| |
| |||||||
Log-Analyse und Auswertung: Virenbefall durch Delta Search und KonsortenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
23.05.2013, 11:11
| #1 |
 |  Virenbefall durch Delta Search und Konsorten Moin moin liebe Community, ich schreibe heute für eine Freundin, die Probleme mit ihrem Rechner hat. Wahrscheinlich handelt es sich für euch um ein altbekanntes Problem: Man (also egtl Frau!) wollte ein Fußballspiel schauen, das die öffentlich rechtlichen nicht übertragen wollten/konnten und nun tummeln sich lauter Plagegeister auf dem Rechner. Angefangen hat das ganze mit der 'Delta-Search', mittlerweile gibt es Eingriffe auf die DNS und regelmäßige Fehlermeldungen namens 'ATKOSD2' sowie Probleme mit diversen .DLL-Dateien. Bevor das ganze Betriebssystem (Windows 7) neu aufgesetzt wird, seid ihr sozusagen die letzte Rettung. Schn mal im voraus einen riesen Dank, Madame weiß eure Hilfe sehr zu schätzen! Hier die üblichen Einstiegs-Logs: Code:
ATTFilter OTL logfile created on: 23.05.2013 11:30:49 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ann-Kristin.B\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 35,19% Memory free 7,81 Gb Paging File | 4,85 Gb Available in Paging File | 62,13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 95,39 Gb Total Space | 4,59 Gb Free Space | 4,82% Space Free | Partition Type: NTFS Drive D: | 135,08 Gb Total Space | 134,26 Gb Free Space | 99,39% Space Free | Partition Type: NTFS Computer Name: ANN-KRISTINB-PC | User Name: Ann-Kristin.B | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.23 11:29:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ann-Kristin.B\Downloads\OTL.exe PRC - [2013.05.11 12:37:30 | 001,402,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2013.05.06 10:43:11 | 004,573,184 | ---- | M] (Spotify Ltd) -- C:\Users\Ann-Kristin.B\AppData\Roaming\Spotify\spotify.exe PRC - [2013.05.06 10:43:10 | 001,105,408 | ---- | M] (Spotify Ltd) -- C:\Users\Ann-Kristin.B\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2013.04.28 22:28:29 | 003,360,256 | ---- | M] (Bandoo Media Inc.) -- C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrUI.exe PRC - [2013.04.28 22:28:24 | 003,019,264 | ---- | M] (Bandoo Media Inc.) -- C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe PRC - [2013.04.09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2013.04.02 20:37:59 | 000,569,120 | ---- | M] () -- C:\ProgramData\IBUpdaterService\ibsvc.exe PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ann-Kristin.B\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.05.31 22:32:15 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe PRC - [2012.03.20 11:16:08 | 000,247,872 | ---- | M] () -- C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE PRC - [2012.02.16 18:04:20 | 000,289,408 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe PRC - [2012.02.16 18:04:18 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe PRC - [2011.10.04 22:14:10 | 000,082,944 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe PRC - [2011.10.04 22:14:06 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe PRC - [2011.10.04 01:17:40 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2011.09.09 08:10:06 | 002,317,312 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2011.08.03 00:31:22 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2011.07.22 01:49:10 | 005,716,608 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2011.06.30 02:16:10 | 000,503,728 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe PRC - [2010.12.21 04:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.12.21 04:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.12.15 20:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.06.19 20:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 20:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2008.12.23 03:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2008.08.14 07:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe ========== Modules (No Company Name) ========== MOD - [2013.05.15 10:58:10 | 013,136,776 | ---- | M] () -- C:\Users\Ann-Kristin.B\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll MOD - [2013.05.06 10:43:11 | 024,985,600 | ---- | M] () -- C:\Users\Ann-Kristin.B\AppData\Roaming\Spotify\Data\libcef.dll MOD - [2013.04.28 22:28:32 | 000,474,112 | ---- | M] () -- C:\Program Files (x86)\Search Results Toolbar\Datamngr\apcrtldr.dll MOD - [2013.04.28 22:28:27 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\Search Results Toolbar\Datamngr\mgrldr.dll MOD - [2013.04.23 16:14:38 | 003,599,872 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\plug_ins\Citavi Picker\CitaviPicker.api MOD - [2013.04.09 10:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll MOD - [2013.04.09 10:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll MOD - [2013.04.09 10:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll MOD - [2013.04.09 10:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll MOD - [2013.04.09 10:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll MOD - [2013.01.28 14:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2013.01.28 14:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.12.18 21:08:32 | 014,588,632 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\NPSWF32.dll MOD - [2012.09.23 21:43:36 | 000,313,992 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll MOD - [2011.10.04 22:14:06 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll MOD - [2011.09.09 08:10:06 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll ========== Services (SafeList) ========== SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp) SRV:64bit: - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2010.11.30 01:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010.09.17 10:32:56 | 000,241,488 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Titanium\TiMiniService.exe -- (TiMiniService) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2013.05.15 10:02:02 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.05.02 10:50:48 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.04.28 22:28:24 | 003,019,264 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe -- (DatamngrCoordinator) SRV - [2013.04.02 20:37:59 | 000,569,120 | ---- | M] () [Auto | Running] -- C:\ProgramData\IBUpdaterService\ibsvc.exe -- (IBUpdaterService) SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2013.01.14 21:34:36 | 001,024,384 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE -- (SpyHunter 4 Service) SRV - [2012.11.09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2012.05.31 22:32:15 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc) SRV - [2012.03.20 11:16:08 | 000,247,872 | ---- | M] () [Auto | Running] -- C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE -- (ICQ Service) SRV - [2012.02.16 18:04:18 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe -- (ASUS InstantOn) SRV - [2011.08.03 00:31:22 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2011.08.03 00:13:24 | 000,103,584 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2010.12.21 04:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.12.21 04:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.12.15 20:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.05.09 10:59:07 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2013.05.09 10:59:07 | 000,378,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2013.05.09 10:59:07 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:64bit: - [2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2013.05.09 10:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:64bit: - [2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2013.03.26 17:18:20 | 000,112,080 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock) DRV:64bit: - [2012.12.13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.06.22 11:01:32 | 000,022,704 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EsgScanner.sys -- (EsgScanner) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.03 18:09:48 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.11.03 18:09:22 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.10.19 04:56:00 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.10.19 04:56:00 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.10.18 19:47:12 | 000,198,448 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2011.10.17 07:29:08 | 000,202,496 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc) DRV:64bit: - [2011.10.17 07:29:08 | 000,069,888 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh) DRV:64bit: - [2011.10.04 09:49:32 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.08.03 00:22:52 | 000,511,136 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011.08.03 00:22:06 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011.08.03 00:21:50 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2011.08.03 00:21:20 | 000,167,584 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011.08.03 00:21:04 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2011.08.03 00:20:50 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2011.08.03 00:20:34 | 000,110,240 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt) DRV:64bit: - [2011.08.03 00:20:18 | 000,330,912 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2011.05.14 00:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2011.04.26 05:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.03.15 12:09:16 | 000,311,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2011.03.02 17:17:20 | 000,013,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV:64bit: - [2011.02.26 03:42:18 | 000,016,768 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger) DRV:64bit: - [2010.11.30 01:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010.11.20 15:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.09.17 10:52:28 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm) DRV:64bit: - [2010.09.17 10:52:28 