9575e8 5 bytes JMP 000007ff7f965018
.text C:\Windows\System32\svchost.exe[464] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff95790c 5 bytes JMP 000007ff7f964018
.text C:\Windows\System32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b3e080 5 bytes JMP 0000000100ac1018
.text C:\Windows\System32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b3e5d0 5 bytes JMP 0000000100ac0018
.text C:\Windows\System32\svchost.exe[532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077b3e680 5 bytes JMP 0000000100ac2018
.text C:\Windows\System32\svchost.exe[532] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000778d27e0 5 bytes JMP 0000000100ac5018
.text C:\Windows\System32\svchost.exe[532] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000778e1870 5 bytes JMP 0000000100ac6018
.text C:\Windows\System32\svchost.exe[532] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077959100 4 bytes JMP 0000000100ac7018
.text C:\Windows\System32\svchost.exe[532] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefda157b0 5 bytes JMP 000007ff7f969018
.text C:\Windows\System32\svchost.exe[532] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefda18770 5 bytes JMP 000007ff7f968018
.text C:\Windows\System32\svchost.exe[532] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefda18e80 5 bytes JMP 000007ff7f966018
.text C:\Windows\System32\svchost.exe[532] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefda199f0 5 bytes JMP 000007ff7f96c018
.text C:\Windows\System32\svchost.exe[532] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefda1ceb0 5 bytes JMP 000007ff7f96d018
.text C:\Windows\System32\svchost.exe[532] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefda237d0 5 bytes JMP 000007ff7f967018
.text C:\Windows\System32\svchost.exe[532] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefda26190 5 bytes JMP 000007ff7f96a018
.text C:\Windows\System32\svchost.exe[532] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefda44310 5 bytes JMP 000007ff7f96b018
.text C:\Windows\System32\svchost.exe[532] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007feff95642c 5 bytes JMP 000007ff7f963018
.text C:\Windows\System32\svchost.exe[532] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff956484 5 bytes JMP 000007ff7f960018
.text C:\Windows\System32\svchost.exe[532] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007feff956518 5 bytes JMP 000007ff7f962018
.text C:\Windows\System32\svchost.exe[532] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff956c34 5 bytes JMP 000007ff7f961018
.text C:\Windows\System32\svchost.exe[532] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9575e8 5 bytes JMP 000007ff7f965018
.text C:\Windows\System32\svchost.exe[532] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff95790c 5 bytes JMP 000007ff7f964018
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b3e080 5 bytes JMP 00000001003c1018
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b3e5d0 5 bytes JMP 00000001003c0018
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077b3e680 5 bytes JMP 00000001003c2018
.text C:\Windows\system32\svchost.exe[560] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000778d27e0 5 bytes JMP 00000001003c5018
.text C:\Windows\system32\svchost.exe[560] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000778e1870 5 bytes JMP 00000001003c6018
.text C:\Windows\system32\svchost.exe[560] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077959100 5 bytes JMP 00000001003c7018
.text C:\Windows\system32\svchost.exe[560] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefda157b0 5 bytes JMP 000007ff7f969018
.text C:\Windows\system32\svchost.exe[560] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefda18770 5 bytes JMP 000007ff7f968018
.text C:\Windows\system32\svchost.exe[560] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefda18e80 5 bytes JMP 000007ff7f966018
.text C:\Windows\system32\svchost.exe[560] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefda199f0 5 bytes JMP 000007ff7f96c018
.text C:\Windows\system32\svchost.exe[560] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefda1ceb0 5 bytes JMP 000007ff7f96d018
.text C:\Windows\system32\svchost.exe[560] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefda237d0 5 bytes JMP 000007ff7f967018
.text C:\Windows\system32\svchost.exe[560] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefda26190 5 bytes JMP 000007ff7f96a018
.text C:\Windows\system32\svchost.exe[560] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefda44310 5 bytes JMP 000007ff7f96b018
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007feff95642c 5 bytes JMP 000007ff7f963018
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff956484 5 bytes JMP 000007ff7f960018
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007feff956518 5 bytes JMP 000007ff7f962018
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff956c34 5 bytes JMP 000007ff7f961018
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9575e8 5 bytes JMP 000007ff7f965018
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff95790c 5 bytes JMP 000007ff7f964018
.text C:\Windows\system32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b3e080 5 bytes JMP 0000000101041018
.text C:\Windows\system32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b3e5d0 5 bytes JMP 0000000101040018
.text C:\Windows\system32\svchost.exe[584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077b3e680 5 bytes JMP 0000000101042018
.text C:\Windows\system32\svchost.exe[584] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000778d27e0 5 bytes JMP 0000000101045018
.text C:\Windows\system32\svchost.exe[584] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000778e1870 5 bytes JMP 0000000101046018
.text C:\Windows\system32\svchost.exe[584] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077959100 4 bytes JMP 0000000101047018
.text C:\Windows\system32\svchost.exe[584] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefda157b0 5 bytes JMP 000007ff7f969018
.text C:\Windows\system32\svchost.exe[584] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefda18770 5 bytes JMP 000007ff7f968018
.text C:\Windows\system32\svchost.exe[584] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefda18e80 5 bytes JMP 000007ff7f966018
.text C:\Windows\system32\svchost.exe[584] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefda199f0 5 bytes JMP 000007ff7f96c018
.text C:\Windows\system32\svchost.exe[584] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefda1ceb0 5 bytes JMP 000007ff7f96d018
.text C:\Windows\system32\svchost.exe[584] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefda237d0 5 bytes JMP 000007ff7f967018
.text C:\Windows\system32\svchost.exe[584] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefda26190 5 bytes JMP 000007ff7f96a018
.text C:\Windows\system32\svchost.exe[584] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefda44310 5 bytes JMP 000007ff7f96b018
.text C:\Windows\system32\svchost.exe[584] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007feff95642c 5 bytes JMP 000007ff7f963018
.text C:\Windows\system32\svchost.exe[584] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff956484 5 bytes JMP 000007ff7f960018
.text C:\Windows\system32\svchost.exe[584] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007feff956518 5 bytes JMP 000007ff7f962018
.text C:\Windows\system32\svchost.exe[584] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff956c34 5 bytes JMP 000007ff7f961018
.text C:\Windows\system32\svchost.exe[584] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9575e8 5 bytes JMP 000007ff7f965018
.text C:\Windows\system32\svchost.exe[584] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff95790c 5 bytes JMP 000007ff7f964018
.text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b3e080 5 bytes JMP 0000000100411018
.text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b3e5d0 5 bytes JMP 0000000100410018
.text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077b3e680 5 bytes JMP 0000000100412018
.text C:\Windows\system32\svchost.exe[1092] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000778d27e0 5 bytes JMP 0000000100415018
.text C:\Windows\system32\svchost.exe[1092] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000778e1870 5 bytes JMP 0000000100416018
.text C:\Windows\system32\svchost.exe[1092] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077959100 5 bytes JMP 0000000100417018
.text C:\Windows\system32\svchost.exe[1092] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefda157b0 5 bytes JMP 000007ff7f969018
.text C:\Windows\system32\svchost.exe[1092] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefda18770 5 bytes JMP 000007ff7f968018
.text C:\Windows\system32\svchost.exe[1092] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefda18e80 5 bytes JMP 000007ff7f966018
.text C:\Windows\system32\svchost.exe[1092] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefda199f0 5 bytes JMP 000007ff7f96c018
.text C:\Windows\system32\svchost.exe[1092] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefda1ceb0 5 bytes JMP 000007ff7f96d018
.text C:\Windows\system32\svchost.exe[1092] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefda237d0 5 bytes JMP 000007ff7f967018
.text C:\Windows\system32\svchost.exe[1092] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefda26190 5 bytes JMP 000007ff7f96a018
.text C:\Windows\system32\svchost.exe[1092] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefda44310 5 bytes JMP 000007ff7f96b018
.text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007feff95642c 5 bytes JMP 000007ff7f963018
.text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff956484 5 bytes JMP 000007ff7f960018
.text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007feff956518 5 bytes JMP 000007ff7f962018
.text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff956c34 5 bytes JMP 000007ff7f961018
.text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9575e8 5 bytes JMP 000007ff7f965018
.text C:\Windows\system32\svchost.exe[1092] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff95790c 5 bytes JMP 000007ff7f964018
.text C:\Windows\system32\svchost.exe[1264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b3e080 5 bytes JMP 0000000100881018
.text C:\Windows\system32\svchost.exe[1264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b3e5d0 5 bytes JMP 0000000100880018
.text C:\Windows\system32\svchost.exe[1264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077b3e680 5 bytes JMP 0000000100882018
.text C:\Windows\system32\svchost.exe[1264] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000778d27e0 5 bytes JMP 0000000100885018
.text C:\Windows\system32\svchost.exe[1264] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000778e1870 5 bytes JMP 0000000100886018
.text C:\Windows\system32\svchost.exe[1264] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077959100 5 bytes JMP 0000000100887018
.text C:\Windows\system32\svchost.exe[1264] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefda157b0 5 bytes JMP 000007ff7f969018
.text C:\Windows\system32\svchost.exe[1264] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefda18770 5 bytes JMP 000007ff7f968018
.text C:\Windows\system32\svchost.exe[1264] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefda18e80 5 bytes JMP 000007ff7f966018
.text C:\Windows\system32\svchost.exe[1264] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefda199f0 5 bytes JMP 000007ff7f96c018
.text C:\Windows\system32\svchost.exe[1264] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefda1ceb0 5 bytes JMP 000007ff7f96d018
.text C:\Windows\system32\svchost.exe[1264] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefda237d0 5 bytes JMP 000007ff7f967018
.text C:\Windows\system32\svchost.exe[1264] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefda26190 5 bytes JMP 000007ff7f96a018
.text C:\Windows\system32\svchost.exe[1264] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefda44310 5 bytes JMP 000007ff7f96b018
.text C:\Windows\system32\svchost.exe[1264] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007feff95642c 5 bytes JMP 000007ff7f963018
.text C:\Windows\system32\svchost.exe[1264] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff956484 5 bytes JMP 000007ff7f960018
.text C:\Windows\system32\svchost.exe[1264] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007feff956518 5 bytes JMP 000007ff7f962018
.text C:\Windows\system32\svchost.exe[1264] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff956c34 5 bytes JMP 000007ff7f961018
.text C:\Windows\system32\svchost.exe[1264] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9575e8 5 bytes JMP 000007ff7f965018
.text C:\Windows\system32\svchost.exe[1264] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff95790c 5 bytes JMP 000007ff7f964018
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1412] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077cf0038 5 bytes JMP 00000001008d100c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1412] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077cf0860 5 bytes JMP 00000001008d000c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1412] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077cf0968 5 bytes JMP 00000001008d200c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1412] C:\Windows\syswow64\kernel32.dll!OpenMutexA 0000000075a8ec3f 5 bytes JMP 00000001008dc00c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1412] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075a93b62 5 bytes JMP 00000001008de00c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1412] C:\Windows\syswow64\kernel32.dll!CreateDirectoryExW 0000000075ae8a31 5 bytes JMP 00000001008df00c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1412] C:\Windows\syswow64\KERNELBASE.dll!GetFileSizeEx 00000000756ace53 5 bytes JMP 00000001008e200c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1412] C:\Windows\syswow64\KERNELBASE.dll!GetFileSize 00000000756adff8 5 bytes JMP 00000001008e100c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1412] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 00000000756aeca6 5 bytes JMP 00000001008e300c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1412] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexExW 00000000756b0f0a 5 bytes JMP 00000001008db00c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1412] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000756b137f 5 bytes JMP 00000001008dd00c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1412] C:\Windows\syswow64\KERNELBASE.dll!TerminateThread 00000000756b3999 5 bytes JMP 00000001008e500c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1412] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 00000000756b3e7e 2 bytes JMP 00000001008e400c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1412] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx + 3 00000000756b3e81 2 bytes [23, 8B]
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1412] C:\Windows\syswow64\KERNELBASE.dll!CreateDirectoryW 00000000756b924e 5 bytes JMP 00000001008e000c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1412] C:\Windows\SysWOW64\sechost.dll!ControlService 00000000765e4d5c 5 bytes JMP 00000001008d800c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1412] C:\Windows\SysWOW64\sechost.dll!CloseServiceHandle 00000000765e4dc3 5 bytes JMP 00000001008d700c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1412] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000765e567c 5 bytes JMP 00000001008da00c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1412] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000765e589f 5 bytes JMP 00000001008d900c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1412] C:\Windows\SysWOW64\sechost.dll!OpenServiceW 00000000765e714b 5 bytes JMP 00000001008d500c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1412] C:\Windows\SysWOW64\sechost.dll!OpenServiceA 00000000765e7245 5 bytes JMP 00000001008d600c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1412] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076167603 5 bytes JMP 00000001008d400c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1412] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007616835c 5 bytes JMP 00000001008d300c
.text C:\Program Files\Bonjour\mDNSResponder.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b3e080 5 bytes JMP 00000001000f1018
.text C:\Program Files\Bonjour\mDNSResponder.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b3e5d0 5 bytes JMP 00000001000f0018
.text C:\Program Files\Bonjour\mDNSResponder.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077b3e680 5 bytes JMP 00000001000f2018
.text C:\Program Files\Bonjour\mDNSResponder.exe[1600] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000778d27e0 5 bytes JMP 00000001000f5018
.text C:\Program Files\Bonjour\mDNSResponder.exe[1600] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000778e1870 5 bytes JMP 00000001000f6018
.text C:\Program Files\Bonjour\mDNSResponder.exe[1600] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077959100 5 bytes JMP 00000001000f7018
.text C:\Program Files\Bonjour\mDNSResponder.exe[1600] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefda157b0 5 bytes JMP 000007ff7f969018
.text C:\Program Files\Bonjour\mDNSResponder.exe[1600] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefda18770 5 bytes JMP 000007ff7f968018
.text C:\Program Files\Bonjour\mDNSResponder.exe[1600] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefda18e80 5 bytes JMP 000007ff7f966018
.text C:\Program Files\Bonjour\mDNSResponder.exe[1600] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefda199f0 5 bytes JMP 000007ff7f96c018
.text C:\Program Files\Bonjour\mDNSResponder.exe[1600] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefda1ceb0 5 bytes JMP 000007ff7f96d018
.text C:\Program Files\Bonjour\mDNSResponder.exe[1600] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefda237d0 5 bytes JMP 000007ff7f967018
.text C:\Program Files\Bonjour\mDNSResponder.exe[1600] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefda26190 5 bytes JMP 000007ff7f96a018
.text C:\Program Files\Bonjour\mDNSResponder.exe[1600] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefda44310 5 bytes JMP 000007ff7f96b018
.text C:\Program Files\Bonjour\mDNSResponder.exe[1600] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007feff95642c 5 bytes JMP 000007ff7f963018
.text C:\Program Files\Bonjour\mDNSResponder.exe[1600] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff956484 5 bytes JMP 000007ff7f960018
.text C:\Program Files\Bonjour\mDNSResponder.exe[1600] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007feff956518 5 bytes JMP 000007ff7f962018
.text C:\Program Files\Bonjour\mDNSResponder.exe[1600] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff956c34 5 bytes JMP 000007ff7f961018
.text C:\Program Files\Bonjour\mDNSResponder.exe[1600] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9575e8 5 bytes JMP 000007ff7f965018
.text C:\Program Files\Bonjour\mDNSResponder.exe[1600] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff95790c 5 bytes JMP 000007ff7f964018
.text C:\Windows\System32\svchost.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b3e080 5 bytes JMP 00000001004c1018
.text C:\Windows\System32\svchost.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b3e5d0 5 bytes JMP 00000001004c0018
.text C:\Windows\System32\svchost.exe[1628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077b3e680 5 bytes JMP 00000001004c2018
.text C:\Windows\System32\svchost.exe[1628] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000778d27e0 5 bytes JMP 00000001004c5018
.text C:\Windows\System32\svchost.exe[1628] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000778e1870 5 bytes JMP 00000001004c6018
.text C:\Windows\System32\svchost.exe[1628] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077959100 5 bytes JMP 00000001004c7018
.text C:\Windows\System32\svchost.exe[1628] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefda157b0 5 bytes JMP 000007ff7f969018
.text C:\Windows\System32\svchost.exe[1628] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefda18770 5 bytes JMP 000007ff7f968018
.text C:\Windows\System32\svchost.exe[1628] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefda18e80 5 bytes JMP 000007ff7f966018
.text C:\Windows\System32\svchost.exe[1628] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefda199f0 5 bytes JMP 000007ff7f96c018
.text C:\Windows\System32\svchost.exe[1628] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefda1ceb0 5 bytes JMP 000007ff7f96d018
.text C:\Windows\System32\svchost.exe[1628] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefda237d0 5 bytes JMP 000007ff7f967018
.text C:\Windows\System32\svchost.exe[1628] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefda26190 5 bytes JMP 000007ff7f96a018
.text C:\Windows\System32\svchost.exe[1628] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefda44310 5 bytes JMP 000007ff7f96b018
.text C:\Windows\System32\svchost.exe[1628] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007feff95642c 5 bytes JMP 000007ff7f963018
.text C:\Windows\System32\svchost.exe[1628] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff956484 5 bytes JMP 000007ff7f960018
.text C:\Windows\System32\svchost.exe[1628] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007feff956518 5 bytes JMP 000007ff7f962018
.text C:\Windows\System32\svchost.exe[1628] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff956c34 5 bytes JMP 000007ff7f961018
.text C:\Windows\System32\svchost.exe[1628] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9575e8 5 bytes JMP 000007ff7f965018
.text C:\Windows\System32\svchost.exe[1628] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff95790c 5 bytes JMP 000007ff7f964018
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077cf0038 5 bytes JMP 000000010025100c
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077cf0860 5 bytes JMP 000000010025000c
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077cf0968 5 bytes JMP 000000010025200c
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\syswow64\kernel32.dll!OpenMutexA 0000000075a8ec3f 5 bytes JMP 000000010025c00c
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075a93b62 5 bytes JMP 000000010025e00c
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\syswow64\kernel32.dll!CreateDirectoryExW 0000000075ae8a31 5 bytes JMP 000000010025f00c
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\syswow64\KERNELBASE.dll!GetFileSizeEx 00000000756ace53 5 bytes JMP 000000010026200c
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\syswow64\KERNELBASE.dll!GetFileSize 00000000756adff8 5 bytes JMP 000000010026100c
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 00000000756aeca6 5 bytes JMP 000000010026300c
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexExW 00000000756b0f0a 5 bytes JMP 000000010025b00c
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000756b137f 5 bytes JMP 000000010025d00c
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\syswow64\KERNELBASE.dll!TerminateThread 00000000756b3999 5 bytes JMP 000000010026500c
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 00000000756b3e7e 2 bytes JMP 000000010026400c
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx + 3 00000000756b3e81 2 bytes [BB, 8A]
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\syswow64\KERNELBASE.dll!CreateDirectoryW 00000000756b924e 5 bytes JMP 000000010026000c
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\SysWOW64\sechost.dll!ControlService 00000000765e4d5c 5 bytes JMP 000000010025800c
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\SysWOW64\sechost.dll!CloseServiceHandle 00000000765e4dc3 5 bytes JMP 000000010025700c
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000765e567c 5 bytes JMP 000000010025a00c
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000765e589f 5 bytes JMP 000000010025900c
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\SysWOW64\sechost.dll!OpenServiceW 00000000765e714b 5 bytes JMP 000000010025500c
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\SysWOW64\sechost.dll!OpenServiceA 00000000765e7245 5 bytes JMP 000000010025600c
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076811401 2 bytes JMP 75a9b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076811419 2 bytes JMP 75a9b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076811431 2 bytes JMP 75b18f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007681144a 2 bytes CALL 75a7489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
|
|
20.07.2015, 17:59
| #5 |
| | Win7 64-Bit: BlueScreen während GMER-Scan GMER Part II Code:
ATTFilter .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768114dd 2 bytes JMP 75b18822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768114f5 2 bytes JMP 75b189f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007681150d 2 bytes JMP 75b18718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076811525 2 bytes JMP 75b18ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007681153d 2 bytes JMP 75a8fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076811555 2 bytes JMP 75a968ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007681156d 2 bytes JMP 75b18fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076811585 2 bytes JMP 75b18b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007681159d 2 bytes JMP 75b186dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768115b5 2 bytes JMP 75a8fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768115cd 2 bytes JMP 75a9b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768116b2 2 bytes JMP 75b18ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1672] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768116bd 2 bytes JMP 75b18671 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b3e080 5 bytes JMP 0000000100311018
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b3e5d0 5 bytes JMP 0000000100310018
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077b3e680 5 bytes JMP 0000000100312018
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1712] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000778d27e0 5 bytes JMP 0000000100315018
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1712] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000778e1870 5 bytes JMP 0000000100316018
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1712] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077959100 5 bytes JMP 0000000100317018
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1712] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefda157b0 5 bytes JMP 000007ff7f969018
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1712] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefda18770 5 bytes JMP 000007ff7f968018
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1712] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefda18e80 5 bytes JMP 000007ff7f966018
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1712] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefda199f0 5 bytes JMP 000007ff7f96c018
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1712] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefda1ceb0 5 bytes JMP 000007ff7f96d018
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1712] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefda237d0 5 bytes JMP 000007ff7f967018
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1712] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefda26190 5 bytes JMP 000007ff7f96a018
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1712] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefda44310 5 bytes JMP 000007ff7f96b018
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1712] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007feff95642c 5 bytes JMP 000007ff7f963018
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1712] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff956484 5 bytes JMP 000007ff7f960018
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1712] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007feff956518 5 bytes JMP 000007ff7f962018
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1712] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff956c34 5 bytes JMP 000007ff7f961018
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1712] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9575e8 5 bytes JMP 000007ff7f965018
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1712] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff95790c 5 bytes JMP 000007ff7f964018
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077cf0038 5 bytes JMP 00000001001b100c
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077cf0860 5 bytes JMP 00000001001b000c
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077cf0968 5 bytes JMP 00000001001b200c
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a71efe 7 bytes JMP 0000000174423dd0
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a75b9d 7 bytes JMP 00000001744240e0
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a813f9 7 bytes JMP 0000000174423f10
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a8ea45 7 bytes JMP 0000000174423dc0
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\kernel32.dll!OpenMutexA 0000000075a8ec3f 5 bytes JMP 00000001001bc00c
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075a93b62 5 bytes JMP 00000001001be00c
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\kernel32.dll!CreateDirectoryExW 0000000075ae8a31 5 bytes JMP 00000001001bf00c
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075b18ea4 7 bytes JMP 0000000174423b50
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075b18f29 5 bytes JMP 0000000174423c00
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075b19281 5 bytes JMP 0000000174423b60
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\KERNELBASE.dll!GetFileSizeEx 00000000756ace53 5 bytes JMP 00000001001c200c
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\KERNELBASE.dll!GetFileSize 00000000756adff8 5 bytes JMP 00000001001c100c
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 00000000756aeca6 5 bytes JMP 00000001001c300c
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexExW 00000000756b0f0a 5 bytes JMP 00000001001bb00c
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000756b137f 5 bytes JMP 00000001001bd00c
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000756b1d29 5 bytes JMP 0000000174423b00
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000756b1dd7 5 bytes JMP 0000000174423ab0
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000756b2ab1 5 bytes JMP 0000000174423c10
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000756b2d1d 5 bytes JMP 0000000174423890
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\KERNELBASE.dll!TerminateThread 00000000756b3999 5 bytes JMP 00000001001c500c
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 00000000756b3e7e 2 bytes JMP 00000001001c400c
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx + 3 00000000756b3e81 2 bytes [B1, 8A]
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\KERNELBASE.dll!CreateDirectoryW 00000000756b924e 5 bytes JMP 00000001001c000c
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076158a29 5 bytes JMP 0000000174423370
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076164572 5 bytes JMP 0000000174423810
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076167603 5 bytes JMP 00000001001b400c
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007616835c 5 bytes JMP 00000001001b300c
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007617e567 5 bytes JMP 0000000174423880
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000761a07d7 5 bytes JMP 0000000174423280
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000761b7a5c 5 bytes JMP 0000000174423800
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007627d2b4 5 bytes JMP 00000001744233e0
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007627d4ee 5 bytes JMP 00000001744233f0
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\SysWOW64\sechost.dll!ControlService 00000000765e4d5c 5 bytes JMP 00000001001b800c
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\SysWOW64\sechost.dll!CloseServiceHandle 00000000765e4dc3 5 bytes JMP 00000001001b700c
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000765e567c 5 bytes JMP 00000001001ba00c
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000765e589f 5 bytes JMP 00000001001b900c