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi) DRV:64bit: - [2010.09.17 10:52:28 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon) DRV:64bit: - [2010.09.17 10:52:28 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr) DRV:64bit: - [2010.04.28 19:59:16 | 000,027,264 | ---- | M] (ASUS Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\assd.sys -- (assd) DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.05.24 03:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2011.09.07 19:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.03 03:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=110&systemid=102&apn_uid=1556205021544236&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=110&systemid=102&apn_uid=1556205021544236&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119677&tt=190313_wo3&babsrc=SP_ss&mntrId=1EF482B9A5D1BC8B IE - HKCU\..\SearchScopes\{651C3DAB-BC92-4E1E-8A9D-75C0AEFB3A03}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYFR&apn_uid=C5DC74AB-5889-4C66-A571-D253D9D3D948&apn_sauid=FD110121-B4F5-4EF2-99CA-338B82612856 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=110&systemid=102&apn_uid=1556205021544236&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..CT2625848.browser.search.defaultthis.engineName: true FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Search Results" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/102?appid=110" FF - prefs.js..extensions.enabledAddons: speedanalysis%40SpeedAnalysis.com:1.0.0.1 FF - prefs.js..extensions.enabledAddons: %7BC4A4F5A0-4B89-4392-AFAC-D58010E349AF%7D:5.0.0.7066 FF - prefs.js..extensions.enabledAddons: %7B0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff%7D:10.16.2.509 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&apn_uid=1556205021544236&o=APN10646&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2011.10.19 06:36:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\speedanalysis@SpeedAnalysis.com: C:\Users\Ann-Kristin.B\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com [2013.04.02 20:38:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.05.18 11:05:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}\\: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013.05.15 11:20:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.02 10:50:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedanalysis@SpeedAnalysis.com: C:\Users\Ann-Kristin.B\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com [2013.04.02 20:38:58 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.02 10:50:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.08 16:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ann-Kristin.B\AppData\Roaming\mozilla\Extensions [2013.04.02 20:38:58 | 000,000,000 | ---D | M] (SpeedAnalysis.com) -- C:\Users\Ann-Kristin.B\AppData\Roaming\mozilla\Extensions\speedanalysis@SpeedAnalysis.com [2013.05.17 22:36:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ann-Kristin.B\AppData\Roaming\mozilla\Firefox\Profiles\psibyyw1.default\extensions [2013.05.17 22:36:29 | 000,000,000 | ---D | M] (DVDVideoSoftTB DE) -- C:\Users\Ann-Kristin.B\AppData\Roaming\mozilla\Firefox\Profiles\psibyyw1.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} [2013.05.08 16:22:09 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\Ann-Kristin.B\AppData\Roaming\mozilla\Firefox\Profiles\psibyyw1.default\extensions\{7abe12ca-e995-4ab4-9a4e-ef8820a20182} [2013.05.08 16:21:51 | 000,000,000 | ---D | M] (New Tab) -- C:\Users\Ann-Kristin.B\AppData\Roaming\mozilla\Firefox\Profiles\psibyyw1.default\extensions\{C4A4F5A0-4B89-4392-AFAC-D58010E349AF} [2012.11.08 12:41:00 | 000,002,308 | ---- | M] () -- C:\Users\Ann-Kristin.B\AppData\Roaming\mozilla\firefox\profiles\psibyyw1.default\searchplugins\askcom.xml [2013.04.02 20:39:33 | 000,001,294 | ---- | M] () -- C:\Users\Ann-Kristin.B\AppData\Roaming\mozilla\firefox\profiles\psibyyw1.default\searchplugins\delta.xml [2012.12.09 19:05:29 | 000,001,064 | ---- | M] () -- C:\Users\Ann-Kristin.B\AppData\Roaming\mozilla\firefox\profiles\psibyyw1.default\searchplugins\dvdvideosofttb-de-customized-web-search.xml [2013.05.08 16:21:51 | 000,002,646 | ---- | M] () -- C:\Users\Ann-Kristin.B\AppData\Roaming\mozilla\firefox\profiles\psibyyw1.default\searchplugins\Search_Results.xml [2013.05.08 16:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.05.02 10:50:50 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.05.02 10:50:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.02 20:39:13 | 000,006,508 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2013.05.02 10:50:38 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.05.02 10:50:38 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.05.02 10:50:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.05.08 16:21:51 | 000,002,646 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2013.05.02 10:50:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.05.02 10:50:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Search