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\SysWOW64\sechost.dll!OpenServiceW 00000000765e714b 5 bytes JMP 00000001001b500c
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\SysWOW64\sechost.dll!OpenServiceA 00000000765e7245 5 bytes JMP 00000001001b600c
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b85ea5 5 bytes JMP 0000000174423320
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075bb9d0b 5 bytes JMP 00000001744232b0
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076811401 2 bytes JMP 75a9b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076811419 2 bytes JMP 75a9b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076811431 2 bytes JMP 75b18f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007681144a 2 bytes CALL 75a7489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768114dd 2 bytes JMP 75b18822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768114f5 2 bytes JMP 75b189f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007681150d 2 bytes JMP 75b18718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076811525 2 bytes JMP 75b18ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007681153d 2 bytes JMP 75a8fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076811555 2 bytes JMP 75a968ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007681156d 2 bytes JMP 75b18fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076811585 2 bytes JMP 75b18b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007681159d 2 bytes JMP 75b186dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768115b5 2 bytes JMP 75a8fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768115cd 2 bytes JMP 75a9b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768116b2 2 bytes JMP 75b18ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768116bd 2 bytes JMP 75b18671 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\svchost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b3e080 5 bytes JMP 00000001009d1018
.text C:\Windows\system32\svchost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b3e5d0 5 bytes JMP 00000001009d0018
.text C:\Windows\system32\svchost.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077b3e680 5 bytes JMP 00000001009d2018
.text C:\Windows\system32\svchost.exe[1744] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000778d27e0 5 bytes JMP 00000001009d5018
.text C:\Windows\system32\svchost.exe[1744] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000778e1870 5 bytes JMP 00000001009d6018
.text C:\Windows\system32\svchost.exe[1744] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077959100 4 bytes JMP 00000001009d7018
.text C:\Windows\system32\svchost.exe[1744] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefda157b0 5 bytes JMP 000007ff7f969018
.text C:\Windows\system32\svchost.exe[1744] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefda18770 5 bytes JMP 000007ff7f968018
.text C:\Windows\system32\svchost.exe[1744] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefda18e80 5 bytes JMP 000007ff7f966018
.text C:\Windows\system32\svchost.exe[1744] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefda199f0 5 bytes JMP 000007ff7f96c018
.text C:\Windows\system32\svchost.exe[1744] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefda1ceb0 5 bytes JMP 000007ff7f96d018
.text C:\Windows\system32\svchost.exe[1744] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefda237d0 5 bytes JMP 000007ff7f967018
.text C:\Windows\system32\svchost.exe[1744] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefda26190 5 bytes JMP 000007ff7f96a018
.text C:\Windows\system32\svchost.exe[1744] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefda44310 5 bytes JMP 000007ff7f96b018
.text C:\Windows\system32\svchost.exe[1744] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007feff95642c 5 bytes JMP 000007ff7f963018
.text C:\Windows\system32\svchost.exe[1744] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff956484 5 bytes JMP 000007ff7f960018
.text C:\Windows\system32\svchost.exe[1744] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007feff956518 5 bytes JMP 000007ff7f962018
.text C:\Windows\system32\svchost.exe[1744] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff956c34 5 bytes JMP 000007ff7f961018
.text C:\Windows\system32\svchost.exe[1744] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9575e8 5 bytes JMP 000007ff7f965018
.text C:\Windows\system32\svchost.exe[1744] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff95790c 5 bytes JMP 000007ff7f964018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b3e080 5 bytes JMP 00000001007e1018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b3e5d0 5 bytes JMP 00000001007e0018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077b3e680 5 bytes JMP 00000001007e2018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1988] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000778d27e0 5 bytes JMP 00000001007e5018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1988] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000778e1870 5 bytes JMP 00000001007e6018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1988] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077959100 5 bytes JMP 00000001007e7018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1988] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefda157b0 5 bytes JMP 000007ff7f969018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1988] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefda18770 5 bytes JMP 000007ff7f968018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1988] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefda18e80 5 bytes JMP 000007ff7f966018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1988] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefda199f0 5 bytes JMP 000007ff7f96c018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1988] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefda1ceb0 5 bytes JMP 000007ff7f96d018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1988] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefda237d0 5 bytes JMP 000007ff7f967018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1988] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefda26190 5 bytes JMP 000007ff7f96a018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1988] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefda44310 5 bytes JMP 000007ff7f96b018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1988] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007feff95642c 5 bytes JMP 000007ff7f963018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1988] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff956484 5 bytes JMP 000007ff7f960018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1988] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007feff956518 5 bytes JMP 000007ff7f962018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1988] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff956c34 5 bytes JMP 000007ff7f961018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1988] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9575e8 5 bytes JMP 000007ff7f965018
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1988] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff95790c 5 bytes JMP 000007ff7f964018
.text C:\Windows\system32\nvvsvc.exe[1996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b3e080 5 bytes JMP 00000001003b1018
.text C:\Windows\system32\nvvsvc.exe[1996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b3e5d0 5 bytes JMP 00000001003b0018
.text C:\Windows\system32\nvvsvc.exe[1996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077b3e680 5 bytes JMP 00000001003b2018
.text C:\Windows\system32\nvvsvc.exe[1996] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000778d27e0 5 bytes JMP 00000001003b5018
.text C:\Windows\system32\nvvsvc.exe[1996] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000778e1870 5 bytes JMP 00000001003b6018
.text C:\Windows\system32\nvvsvc.exe[1996] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077959100 5 bytes JMP 00000001003b7018
.text C:\Windows\system32\nvvsvc.exe[1996] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefda157b0 5 bytes JMP 000007ff7f969018
.text C:\Windows\system32\nvvsvc.exe[1996] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefda18770 5 bytes JMP 000007ff7f968018
.text C:\Windows\system32\nvvsvc.exe[1996] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefda18e80 5 bytes JMP 000007ff7f966018
.text C:\Windows\system32\nvvsvc.exe[1996] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefda199f0 5 bytes JMP 000007ff7f96c018
.text C:\Windows\system32\nvvsvc.exe[1996] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefda1ceb0 5 bytes JMP 000007ff7f96d018
.text C:\Windows\system32\nvvsvc.exe[1996] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefda237d0 5 bytes JMP 000007ff7f967018
.text C:\Windows\system32\nvvsvc.exe[1996] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefda26190 5 bytes JMP 000007ff7f96a018
.text C:\Windows\system32\nvvsvc.exe[1996] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefda44310 5 bytes JMP 000007ff7f96b018
.text C:\Windows\system32\nvvsvc.exe[1996] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007feff95642c 5 bytes JMP 000007ff7f963018
.text C:\Windows\system32\nvvsvc.exe[1996] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff956484 5 bytes JMP 000007ff7f960018
.text C:\Windows\system32\nvvsvc.exe[1996] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007feff956518 5 bytes JMP 000007ff7f962018
.text C:\Windows\system32\nvvsvc.exe[1996] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff956c34 5 bytes JMP 000007ff7f961018
.text C:\Windows\system32\nvvsvc.exe[1996] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9575e8 5 bytes JMP 000007ff7f965018
.text C:\Windows\system32\nvvsvc.exe[1996] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff95790c 5 bytes JMP 000007ff7f964018
.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1064] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077cf0038 5 bytes JMP 000000010003100c
.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1064] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077cf0860 5 bytes JMP 000000010003000c
.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1064] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077cf0968 5 bytes JMP 000000010003200c
.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1064] C:\Windows\syswow64\kernel32.dll!OpenMutexA 0000000075a8ec3f 5 bytes JMP 000000010003a00c
.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1064] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075a93b62 5 bytes JMP 000000010003c00c
.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1064] C:\Windows\syswow64\kernel32.dll!CreateDirectoryExW 0000000075ae8a31 5 bytes JMP 000000010003d00c
.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1064] C:\Windows\syswow64\KERNELBASE.dll!GetFileSizeEx 00000000756ace53 5 bytes JMP 000000010008000c
.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1064] C:\Windows\syswow64\KERNELBASE.dll!GetFileSize 00000000756adff8 5 bytes JMP 000000010003f00c
.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1064] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 00000000756aeca6 5 bytes JMP 000000010008100c
.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1064] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexExW 00000000756b0f0a 5 bytes JMP 000000010003900c
.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1064] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000756b137f 5 bytes JMP 000000010003b00c
.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1064] C:\Windows\syswow64\KERNELBASE.dll!TerminateThread 00000000756b3999 5 bytes JMP 000000010008300c
.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1064] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 00000000756b3e7e 5 bytes JMP 000000010008200c
.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1064] C:\Windows\syswow64\KERNELBASE.dll!CreateDirectoryW 00000000756b924e 5 bytes JMP 000000010003e00c
.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1064] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076811401 2 bytes JMP 75a9b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1064] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076811419 2 bytes JMP 75a9b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076811431 2 bytes JMP 75b18f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007681144a 2 bytes CALL 75a7489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1064] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768114dd 2 bytes JMP 75b18822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1064] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768114f5 2 bytes JMP 75b189f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1064] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007681150d 2 bytes JMP 75b18718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1064] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076811525 2 bytes JMP 75b18ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1064] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007681153d 2 bytes JMP 75a8fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1064] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076811555 2 bytes JMP 75a968ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1064] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007681156d 2 bytes JMP 75b18fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1064] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076811585 2 bytes JMP 75b18b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1064] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007681159d 2 bytes JMP 75b186dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1064] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768115b5 2 bytes JMP 75a8fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1064] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768115cd 2 bytes JMP 75a9b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1064] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768116b2 2 bytes JMP 75b18ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[1064] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768116bd 2 bytes JMP 75b18671 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1316] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077cf0038 5 bytes JMP 00000001001c100c
.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1316] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077cf0860 5 bytes JMP 00000001001c000c
.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1316] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077cf0968 5 bytes JMP 00000001001c200c
.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1316] C:\Windows\syswow64\kernel32.dll!OpenMutexA 0000000075a8ec3f 5 bytes JMP 00000001001cc00c
.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1316] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075a93b62 5 bytes JMP 00000001001ce00c
.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1316] C:\Windows\syswow64\kernel32.dll!CreateDirectoryExW 0000000075ae8a31 5 bytes JMP 00000001001cf00c
.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1316] C:\Windows\syswow64\KERNELBASE.dll!GetFileSizeEx 00000000756ace53 5 bytes JMP 00000001001d200c
.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1316] C:\Windows\syswow64\KERNELBASE.dll!GetFileSize 00000000756adff8 5 bytes JMP 00000001001d100c
.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1316] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 00000000756aeca6 5 bytes JMP 00000001001d300c
.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1316] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexExW 00000000756b0f0a 5 bytes JMP 00000001001cb00c
.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1316] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000756b137f 5 bytes JMP 00000001001cd00c
.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1316] C:\Windows\syswow64\KERNELBASE.dll!TerminateThread 00000000756b3999 5 bytes JMP 00000001001d500c
.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1316] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 00000000756b3e7e 2 bytes JMP 00000001001d400c