Results (Enabled) CHR - default_search_provider: search_url = hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=110&systemid=102&apn_uid=1556205021544236&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: SpeedAnalysis.com = C:\Users\Ann-Kristin.B\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon\1.0.0.1_0\ CHR - Extension: jZip New Tabs = C:\Users\Ann-Kristin.B\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbajpeofkjjeiamcglnmldoboonfkiol\5.0.0.7066_0\ CHR - Extension: Citavi Picker = C:\Users\Ann-Kristin.B\AppData\Local\Google\Chrome\User Data\Default\Extensions\piehhloihgjjiomhieeddiidpekaajio\2013.4.29_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.) O2 - BHO: (SpeedAnalysis.com) - {45564571-A21B-48ED-B584-69752EEE9C3D} - C:\Program Files (x86)\SpeedAnalysis.com\ScriptHost.dll (SpeedAnalysis.com) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Search-Results Toolbar) - {7abe12ca-e995-4ab4-9a4e-ef8820a20182} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {7abe12ca-e995-4ab4-9a4e-ef8820a20182} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4:64bit: - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe (Trend Micro Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~2.EXE (Bandoo Media Inc.) O4 - HKLM..\Run: [FLxHCIm64] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe (Windows (R) Win 7 DDK provider) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS) O4 - HKCU..\Run: [Spotify] C:\Users\Ann-Kristin.B\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Ann-Kristin.B\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - Startup: C:\Users\Ann-Kristin.B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ann-Kristin.B\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Ann-Kristin.B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00DB7D09-6DFF-40CD-B304-5D415F5092A2}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN64C~1.DLL) - C:\ProgramData\Wincert\win64cert.dll () O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\mgrldr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\mgrldr.dll () O20 - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN32C~1.DLL) - C:\ProgramData\Wincert\win32cert.dll () O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\mgrldr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\mgrldr.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.04.30 22:03:18 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: x64 - (C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\apcrtldr.dll) - C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\apcrtldr.dll () O36 - AppCertDlls: x86 - (C:\Program Files (x86)\Search Results Toolbar\Datamngr\apcrtldr.dll) - C:\Program Files (x86)\Search Results Toolbar\Datamngr\apcrtldr.dll () O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.20 11:03:06 | 000,000,000 | ---D | C] -- C:\Users\Ann-Kristin.B\Documents\PersBackup [2013.05.20 11:02:57 | 000,000,000 | ---D | C] -- C:\Users\Ann-Kristin.B\AppData\Roaming\PersBackup5 [2013.05.20 11:02:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Personal Backup [2013.05.20 11:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\Personal Backup 5 [2013.05.20 11:01:58 | 000,000,000 | ---D | C] -- C:\Users\Ann-Kristin.B\AppData\Local\Programs [2013.05.19 20:34:25 | 000,000,000 | ---D | C] -- C:\Users\Ann-Kristin.B\Desktop\Lac de Madine nach Auchan Laxou - Google Maps_files [2013.05.16 10:24:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Gibraltar [2013.05.15 11:20:20 | 000,000,000 | ---D | C] -- C:\Users\Ann-Kristin.B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citavi 4 [2013.05.15 11:16:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citavi 4 [2013.05.14 17:13:27 | 000,000,000 | ---D | C] -- C:\Users\Ann-Kristin.B\AppData\Roaming\Swiss Academic Software [2013.05.14 16:54:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Swiss Academic Software [2013.05.14 16:47:05 | 000,000,000 | ---D | C] -- C:\Users\Ann-Kristin.B\AppData\Local\Downloaded Installations [2013.05.08 16:22:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Wincert [2013.05.08 16:21:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Search Results Toolbar [2013.05.08 16:21:37 | 000,000,000 | ---D | C] -- C:\Users\Ann-Kristin.B\AppData\Local\jZip [2013.05.08 16:21:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Datamngr [2013.05.08 16:21:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jZip [2013.04.30 22:02:22 | 000,000,000 | ---D | C] -- C:\Users\Ann-Kristin.B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter [2013.04.30 22:02:18 | 000,000,000 | ---D | C] -- C:\sh4ldr [2013.04.30 22:02:18 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.04.30 15:25:45 | 000,000,000 | ---D | C] -- C:\Users\Ann-Kristin.B\Desktop\Hochladen [2013.04.30 11:35:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.04.30 10:59:11 | 000,378,432 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2013.04.30 10:59:11 