.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1316] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx + 3 00000000756b3e81 2 bytes [B2, 8A]
.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1316] C:\Windows\syswow64\KERNELBASE.dll!CreateDirectoryW 00000000756b924e 5 bytes JMP 00000001001d000c
.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1316] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076167603 5 bytes JMP 00000001001c400c
.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1316] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007616835c 5 bytes JMP 00000001001c300c
.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1316] C:\Windows\SysWOW64\sechost.dll!ControlService 00000000765e4d5c 5 bytes JMP 00000001001c800c
.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1316] C:\Windows\SysWOW64\sechost.dll!CloseServiceHandle 00000000765e4dc3 5 bytes JMP 00000001001c700c
.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1316] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000765e567c 5 bytes JMP 00000001001ca00c
.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1316] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000765e589f 5 bytes JMP 00000001001c900c
.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1316] C:\Windows\SysWOW64\sechost.dll!OpenServiceW 00000000765e714b 5 bytes JMP 00000001001c500c
.text C:\Program Files\Acer\Acer Updater\UpdaterService.exe[1316] C:\Windows\SysWOW64\sechost.dll!OpenServiceA 00000000765e7245 5 bytes JMP 00000001001c600c
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077cf0038 5 bytes JMP 0000000101fe100c
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077cf0860 5 bytes JMP 0000000101fe000c
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077cf0968 5 bytes JMP 0000000101fe200c
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\syswow64\kernel32.dll!OpenMutexA 0000000075a8ec3f 5 bytes JMP 0000000101fec00c
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075a93b62 5 bytes JMP 0000000101fee00c
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\syswow64\kernel32.dll!CreateDirectoryExW 0000000075ae8a31 5 bytes JMP 0000000101fef00c
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\syswow64\KERNELBASE.dll!GetFileSizeEx 00000000756ace53 5 bytes JMP 0000000101ff200c
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\syswow64\KERNELBASE.dll!GetFileSize 00000000756adff8 5 bytes JMP 0000000101ff100c
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 00000000756aeca6 5 bytes JMP 0000000101ff300c
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexExW 00000000756b0f0a 5 bytes JMP 0000000101feb00c
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000756b137f 5 bytes JMP 0000000101fed00c
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\syswow64\KERNELBASE.dll!TerminateThread 00000000756b3999 5 bytes JMP 0000000101ff500c
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 00000000756b3e7e 2 bytes JMP 0000000101ff400c
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx + 3 00000000756b3e81 2 bytes [94, 8C]
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\syswow64\KERNELBASE.dll!CreateDirectoryW 00000000756b924e 5 bytes JMP 0000000101ff000c
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076167603 5 bytes JMP 0000000101fe400c
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007616835c 5 bytes JMP 0000000101fe300c
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\SysWOW64\sechost.dll!ControlService 00000000765e4d5c 5 bytes JMP 0000000101fe800c
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\SysWOW64\sechost.dll!CloseServiceHandle 00000000765e4dc3 5 bytes JMP 0000000101fe700c
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000765e567c 3 bytes JMP 0000000101fea00c
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 4 00000000765e5680 1 byte [8B]
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000765e589f 5 bytes JMP 0000000101fe900c
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\SysWOW64\sechost.dll!OpenServiceW 00000000765e714b 5 bytes JMP 0000000101fe500c
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\SysWOW64\sechost.dll!OpenServiceA 00000000765e7245 5 bytes JMP 0000000101fe600c
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076811401 2 bytes JMP 75a9b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076811419 2 bytes JMP 75a9b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076811431 2 bytes JMP 75b18f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007681144a 2 bytes CALL 75a7489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768114dd 2 bytes JMP 75b18822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768114f5 2 bytes JMP 75b189f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007681150d 2 bytes JMP 75b18718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076811525 2 bytes JMP 75b18ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007681153d 2 bytes JMP 75a8fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076811555 2 bytes JMP 75a968ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007681156d 2 bytes JMP 75b18fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076811585 2 bytes JMP 75b18b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007681159d 2 bytes JMP 75b186dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768115b5 2 bytes JMP 75a8fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768115cd 2 bytes JMP 75a9b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768116b2 2 bytes JMP 75b18ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1920] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768116bd 2 bytes JMP 75b18671 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1528] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077cf0038 5 bytes JMP 00000001000c100c
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1528] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077cf0860 5 bytes JMP 00000001000c000c
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1528] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077cf0968 5 bytes JMP 00000001000c200c
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1528] C:\Windows\syswow64\kernel32.dll!OpenMutexA 0000000075a8ec3f 5 bytes JMP 00000001000cc00c
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1528] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075a93b62 5 bytes JMP 00000001000ce00c
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1528] C:\Windows\syswow64\kernel32.dll!CreateDirectoryExW 0000000075ae8a31 5 bytes JMP 00000001000cf00c
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1528] C:\Windows\syswow64\KERNELBASE.dll!GetFileSizeEx 00000000756ace53 5 bytes JMP 000000010011200c
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1528] C:\Windows\syswow64\KERNELBASE.dll!GetFileSize 00000000756adff8 5 bytes JMP 000000010011100c
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1528] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 00000000756aeca6 5 bytes JMP 000000010011300c
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1528] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexExW 00000000756b0f0a 5 bytes JMP 00000001000cb00c
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1528] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000756b137f 5 bytes JMP 00000001000cd00c
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1528] C:\Windows\syswow64\KERNELBASE.dll!TerminateThread 00000000756b3999 5 bytes JMP 000000010011500c
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1528] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 00000000756b3e7e 2 bytes JMP 000000010011400c
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1528] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx + 3 00000000756b3e81 2 bytes [A6, 8A]
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1528] C:\Windows\syswow64\KERNELBASE.dll!CreateDirectoryW 00000000756b924e 5 bytes JMP 000000010011000c
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1528] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076167603 5 bytes JMP 00000001000c400c
.text C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1528] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007616835c 5 bytes JMP 00000001000c300c
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b3e080 5 bytes JMP 0000000100541018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b3e5d0 5 bytes JMP 0000000100540018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077b3e680 5 bytes JMP 0000000100542018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2076] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000778d27e0 5 bytes JMP 0000000100545018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2076] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000778e1870 5 bytes JMP 0000000100546018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2076] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077959100 5 bytes JMP 0000000100547018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2076] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefda157b0 5 bytes JMP 000007ff7f969018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2076] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefda18770 5 bytes JMP 000007ff7f968018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2076] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefda18e80 5 bytes JMP 000007ff7f966018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2076] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefda199f0 5 bytes JMP 000007ff7f96c018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2076] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefda1ceb0 5 bytes JMP 000007ff7f96d018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2076] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefda237d0 5 bytes JMP 000007ff7f967018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2076] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefda26190 5 bytes JMP 000007ff7f96a018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2076] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefda44310 5 bytes JMP 000007ff7f96b018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2076] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007feff95642c 5 bytes JMP 000007ff7f963018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2076] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff956484 5 bytes JMP 000007ff7f960018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2076] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007feff956518 5 bytes JMP 000007ff7f962018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2076] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff956c34 5 bytes JMP 000007ff7f961018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2076] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9575e8 5 bytes JMP 000007ff7f965018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2076] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff95790c 5 bytes JMP 000007ff7f964018
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077cf0038 5 bytes JMP 00000001003e100c
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077cf0860 5 bytes JMP 00000001003e000c
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077cf0968 5 bytes JMP 00000001003e200c
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\syswow64\kernel32.dll!OpenMutexA 0000000075a8ec3f 5 bytes JMP 00000001003ec00c
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075a93b62 5 bytes JMP 00000001003ee00c
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\syswow64\kernel32.dll!CreateDirectoryExW 0000000075ae8a31 5 bytes JMP 00000001003ef00c
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\syswow64\KERNELBASE.dll!GetFileSizeEx 00000000756ace53 5 bytes JMP 00000001003f200c
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\syswow64\KERNELBASE.dll!GetFileSize 00000000756adff8 5 bytes JMP 00000001003f100c
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 00000000756aeca6 5 bytes JMP 00000001003f300c
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexExW 00000000756b0f0a 5 bytes JMP 00000001003eb00c
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000756b137f 5 bytes JMP 00000001003ed00c
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\syswow64\KERNELBASE.dll!TerminateThread 00000000756b3999 5 bytes JMP 00000001003f500c
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 00000000756b3e7e 2 bytes JMP 00000001003f400c
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx + 3 00000000756b3e81 2 bytes [D4, 8A]
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\syswow64\KERNELBASE.dll!CreateDirectoryW 00000000756b924e 5 bytes JMP 00000001003f000c
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\SysWOW64\sechost.dll!ControlService 00000000765e4d5c 5 bytes JMP 00000001003e800c
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\SysWOW64\sechost.dll!CloseServiceHandle 00000000765e4dc3 5 bytes JMP 00000001003e700c
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000765e567c 5 bytes JMP 00000001003ea00c
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000765e589f 5 bytes JMP 00000001003e900c
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\SysWOW64\sechost.dll!OpenServiceW 00000000765e714b 5 bytes JMP 00000001003e500c
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\SysWOW64\sechost.dll!OpenServiceA 00000000765e7245 5 bytes JMP 00000001003e600c
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076167603 5 bytes JMP 00000001003e400c
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007616835c 5 bytes JMP 00000001003e300c
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076811401 2 bytes JMP 75a9b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076811419 2 bytes JMP 75a9b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076811431 2 bytes JMP 75b18f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007681144a 2 bytes CALL 75a7489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
|
|
20.07.2015, 18:01
| #6 |
| | Win7 64-Bit: BlueScreen während GMER-Scan GMER Part III Code:
ATTFilter .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768114dd 2 bytes JMP 75b18822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768114f5 2 bytes JMP 75b189f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007681150d 2 bytes JMP 75b18718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076811525 2 bytes JMP 75b18ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007681153d 2 bytes JMP 75a8fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076811555 2 bytes JMP 75a968ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007681156d 2 bytes JMP 75b18fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076811585 2 bytes JMP 75b18b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007681159d 2 bytes JMP 75b186dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768115b5 2 bytes JMP 75a8fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768115cd 2 bytes JMP 75a9b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768116b2 2 bytes JMP 75b18ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[2164] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768116bd 2 bytes JMP 75b18671 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\svchost.exe[2276] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000778d27e0 5 bytes JMP 00000001001b5018
.text C:\Windows\system32\svchost.exe[2276] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000778e1870 5 bytes JMP 00000001001b6018
.text C:\Windows\system32\svchost.exe[2276] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077959100 5 bytes JMP 00000001001b7018
.text C:\Windows\system32\svchost.exe[2276] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefda157b0 5 bytes JMP 000007ff7f969018
.text C:\Windows\system32\svchost.exe[2276] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefda18770 5 bytes JMP 000007ff7f968018
.text C:\Windows\system32\svchost.exe[2276] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefda18e80 5 bytes JMP 000007ff7f966018
.text C:\Windows\system32\svchost.exe[2276] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefda199f0 5 bytes JMP 000007ff7f96c018
.text C:\Windows\system32\svchost.exe[2276] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefda1ceb0 5 bytes JMP 000007ff7f96d018
.text C:\Windows\system32\svchost.exe[2276] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefda237d0 5 bytes JMP 000007ff7f967018
.text C:\Windows\system32\svchost.exe[2276] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefda26190 5 bytes JMP 000007ff7f96a018
.text C:\Windows\system32\svchost.exe[2276] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefda44310 5 bytes JMP 000007ff7f96b018
.text C:\Windows\system32\svchost.exe[2276] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007feff95642c 5 bytes JMP 000007ff7f963018
.text C:\Windows\system32\svchost.exe[2276] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff956484 5 bytes JMP 000007ff7f960018
.text C:\Windows\system32\svchost.exe[2276] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007feff956518 5 bytes JMP 000007ff7f962018
.text C:\Windows\system32\svchost.exe[2276] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff956c34 5 bytes JMP 000007ff7f961018
.text C:\Windows\system32\svchost.exe[2276] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9575e8 5 bytes JMP 000007ff7f965018
.text C:\Windows\system32\svchost.exe[2276] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff95790c 5 bytes JMP 000007ff7f964018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b3e080 5 bytes JMP 00000001007f1018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b3e5d0 5 bytes JMP 00000001007f0018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077b3e680 5 bytes JMP 00000001007f2018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2356] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000778d27e0 5 bytes JMP 00000001007f5018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2356] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000778e1870 5 bytes JMP 00000001007f6018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2356] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077959100 5 bytes JMP 00000001007f7018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2356] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefda157b0 5 bytes JMP 000007ff7f969018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2356] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefda18770 5 bytes JMP 000007ff7f968018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2356] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefda18e80 5 bytes JMP 000007ff7f966018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2356] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefda199f0 5 bytes JMP 000007ff7f96c018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2356] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefda1ceb0 5 bytes JMP 000007ff7f96d018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2356] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefda237d0 5 bytes JMP 000007ff7f967018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2356] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefda26190 5 bytes JMP 000007ff7f96a018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2356] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefda44310 5 bytes JMP 000007ff7f96b018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2356] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007feff95642c 5 bytes JMP 000007ff7f963018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2356] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff956484 5 bytes JMP 000007ff7f960018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2356] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007feff956518 5 bytes JMP 000007ff7f962018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2356] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff956c34 5 bytes JMP 000007ff7f961018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2356] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9575e8 5 bytes JMP 000007ff7f965018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2356] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff95790c 5 bytes JMP 000007ff7f964018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2660] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000778d27e0 5 bytes JMP 0000000100075018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2660] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000778e1870 5 bytes JMP 0000000100076018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2660] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077959100 5 bytes JMP 0000000100077018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2660] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefda157b0 5 bytes JMP 000007ff7f969018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2660] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefda18770 5 bytes JMP 000007ff7f968018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2660] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefda18e80 5 bytes JMP 000007ff7f966018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2660] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefda199f0 5 bytes JMP 000007ff7f96c018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2660] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefda1ceb0 5 bytes JMP 000007ff7f96d018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2660] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefda237d0 5 bytes JMP 000007ff7f967018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2660] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefda26190 5 bytes JMP 000007ff7f96a018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2660] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefda44310 5 bytes JMP 000007ff7f96b018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2660] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007feff95642c 5 bytes JMP 000007ff7f963018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2660] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff956484 5 bytes JMP 000007ff7f960018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2660] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007feff956518 5 bytes JMP 000007ff7f962018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2660] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff956c34 5 bytes JMP 000007ff7f961018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2660] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9575e8 5 bytes JMP 000007ff7f965018
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2660] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff95790c 5 bytes JMP 000007ff7f964018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b3e080 5 bytes JMP 0000000100361018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b3e5d0 5 bytes JMP 0000000100360018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077b3e680 5 bytes JMP 0000000100362018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2824] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000778d27e0 5 bytes JMP 0000000100365018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2824] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000778e1870 5 bytes JMP 0000000100366018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2824] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077959100 5 bytes JMP 0000000100367018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2824] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefda157b0 5 bytes JMP 000007ff7f969018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2824] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefda18770 5 bytes JMP 000007ff7f968018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2824] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefda18e80 5 bytes JMP 000007ff7f966018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2824] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefda199f0 5 bytes JMP 000007ff7f96c018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2824] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefda1ceb0 5 bytes JMP 000007ff7f96d018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2824] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefda237d0 5 bytes JMP 000007ff7f967018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2824] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefda26190 5 bytes JMP 000007ff7f96a018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2824] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefda44310 5 bytes JMP 000007ff7f96b018
.text C:\Windows\system32\taskhost.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b3e080 5 bytes JMP 0000000101c41018
.text C:\Windows\system32\taskhost.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b3e5d0 5 bytes JMP 0000000101c40018
.text C:\Windows\system32\taskhost.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077b3e680 5 bytes JMP 0000000101c42018
.text C:\Windows\system32\taskhost.exe[2072] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000778d27e0 5 bytes JMP 0000000101c45018
.text C:\Windows\system32\taskhost.exe[2072] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000778e1870 5 bytes JMP 0000000101c46018
.text C:\Windows\system32\taskhost.exe[2072] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077959100 5 bytes JMP 0000000101c47018
.text C:\Windows\system32\taskhost.exe[2072] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefda157b0 5 bytes JMP 000007ff7f969018
.text C:\Windows\system32\taskhost.exe[2072] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefda18770 5 bytes JMP 000007ff7f968018
.text C:\Windows\system32\taskhost.exe[2072] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefda18e80 5 bytes JMP 000007ff7f966018
.text C:\Windows\system32\taskhost.exe[2072] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefda199f0 5 bytes JMP 000007ff7f96c018
.text C:\Windows\system32\taskhost.exe[2072] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefda1ceb0 5 bytes JMP 000007ff7f96d018
.text C:\Windows\system32\taskhost.exe[2072] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefda237d0 5 bytes JMP 000007ff7f967018
.text C:\Windows\system32\taskhost.exe[2072] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefda26190 5 bytes JMP 000007ff7f96a018
.text C:\Windows\system32\taskhost.exe[2072] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefda44310 5 bytes JMP 000007ff7f96b018
.text C:\Windows\system32\taskhost.exe[2072] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007feff95642c 5 bytes JMP 000007ff7f963018
.text C:\Windows\system32\taskhost.exe[2072] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff956484 5 bytes JMP 000007ff7f960018
.text C:\Windows\system32\taskhost.exe[2072] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007feff956518 5 bytes JMP 000007ff7f962018
.text C:\Windows\system32\taskhost.exe[2072] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff956c34 5 bytes JMP 000007ff7f961018
.text C:\Windows\system32\taskhost.exe[2072] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9575e8 5 bytes JMP 000007ff7f965018
.text C:\Windows\system32\taskhost.exe[2072] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff95790c 5 bytes JMP 000007ff7f964018
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b3e080 5 bytes JMP 0000000103831018
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b3e5d0 5 bytes JMP 0000000103830018
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077b3e680 5 bytes JMP 0000000103832018
.text C:\Windows\Explorer.EXE[3084] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000778d27e0 5 bytes JMP 0000000103835018
.text C:\Windows\Explorer.EXE[3084] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000778e1870 5 bytes JMP 0000000103836018
.text C:\Windows\Explorer.EXE[3084] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077959100 5 bytes JMP 0000000103837018
.text C:\Windows\Explorer.EXE[3084] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefda157b0 5 bytes JMP 000007ff7f969018
.text C:\Windows\Explorer.EXE[3084] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefda18770 5 bytes JMP 000007ff7f968018
.text C:\Windows\Explorer.EXE[3084] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefda18e80 5 bytes JMP 000007ff7f966018
.text C:\Windows\Explorer.EXE[3084] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefda199f0 5 bytes JMP 000007ff7f96c018
.text C:\Windows\Explorer.EXE[3084] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefda1ceb0 5 bytes JMP 000007ff7f96d018
.text C:\Windows\Explorer.EXE[3084] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefda237d0 5 bytes JMP 000007ff7f967018
.text C:\Windows\Explorer.EXE[3084] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefda26190 5 bytes JMP 000007ff7f96a018
.text C:\Windows\Explorer.EXE[3084] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefda44310 5 bytes JMP 000007ff7f96b018
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007feff95642c 5 bytes JMP 000007ff7f963018
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff956484 5 bytes JMP 000007ff7f960018
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007feff956518 5 bytes JMP 000007ff7f962018
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff956c34 5 bytes JMP 000007ff7f961018
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9575e8 5 bytes JMP 000007ff7f965018
.text C:\Windows\Explorer.EXE[3084] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff95790c 5 bytes JMP 000007ff7f964018
.text C:\Windows\Explorer.EXE[3084] C:\Windows\system32\USER32.dll!SetWindowsHookExW 00000000779ff874 5 bytes JMP 0000000103834018
.text C:\Windows\Explorer.EXE[3084] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077a18c20 5 bytes JMP 0000000103833018
.text C:\Windows\system32\Dwm.exe[3136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b3e080 5 bytes JMP 0000000101ba1018
.text C:\Windows\system32\Dwm.exe[3136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b3e5d0 5 bytes JMP 0000000101ba0018
.text C:\Windows\system32\Dwm.exe[3136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077b3e680 5 bytes JMP 0000000101ba2018
.text C:\Windows\system32\Dwm.exe[3136] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000778d27e0 5 bytes JMP 0000000101ba5018
.text C:\Windows\system32\Dwm.exe[3136] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000778e1870 5 bytes JMP 0000000101ba6018
.text C:\Windows\system32\Dwm.exe[3136] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077959100 5 bytes JMP 0000000101ba7018
.text C:\Windows\system32\Dwm.exe[3136] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefda157b0 5 bytes JMP 000007ff7f969018
.text C:\Windows\system32\Dwm.exe[3136] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefda18770 5 bytes JMP 000007ff7f968018
.text C:\Windows\system32\Dwm.exe[3136] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefda18e80 5 bytes JMP 000007ff7f966018
.text C:\Windows\system32\Dwm.exe[3136] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefda199f0 5 bytes JMP 000007ff7f96c018
.text C:\Windows\system32\Dwm.exe[3136] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefda1ceb0 5 bytes JMP 000007ff7f96d018
.text C:\Windows\system32\Dwm.exe[3136] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefda237d0 5 bytes JMP 000007ff7f967018
.text C:\Windows\system32\Dwm.exe[3136] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefda26190 5 bytes JMP 000007ff7f96a018