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2013.04.30 10:59:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013.04.30 10:59:10 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2013.04.30 10:59:10 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2013.04.30 10:43:30 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2013.04.30 10:42:48 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2013.04.30 10:42:45 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2013.04.30 10:42:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2013.04.30 10:40:00 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2013.04.30 10:38:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2013.04.30 10:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013.04.30 10:21:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013.04.29 10:11:34 | 000,000,000 | ---D | C] -- C:\Users\Ann-Kristin.B\Desktop\Bewerbung [2013.04.26 16:07:10 | 000,000,000 | ---D | C] -- C:\Users\Ann-Kristin.B\Desktop\BA-Arbeit [2013.04.24 23:51:42 | 000,000,000 | ---D | C] -- C:\Users\Ann-Kristin.B\Desktop\Drucken [2013.04.23 16:09:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco [2013.04.23 14:45:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco [3 C:\Users\Ann-Kristin.B\Desktop\*.tmp files -> C:\Users\Ann-Kristin.B\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.23 11:33:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.23 11:28:56 | 000,000,000 | ---- | M] () -- C:\Users\Ann-Kristin.B\defogger_reenable [2013.05.23 11:26:29 | 000,050,477 | ---- | M] () -- C:\Users\Ann-Kristin.B\Desktop\Defogger.exe [2013.05.23 11:13:52 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.23 11:13:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.22 17:33:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.22 14:10:10 | 009,356,676 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.22 14:10:10 | 000,749,256 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat [2013.05.22 14:10:10 | 000,748,996 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat [2013.05.22 14:10:10 | 000,747,038 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2013.05.22 14:10:10 | 000,743,586 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat [2013.05.22 14:10:10 | 000,732,558 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat [2013.05.22 14:10:10 | 000,728,140 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat [2013.05.22 14:10:10 | 000,711,078 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.22 14:10:10 | 000,665,876 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.22 14:10:10 | 000,610,528 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat [2013.05.22 14:10:10 | 000,482,554 | ---- | M] () -- C:\Windows\SysNative\perfh001.dat [2013.05.22 14:10:10 | 000,412,012 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat [2013.05.22 14:10:10 | 000,395,884 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat [2013.05.22 14:10:10 | 000,162,418 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat [2013.05.22 14:10:10 | 000,157,046 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2013.05.22 14:10:10 | 000,156,850 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat [2013.05.22 14:10:10 | 000,154,786 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat [2013.05.22 14:10:10 | 000,153,526 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.22 14:10:10 | 000,153,524 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat [2013.05.22 14:10:10 | 000,150,790 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat [2013.05.22 14:10:10 | 000,126,088 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat [2013.05.22 14:10:10 | 000,126,088 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.22 14:10:10 | 000,115,072 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat [2013.05.22 14:10:10 | 000,098,716 | ---- | M] () -- C:\Windows\SysNative\perfc001.dat [2013.05.22 14:10:10 | 000,088,702 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat [2013.05.22 14:10:08 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.22 14:10:08 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.22 14:02:24 | 3144,658,944 | -HS- | M] () -- C:\hiberfil.sys [2013.05.20 18:04:29 | 000,076,827 | ---- | M] () -- C:\Users\Ann-Kristin.B\Desktop\ESTA-Antrag.pdf [2013.05.20 14:09:01 | 000,002,028 | ---- | M] () -- C:\Users\Ann-Kristin.B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk [2013.05.19 20:37:26 | 000,145,257 | ---- | M] () -- C:\Users\Ann-Kristin.B\Desktop\Lac de Madine nach Auchan Laxou - Google Maps.pdf [2013.05.19 20:34:25 | 000,179,598 | ---- | M] () -- C:\Users\Ann-Kristin.B\Desktop\Lac de Madine nach Auchan Laxou - Google Maps.htm [2013.05.18 20:26:09 | 009,159,930 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.05.18 11:06:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013.05.17 21:49:25 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\acovcnt.exe [2013.05.17 21:27:41 | 