.text C:\Windows\system32\Dwm.exe[3136] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefda44310 5 bytes JMP 000007ff7f96b018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b3e080 5 bytes JMP 0000000100471018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b3e5d0 5 bytes JMP 0000000100470018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077b3e680 5 bytes JMP 0000000100472018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3484] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000778d27e0 5 bytes JMP 0000000100475018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3484] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000778e1870 5 bytes JMP 0000000100476018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3484] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077959100 5 bytes JMP 0000000100477018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3484] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefda157b0 5 bytes JMP 000007ff7f969018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3484] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefda18770 5 bytes JMP 000007ff7f968018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3484] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefda18e80 5 bytes JMP 000007ff7f966018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3484] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefda199f0 5 bytes JMP 000007ff7f96c018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3484] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefda1ceb0 5 bytes JMP 000007ff7f96d018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3484] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefda237d0 5 bytes JMP 000007ff7f967018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3484] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefda26190 5 bytes JMP 000007ff7f96a018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3484] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefda44310 5 bytes JMP 000007ff7f96b018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3484] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007feff95642c 5 bytes JMP 000007ff7f963018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3484] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff956484 5 bytes JMP 000007ff7f960018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3484] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007feff956518 5 bytes JMP 000007ff7f962018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3484] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff956c34 5 bytes JMP 000007ff7f961018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3484] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9575e8 5 bytes JMP 000007ff7f965018
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3484] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff95790c 5 bytes JMP 000007ff7f964018
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077cf0038 5 bytes JMP 000000010023100c
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077cf0860 5 bytes JMP 000000010023000c
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077cf0968 5 bytes JMP 000000010023200c
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a71efe 7 bytes JMP 0000000174423dd0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a75b9d 7 bytes JMP 00000001744240e0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a813f9 7 bytes JMP 0000000174423f10
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a8ea45 7 bytes JMP 0000000174423dc0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\kernel32.dll!OpenMutexA 0000000075a8ec3f 5 bytes JMP 000000010023c00c
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075a93b62 5 bytes JMP 000000010023e00c
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\kernel32.dll!CreateDirectoryExW 0000000075ae8a31 5 bytes JMP 000000010023f00c
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075b18ea4 7 bytes JMP 0000000174423b50
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075b18f29 5 bytes JMP 0000000174423c00
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075b19281 5 bytes JMP 0000000174423b60
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\KERNELBASE.dll!GetFileSizeEx 00000000756ace53 5 bytes JMP 000000010024200c
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\KERNELBASE.dll!GetFileSize 00000000756adff8 5 bytes JMP 000000010024100c
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 00000000756aeca6 5 bytes JMP 000000010024300c
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexExW 00000000756b0f0a 5 bytes JMP 000000010023b00c
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000756b137f 5 bytes JMP 000000010023d00c
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000756b1d29 5 bytes JMP 0000000174423b00
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000756b1dd7 5 bytes JMP 0000000174423ab0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000756b2ab1 5 bytes JMP 0000000174423c10
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000756b2d1d 5 bytes JMP 0000000174423890
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\KERNELBASE.dll!TerminateThread 00000000756b3999 5 bytes JMP 000000010024500c
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 00000000756b3e7e 2 bytes JMP 000000010024400c
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx + 3 00000000756b3e81 2 bytes [B9, 8A]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\KERNELBASE.dll!CreateDirectoryW 00000000756b924e 5 bytes JMP 000000010024000c
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\SysWOW64\sechost.dll!ControlService 00000000765e4d5c 5 bytes JMP 000000010023800c
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\SysWOW64\sechost.dll!CloseServiceHandle 00000000765e4dc3 5 bytes JMP 000000010023700c
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000765e567c 5 bytes JMP 000000010023a00c
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000765e589f 5 bytes JMP 000000010023900c
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\SysWOW64\sechost.dll!OpenServiceW 00000000765e714b 5 bytes JMP 000000010023500c
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\SysWOW64\sechost.dll!OpenServiceA 00000000765e7245 5 bytes JMP 000000010023600c
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076158a29 5 bytes JMP 0000000174423370
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076164572 5 bytes JMP 0000000174423810
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076167603 5 bytes JMP 000000010023400c
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007616835c 5 bytes JMP 000000010023300c
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007617e567 5 bytes JMP 0000000174423880
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000761a07d7 5 bytes JMP 0000000174423280
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000761b7a5c 5 bytes JMP 0000000174423800
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007627d2b4 5 bytes JMP 00000001744233e0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007627d4ee 5 bytes JMP 00000001744233f0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b85ea5 5 bytes JMP 0000000174423320
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075bb9d0b 5 bytes JMP 00000001744232b0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076811401 2 bytes JMP 75a9b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076811419 2 bytes JMP 75a9b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076811431 2 bytes JMP 75b18f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007681144a 2 bytes CALL 75a7489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768114dd 2 bytes JMP 75b18822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768114f5 2 bytes JMP 75b189f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007681150d 2 bytes JMP 75b18718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076811525 2 bytes JMP 75b18ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007681153d 2 bytes JMP 75a8fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076811555 2 bytes JMP 75a968ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007681156d 2 bytes JMP 75b18fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076811585 2 bytes JMP 75b18b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007681159d 2 bytes JMP 75b186dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768115b5 2 bytes JMP 75a8fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768115cd 2 bytes JMP 75a9b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768116b2 2 bytes JMP 75b18ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3760] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768116bd 2 bytes JMP 75b18671 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[4228] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a71efe 7 bytes JMP 0000000174423dd0
.text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[4228] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a75b9d 7 bytes JMP 00000001744240e0
.text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[4228] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a813f9 7 bytes JMP 0000000174423f10
.text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[4228] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a8ea45 7 bytes JMP 0000000174423dc0
.text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[4228] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075b18ea4 7 bytes JMP 0000000174423b50
.text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[4228] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075b18f29 5 bytes JMP 0000000174423c00
.text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[4228] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075b19281 5 bytes JMP 0000000174423b60
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4308] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000075a71efe 7 bytes JMP 0000000174423dd0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4308] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000075a75b9d 7 bytes JMP 00000001744240e0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4308] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000075a813f9 7 bytes JMP 0000000174423f10
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4308] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 0000000075a8ea45 7 bytes JMP 0000000174423dc0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4308] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000075b18ea4 7 bytes JMP 0000000174423b50
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4308] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000075b18f29 5 bytes JMP 0000000174423c00
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4308] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000075b19281 5 bytes JMP 0000000174423b60
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4308] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000756b1d29 5 bytes JMP 0000000174423b00
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4308] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000756b1dd7 5 bytes JMP 0000000174423ab0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4308] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000756b2ab1 5 bytes JMP 0000000174423c10
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4308] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000756b2d1d 5 bytes JMP 0000000174423890
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4308] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007627d2b4 5 bytes JMP 00000001744233e0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4308] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007627d4ee 5 bytes JMP 00000001744233f0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4308] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076158a29 5 bytes JMP 0000000174423370
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4308] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076164572 5 bytes JMP 0000000174423810
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4308] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007617e567 5 bytes JMP 0000000174423880
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4308] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000761a07d7 5 bytes JMP 0000000174423280
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4308] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000761b7a5c 5 bytes JMP 0000000174423800
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4308] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b85ea5 5 bytes JMP 0000000174423320
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4308] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075bb9d0b 5 bytes JMP 00000001744232b0
.text C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe[4316] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a71efe 7 bytes JMP 0000000174423dd0
.text C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe[4316] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a75b9d 7 bytes JMP 00000001744240e0
.text C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe[4316] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a813f9 7 bytes JMP 0000000174423f10
.text C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe[4316] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a8ea45 7 bytes JMP 0000000174423dc0
.text C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe[4316] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075b18ea4 7 bytes JMP 0000000174423b50
.text C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe[4316] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075b18f29 5 bytes JMP 0000000174423c00
.text C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe[4316] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075b19281 5 bytes JMP 0000000174423b60
.text C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe[4316] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000756b1d29 5 bytes JMP 0000000174423b00
.text C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe[4316] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000756b1dd7 5 bytes JMP 0000000174423ab0
.text C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe[4316] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000756b2ab1 5 bytes JMP 0000000174423c10
.text C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe[4316] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000756b2d1d 5 bytes JMP 0000000174423890
.text C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe[4316] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076158a29 5 bytes JMP 0000000174423370
.text C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe[4316] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076164572 5 bytes JMP 0000000174423810
.text C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe[4316] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007617e567 5 bytes JMP 0000000174423880
.text C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe[4316] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000761a07d7 5 bytes JMP 0000000174423280
.text C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe[4316] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000761b7a5c 5 bytes JMP 0000000174423800
.text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4352] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a71efe 7 bytes JMP 0000000174423dd0
.text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4352] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a75b9d 7 bytes JMP 00000001744240e0
.text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4352] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a813f9 7 bytes JMP 0000000174423f10
.text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4352] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a8ea45 7 bytes JMP 0000000174423dc0
.text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4352] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075b18ea4 7 bytes JMP 0000000174423b50
.text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4352] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075b18f29 5 bytes JMP 0000000174423c00
.text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4352] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075b19281 5 bytes JMP 0000000174423b60
.text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4352] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000756b1d29 5 bytes JMP 0000000174423b00
.text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4352] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000756b1dd7 5 bytes JMP 0000000174423ab0
.text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4352] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000756b2ab1 5 bytes JMP 0000000174423c10
.text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4352] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000756b2d1d 5 bytes JMP 0000000174423890
.text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4352] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076158a29 5 bytes JMP 0000000174423370
.text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4352] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076164572 5 bytes JMP 0000000174423810
.text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4352] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007617e567 5 bytes JMP 0000000174423880
.text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4352] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000761a07d7 5 bytes JMP 0000000174423280
.text C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe[4352] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000761b7a5c 5 bytes JMP 0000000174423800
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4392] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a71efe 7 bytes JMP 0000000174423dd0
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4392] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a75b9d 7 bytes JMP 00000001744240e0
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4392] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a813f9 7 bytes JMP 0000000174423f10
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4392] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a8ea45 7 bytes JMP 0000000174423dc0
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4392] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075b18ea4 7 bytes JMP 0000000174423b50
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4392] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075b18f29 5 bytes JMP 0000000174423c00
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4392] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075b19281 5 bytes JMP 0000000174423b60
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4392] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000756b1d29 5 bytes JMP 0000000174423b00
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4392] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000756b1dd7 5 bytes JMP 0000000174423ab0
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4392] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000756b2ab1 5 bytes JMP 0000000174423c10
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4392] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000756b2d1d 5 bytes JMP 0000000174423890
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4392] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007627d2b4 5 bytes JMP 00000001744233e0
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[4392] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007627d4ee 5 bytes JMP 00000001744233f0
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4404] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a71efe 7 bytes JMP 0000000174423dd0
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4404] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a75b9d 7 bytes JMP 00000001744240e0
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4404] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a813f9 7 bytes JMP 0000000174423f10
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4404] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a8ea45 7 bytes JMP 0000000174423dc0
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4404] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075b18ea4 7 bytes JMP 0000000174423b50
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4404] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075b18f29 5 bytes JMP 0000000174423c00
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4404] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075b19281 5 bytes JMP 0000000174423b60
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4404] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000756b1d29 5 bytes JMP 0000000174423b00
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4404] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000756b1dd7 5 bytes JMP 0000000174423ab0
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4404] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000756b2ab1 5 bytes JMP 0000000174423c10
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4404] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000756b2d1d 5 bytes JMP 0000000174423890
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4404] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007627d2b4 5 bytes JMP 00000001744233e0
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4404] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007627d4ee 5 bytes JMP 00000001744233f0
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4404] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076158a29 5 bytes JMP 0000000174423370
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4404] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076164572 5 bytes JMP 0000000174423810
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4404] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007617e567 5 bytes JMP 0000000174423880
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4404] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000761a07d7 5 bytes JMP 0000000174423280
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4404] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000761b7a5c 5 bytes JMP 0000000174423800
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4404] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b85ea5 5 bytes JMP 0000000174423320
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4404] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075bb9d0b 5 bytes JMP 00000001744232b0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5032] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a71efe 7 bytes JMP 0000000174423dd0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5032] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a75b9d 7 bytes JMP 00000001744240e0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5032] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a813f9 7 bytes JMP 0000000174423f10
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5032] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a8ea45 7 bytes JMP 0000000174423dc0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5032] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075b18ea4 7 bytes JMP 0000000174423b50
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5032] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075b18f29 5 bytes JMP 0000000174423c00
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5032] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075b19281 5 bytes JMP 0000000174423b60
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5032] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000756b1d29 5 bytes JMP 0000000174423b00
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5032] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000756b1dd7 5 bytes JMP 0000000174423ab0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5032] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000756b2ab1 5 bytes JMP 0000000174423c10
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5032] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000756b2d1d 5 bytes JMP 0000000174423890
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5032] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076158a29 5 bytes JMP 0000000174423370
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5032] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076164572 5 bytes JMP 0000000174423810
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5032] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007617e567 5 bytes JMP 0000000174423880
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5032] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000761a07d7 5 bytes JMP 0000000174423280
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5032] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000761b7a5c 5 bytes JMP 0000000174423800
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5032] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b85ea5 5 bytes JMP 0000000174423320
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5032] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075bb9d0b 5 bytes JMP 00000001744232b0
.text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[4616] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a71efe 7 bytes JMP 0000000174423dd0
.text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[4616] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a75b9d 7 bytes JMP 00000001744240e0
.text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[4616] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a813f9 7 bytes JMP 0000000174423f10
.text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[4616] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a8ea45 7 bytes JMP 0000000174423dc0
.text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[4616] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075b18ea4 7 bytes JMP 0000000174423b50
.text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[4616] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075b18f29 5 bytes JMP 0000000174423c00
.text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[4616] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075b19281 5 bytes JMP 0000000174423b60
.text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[4616] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000756b1d29 5 bytes JMP 0000000174423b00
.text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[4616] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000756b1dd7 5 bytes JMP 0000000174423ab0
.text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[4616] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000756b2ab1 5 bytes JMP 0000000174423c10
.text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[4616] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000756b2d1d 5 bytes JMP 0000000174423890
.text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[4616] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007627d2b4 5 bytes JMP 00000001744233e0
.text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[4616] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007627d4ee 5 bytes JMP 00000001744233f0
.text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[4616] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b85ea5 5 bytes JMP 0000000174423320
.text C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe[4616] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075bb9d0b 5 bytes JMP 00000001744232b0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b3e080 5 bytes JMP 0000000100111018
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b3e5d0 5 bytes JMP 0000000100110018
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077b3e680 5 bytes JMP 0000000100112018
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5008] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000778d27e0 5 bytes JMP 0000000100115018
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5008] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000778e1870 5 bytes JMP 0000000100116018
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5008] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077959100 5 bytes JMP 0000000100117018
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5008] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefda157b0 5 bytes JMP 000007ff7f969018
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5008] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefda18770 5 bytes JMP 000007ff7f968018
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5008] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefda18e80 5 bytes JMP 000007ff7f966018
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5008] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefda199f0 5 bytes JMP 000007ff7f96c018
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5008] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefda1ceb0 5 bytes JMP 000007ff7f96d018
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5008] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefda237d0 5 bytes JMP 000007ff7f967018
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5008] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefda26190 5 bytes JMP 000007ff7f96a018
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5008] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefda44310 5 bytes JMP 000007ff7f96b018
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5008] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007feff95642c 5 bytes JMP 000007ff7f963018
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5008] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff956484 5 bytes JMP 000007ff7f960018
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5008] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007feff956518 5 bytes JMP 000007ff7f962018
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5008] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff956c34 5 bytes JMP 000007ff7f961018
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5008] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9575e8 5 bytes JMP 000007ff7f965018
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5008] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff95790c 5 bytes JMP 000007ff7f964018
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077cf0038 5 bytes JMP 00000001000b100c
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077cf0860 5 bytes JMP 00000001000b000c
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2920] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 0000000077cf0968 5 bytes JMP 00000001000b200c
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2920] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a71efe 7 bytes JMP 0000000174423dd0
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2920] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a75b9d 7 bytes JMP 00000001744240e0
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2920] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a813f9 7 bytes JMP 0000000174423f10
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2920] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a8ea45 7 bytes JMP 0000000174423dc0
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2920] C:\Windows\syswow64\kernel32.dll!OpenMutexA 0000000075a8ec3f 5 bytes JMP 00000001000bc00c
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2920] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075a93b62 5 bytes JMP 00000001000be00c
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2920] C:\Windows\syswow64\kernel32.dll!CreateDirectoryExW 0000000075ae8a31 5 bytes JMP 00000001000bf00c
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2920] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075b18ea4 7 bytes JMP 0000000174423b50
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2920] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075b18f29 5 bytes JMP 0000000174423c00
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2920] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075b19281 5 bytes JMP 0000000174423b60
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2920] C:\Windows\syswow64\KERNELBASE.dll!GetFileSizeEx 00000000756ace53 5 bytes JMP 00000001000c200c
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2920] C:\Windows\syswow64\KERNELBASE.dll!GetFileSize 00000000756adff8 5 bytes JMP 00000001000c100c
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2920] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 00000000756aeca6 5 bytes JMP 00000001000c300c
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2920] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexExW 00000000756b0f0a 5 bytes JMP 00000001000bb00c
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2920] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000756b137f 5 bytes JMP 00000001000bd00c
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2920] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000756b1d29 5 bytes JMP 0000000174423b00
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2920] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000756b1dd7 5 bytes JMP 0000000174423ab0
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2920] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000756b2ab1 5 bytes JMP 0000000174423c10
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2920] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000756b2d1d 5 bytes JMP 0000000174423890
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2920] C:\Windows\syswow64\KERNELBASE.dll!TerminateThread 00000000756b3999 5 bytes JMP 00000001000c500c
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2920] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 00000000756b3e7e 2 bytes JMP 00000001000c400c
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2920] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx + 3 00000000756b3e81 2 bytes [A1, 8A]
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2920] C:\Windows\syswow64\KERNELBASE.dll!CreateDirectoryW 00000000756b924e 5 bytes JMP 00000001000c000c
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2920] C:\Windows\SysWOW64\sechost.dll!ControlService 00000000765e4d5c 5 bytes JMP 00000001000b800c
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2920] C:\Windows\SysWOW64\sechost.dll!CloseServiceHandle 00000000765e4dc3 5 bytes JMP 00000001000b700c
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2920] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000765e567c 5 bytes JMP 00000001000ba00c
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2920] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000765e589f 5 bytes JMP 00000001000b900c
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2920] C:\Windows\SysWOW64\sechost.dll!OpenServiceW 00000000765e714b 5 bytes JMP 00000001000b500c
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2920] C:\Windows\SysWOW64\sechost.dll!OpenServiceA 00000000765e7245 5 bytes JMP 00000001000b600c
.text C:\Windows\system32\wbem\unsecapp.exe[1492] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000778d27e0 5 bytes JMP 00000001001e5018
.text C:\Windows\system32\wbem\unsecapp.exe[1492] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000778e1870 5 bytes JMP 00000001001e6018
.text C:\Windows\system32\wbem\unsecapp.exe[1492] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077959100 5 bytes JMP 00000001001e7018
.text C:\Windows\system32\wbem\unsecapp.exe[1492] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefda157b0 5 bytes JMP 000007ff7f969018
.text C:\Windows\system32\wbem\unsecapp.exe[1492] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefda18770 5 bytes JMP 000007ff7f968018
.text C:\Windows\system32\wbem\unsecapp.exe[1492] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefda18e80 5 bytes JMP 000007ff7f966018
.text C:\Windows\system32\wbem\unsecapp.exe[1492] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefda199f0 5 bytes JMP 000007ff7f96c018
.text C:\Windows\system32\wbem\unsecapp.exe[1492] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefda1ceb0 5 bytes JMP 000007ff7f96d018
.text C:\Windows\system32\wbem\unsecapp.exe[1492] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefda237d0 5 bytes JMP 000007ff7f967018
.text C:\Windows\system32\wbem\unsecapp.exe[1492] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefda26190 5 bytes JMP 000007ff7f96a018
.text C:\Windows\system32\wbem\unsecapp.exe[1492] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefda44310 5 bytes JMP 000007ff7f96b018
.text C:\Windows\system32\DllHost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077b3e080 5 bytes JMP 0000000100291018
.text C:\Windows\system32\DllHost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077b3e5d0 5 bytes JMP 0000000100290018
.text C:\Windows\system32\DllHost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 0000000077b3e680 5 bytes JMP 0000000100292018
.text C:\Windows\system32\DllHost.exe[3524] C:\Windows\system32\kernel32.dll!OpenMutexA 00000000778d27e0 5 bytes JMP 0000000100295018
.text C:\Windows\system32\DllHost.exe[3524] C:\Windows\system32\kernel32.dll!CopyFileExW 00000000778e1870 5 bytes JMP 0000000100296018
.text C:\Windows\system32\DllHost.exe[3524] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077959100 5 bytes JMP 0000000100297018
.text C:\Windows\system32\DllHost.exe[3524] C:\Windows\system32\KERNELBASE.dll!GetFileSize 000007fefda157b0 5 bytes JMP 000007ff7f969018
.text C:\Windows\system32\DllHost.exe[3524] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW 000007fefda18770 5 bytes JMP 000007ff7f968018
.text C:\Windows\system32\DllHost.exe[3524] C:\Windows\system32\KERNELBASE.dll!CreateMutexExW 000007fefda18e80 5 bytes JMP 000007ff7f966018
.text C:\Windows\system32\DllHost.exe[3524] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefda199f0 5 bytes JMP 000007ff7f96c018
.text C:\Windows\system32\DllHost.exe[3524] C:\Windows\system32\KERNELBASE.dll!TerminateThread 000007fefda1ceb0 5 bytes JMP 000007ff7f96d018
.text C:\Windows\system32\DllHost.exe[3524] C:\Windows\system32\KERNELBASE.dll!OpenMutexW 000007fefda237d0 5 bytes JMP 000007ff7f967018
.text C:\Windows\system32\DllHost.exe[3524] C:\Windows\system32\KERNELBASE.dll!GetFileSizeEx 000007fefda26190 5 bytes JMP 000007ff7f96a018
.text C:\Windows\system32\DllHost.exe[3524] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefda44310 5 bytes JMP 000007ff7f96b018
.text C:\Windows\system32\DllHost.exe[3524] C:\Windows\SYSTEM32\sechost.dll!ControlService 000007feff95642c 5 bytes JMP 000007ff7f963018
.text C:\Windows\system32\DllHost.exe[3524] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff956484 5 bytes JMP 000007ff7f960018
.text C:\Windows\system32\DllHost.exe[3524] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle 000007feff956518 5 bytes JMP 000007ff7f962018
.text C:\Windows\system32\DllHost.exe[3524] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff956c34 5 bytes JMP 000007ff7f961018
.text C:\Windows\system32\DllHost.exe[3524] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9575e8 5 bytes JMP 000007ff7f965018
.text C:\Windows\system32\DllHost.exe[3524] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff95790c 5 bytes JMP 000007ff7f964018
.text C:\Users\Marc\Desktop\Gmer-19357.exe[5060] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075a71efe 7 bytes JMP 0000000174423dd0
.text C:\Users\Marc\Desktop\Gmer-19357.exe[5060] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075a75b9d 7 bytes JMP 00000001744240e0
.text C:\Users\Marc\Desktop\Gmer-19357.exe[5060] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075a813f9 7 bytes JMP 0000000174423f10
.text C:\Users\Marc\Desktop\Gmer-19357.exe[5060] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075a8ea45 7 bytes JMP 0000000174423dc0
.text C:\Users\Marc\Desktop\Gmer-19357.exe[5060] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075b18ea4 7 bytes JMP 0000000174423b50
.text C:\Users\Marc\Desktop\Gmer-19357.exe[5060] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075b18f29 5 bytes JMP 0000000174423c00
.text C:\Users\Marc\Desktop\Gmer-19357.exe[5060] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075b19281 5 bytes JMP 0000000174423b60
.text C:\Users\Marc\Desktop\Gmer-19357.exe[5060] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000756b1d29 5 bytes JMP 0000000174423b00
.text C:\Users\Marc\Desktop\Gmer-19357.exe[5060] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000756b1dd7 5 bytes JMP 0000000174423ab0
.text C:\Users\Marc\Desktop\Gmer-19357.exe[5060] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000756b2ab1 5 bytes JMP 0000000174423c10
.text C:\Users\Marc\Desktop\Gmer-19357.exe[5060] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000756b2d1d 5 bytes JMP 0000000174423890
.text C:\Users\Marc\Desktop\Gmer-19357.exe[5060] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007627d2b4 5 bytes JMP 00000001744233e0
.text C:\Users\Marc\Desktop\Gmer-19357.exe[5060] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007627d4ee 5 bytes JMP 00000001744233f0
.text C:\Users\Marc\Desktop\Gmer-19357.exe[5060] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076158a29 5 bytes JMP 0000000174423370
.text C:\Users\Marc\Desktop\Gmer-19357.exe[5060] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000076164572 5 bytes JMP 0000000174423810
.text C:\Users\Marc\Desktop\Gmer-19357.exe[5060] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007617e567 5 bytes JMP 0000000174423880
.text C:\Users\Marc\Desktop\Gmer-19357.exe[5060] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000761a07d7 5 bytes JMP 0000000174423280
.text C:\Users\Marc\Desktop\Gmer-19357.exe[5060] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000761b7a5c 5 bytes JMP 0000000174423800
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [1092:5812] 000007fef6535170
Thread C:\Windows\System32\spoolsv.exe [1228:2692] 000007fef75410c8
Thread C:\Windows\System32\spoolsv.exe [1228:2700] 000007fef7506144
Thread C:\Windows\System32\spoolsv.exe [1228:2704] 000007fef9705fd0
Thread C:\Windows\System32\spoolsv.exe [1228:2708] 000007fef74e3438
Thread C:\Windows\System32\spoolsv.exe [1228:2712] 000007fef97063ec
Thread C:\Windows\System32\spoolsv.exe [1228:2720] 000007fef7165e5c
Thread C:\Windows\System32\spoolsv.exe [1228:2724] 000007fef7195074
Thread C:\Windows\System32\spoolsv.exe [1228:2780] 000007fef7202288
Thread C:\Windows\System32\spoolsv.exe [1228:3244] 000007fef7598760
---- EOF - GMER 2.1 ----
|
|
21.07.2015, 08:16
| #7 | |
| /// TB-Ausbilder | Win7 64-Bit: BlueScreen während GMER-ScanZitat:
Die AppInit_Dll zeigt nur auf den Nvidia Treiber, das ist legitim. Danach: Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Downloade Dir bitte  Malwarebytes Anti-Malware
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
22.07.2015, 10:27
| #8 |
| | Win7 64-Bit: BlueScreen während GMER-Scan Hallo Warlord, hier die Logs: Code:
ATTFilter # AdwCleaner v4.208 - Bericht erstellt 22/07/2015 um 09:42:31
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-15.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Marc - MARC-PC
# Gestarted von : C:\Users\Marc\Desktop\AdwCleaner_4.208.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gelöscht : C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\leocdeigfnkaojcapikdjcdbedcjmffc
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17909
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [908 Bytes] - [22/07/2015 09:41:09]
AdwCleaner[S0].txt - [829 Bytes] - [22/07/2015 09:42:31]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [887 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 7 Home Premium x64
Ran by Marc on 22.07.2015 at 9:50:58.00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Chrome
[C:\Users\Marc\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Marc\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\Marc\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Marc\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.07.2015 at 10:09:57.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 22.07.2015 Suchlaufzeit: 10:20 Protokolldatei: Administrator: Ja Version: 2.1.8.1057 Malware-Datenbank: v2015.07.22.01 Rootkit-Datenbank: v2015.07.17.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Marc Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 422795 Abgelaufene Zeit: 46 Min., 31 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Warnen PUM: Warnen Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) |
|
23.07.2015, 09:16
| #9 |
| /// TB-Ausbilder | Win7 64-Bit: BlueScreen während GMER-Scan Ok, soweit alles gut. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Downloade Dir bitte  SecurityCheck und:
Und noch Eset Scan, der dauert länger: ESET Online Scanner
Das GMER nen Bluescreen auslöst, ist eigentlich recht regelmäßig - ist halt schon ne sehr invasive Art der Virensuche, da können einige Treiber/Programme nicht mit umgehen und schmieren ab.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
24.07.2015, 11:09
| #10 |
| | Win7 64-Bit: BlueScreen während GMER-Scan Werde wahrscheinlich erst Samstagabend oder Sonntag wieder Zeit finden. Gruss Jerot |
|
25.07.2015, 19:34
| #11 |
| | Win7 64-Bit: BlueScreen während GMER-Scan Hallo Warlord, hier die Logs. Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Marc at 2015-07-25 13:27:32 Run:1
Running from C:\Users\Marc\Desktop
Loaded Profiles: Marc & Admin (Available Profiles: Marc & Admin)
Boot Mode: Normal
==============================================
fixlist content:
*****************
emptytemp:
*****************
EmptyTemp: => 1.9 GB temporary data Removed.
The system needed a reboot..
==== End of Fixlog 13:28:02 ====
Code:
ATTFilter Results of screen317's Security Check version 1.004
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Computer Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome (44.0.2403.107)
Google Chrome (44.0.2403.89)
````````Process Check: objlist.exe by Laurent````````
Internet Security apps ComputerSecurity Anti-Virus\FSGK32.EXE
Internet Security apps ComputerSecurity Anti-Virus\fssm32.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f022cb3c890c5d41bc84dcaeccfeaaa9
# end=init
# utc_time=2015-07-25 12:02:04
# local_time=2015-07-25 02:02:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# osver=6.1.7601 NT Service Pack 1
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f022cb3c890c5d41bc84dcaeccfeaaa9
# end=init
# utc_time=2015-07-25 12:04:18
# local_time=2015-07-25 02:04:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24974
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f022cb3c890c5d41bc84dcaeccfeaaa9
# end=updated
# utc_time=2015-07-25 12:14:54
# local_time=2015-07-25 02:14:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=f022cb3c890c5d41bc84dcaeccfeaaa9
# engine=24974
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-07-25 05:50:12
# local_time=2015-07-25 07:50:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 60431527 189476462 0 0
# scanned=431813
# found=0
# cleaned=0
# scan_time=20117
|
|
27.07.2015, 08:05
| #12 |
| /// TB-Ausbilder | Win7 64-Bit: BlueScreen während GMER-Scan Die Logs sehen gut aus. Gabs denn noch Meldungen von F-Secure bzgl. der svchost.exe ? Hast du eigentlich noch nen Log über die ursprüngliche svchost.exe Meldung die du eingangs erwähnt hast ? Ansonsten so weiter: Update: Adobe Reader Deinstalliere bitte deine aktuelle Version von Adobe Reader Start--> Systemsteuerung--> Software--> Adobe Reader und lade dir die neue Version von Hier herunter- Entferne den Haken für den McAfee SecurityScan bzw. Google Chrome. Die Reihenfolge ist hier entscheidend.
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ändere regelmäßig alle deine Passwörter, jetzt, nach der Bereinigung ist ein idealer Zeitpunkt dafür
Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti-Viren-Programm und zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden. Mozilla Firefox
Performance
Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen oder Lob, Kritik und Wünsche loswerden? Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
28.07.2015, 12:55
| #13 |
| | Win7 64-Bit: BlueScreen während GMER-Scan Hallo Warlord, F-Secure hat seit damals nichts mehr gemeldet. Ein Log gibt es nicht, da die svchost.exe vom DeepGuard-Dienst geblockt wurde und dieser aktiv ihm unbekannte oder verdächtige Anwendungen überwacht. Die svchost.exe habe ich vor einiger Zeit aus der Liste der geblockten Anwendungen entfernt, da ich sehen wollte, ob sie erneut geblockt wird. Der alte Adobe Reader 9 wurde deinstalliert und durch den neuen Adobe Acrobat Reader DC 2015 ersetzt. Jetzt habe ich noch eine Frage: Gibt es AdblockPlus oder etwas vergleichbares auch für Google Chrome? Und natürlich vielen Dank für deine Hilfe! Gruss Jerot |
|
28.07.2015, 17:20
| #14 |
| /// TB-Ausbilder | Win7 64-Bit: BlueScreen während GMER-Scan
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
30.07.2015, 15:35
| #15 |
| | Win7 64-Bit: BlueScreen während GMER-Scan Hab völlig vergessen, dass es den Webstore gibt. Danke nochmals für deine Hilfe. Gruss Jerot |
|
| Themen zu Win7 64-Bit: BlueScreen während GMER-Scan |
| antivirus, appdata, avast, beim starten, blue screen, bluescreen, fehler, festplatte, funktioniert, gmer, harddisk, installation, malwarebytes, ordner, probleme, sicherheit, spoolsv.exe, starten, svchost.exe, system, system32, temp, win7, windows media player, wmp |
Linear-Darstellung