000,413,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.15 11:20:20 | 000,002,099 | ---- | M] () -- C:\Users\Ann-Kristin.B\Desktop\Citavi 4.lnk [2013.05.09 10:59:07 | 001,025,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2013.05.09 10:59:07 | 000,378,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2013.05.09 10:59:07 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2013.05.09 10:59:07 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2013.05.09 10:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2013.05.09 10:58:11 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2013.05.08 16:21:53 | 000,000,985 | ---- | M] () -- C:\Users\Ann-Kristin.B\Desktop\jZip.lnk [2013.05.01 03:09:54 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.01 03:09:50 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.04.30 22:03:18 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2013.04.30 22:02:25 | 000,002,272 | ---- | M] () -- C:\Users\Ann-Kristin.B\Desktop\SpyHunter.lnk [2013.04.30 18:02:18 | 000,001,068 | ---- | M] () -- C:\Users\Ann-Kristin.B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.04.30 11:46:08 | 003,928,064 | ---- | M] () -- C:\Windows\SysNative\d2d1.dll [2013.04.30 11:46:08 | 002,284,544 | ---- | M] () -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.04.30 11:46:08 | 001,247,744 | ---- | M] () -- C:\Windows\SysWow64\DWrite.dll [2013.04.30 11:46:08 | 001,230,336 | ---- | M] () -- C:\Windows\SysWow64\WindowsCodecs.dll [2013.04.30 11:46:08 | 000,220,160 | ---- | M] () -- C:\Windows\SysWow64\d3d10core.dll [2013.04.30 11:46:07 | 001,887,232 | ---- | M] () -- C:\Windows\SysNative\d3d11.dll [2013.04.30 10:59:11 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [3 C:\Users\Ann-Kristin.B\Desktop\*.tmp files -> C:\Users\Ann-Kristin.B\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.23 11:28:56 | 000,000,000 | ---- | C] () -- C:\Users\Ann-Kristin.B\defogger_reenable [2013.05.23 11:27:05 | 000,050,477 | ---- | C] () -- C:\Users\Ann-Kristin.B\Desktop\Defogger.exe [2013.05.20 18:04:29 | 000,076,827 | ---- | C] () -- C:\Users\Ann-Kristin.B\Desktop\ESTA-Antrag.pdf [2013.05.20 14:09:01 | 000,002,028 | ---- | C] () -- C:\Users\Ann-Kristin.B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk [2013.05.19 20:37:26 | 000,145,257 | ---- | C] () -- C:\Users\Ann-Kristin.B\Desktop\Lac de Madine nach Auchan Laxou - Google Maps.pdf [2013.05.19 20:34:24 | 000,179,598 | ---- | C] () -- C:\Users\Ann-Kristin.B\Desktop\Lac de Madine nach Auchan Laxou - Google Maps.htm [2013.05.15 11:20:20 | 000,002,099 | ---- | C] () -- C:\Users\Ann-Kristin.B\Desktop\Citavi 4.lnk [2013.05.08 16:21:53 | 000,001,015 | ---- | C] () -- C:\Users\Ann-Kristin.B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk [2013.05.08 16:21:53 | 000,000,985 | ---- | C] () -- C:\Users\Ann-Kristin.B\Desktop\jZip.lnk [2013.05.01 03:09:54 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.01 03:09:50 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.04.30 22:03:18 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2013.04.30 22:02:34 | 000,022,704 | ---- | C] () -- C:\Windows\SysNative\drivers\EsgScanner.sys [2013.04.30 22:02:25 | 000,002,272 | ---- | C] () -- C:\Users\Ann-Kristin.B\Desktop\SpyHunter.lnk [2013.04.30 18:02:18 | 000,001,068 | ---- | C] () -- C:\Users\Ann-Kristin.B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.04.30 11:46:08 | 003,928,064 | ---- | C] () -- C:\Windows\SysNative\d2d1.dll [2013.04.30 11:46:08 | 002,284,544 | ---- | C] () -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.04.30 11:46:08 | 001,247,744 | ---- | C] () -- C:\Windows\SysWow64\DWrite.dll [2013.04.30 11:46:08 | 001,175,552 | ---- | C] () -- C:\Windows\SysNative\FntCache.dll [2013.04.30 11:46:08 | 000,220,160 | ---- | C] () -- C:\Windows\SysWow64\d3d10core.dll [2013.04.30 11:46:07 | 001,887,232 | ---- | C] () -- C:\Windows\SysNative\d3d11.dll [2013.04.30 11:46:07 | 001,230,336 | ---- | C] () -- C:\Windows\SysWow64\WindowsCodecs.dll [2013.04.30 10:59:11 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.04.30 10:43:25 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2013.04.30 10:43:20 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2013.04.30 10:42:45 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2012.12.11 16:35:35 | 000,000,355 | ---- | C] () -- C:\Users\Ann-Kristin.B\Computer - Verknüpfung.lnk [2012.09.30 09:49:38 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe [2011.11.03 18:09:24 | 000,217,536 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.11.03 18:09:22 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.11.03 18:09:16 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.10.20 08:47:09 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.10.20 08:46:53 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.10.19 06:26:32 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2011.10.19 06:11:04 | 009,159,930 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.09.30 09:52:18 | 000,000,000 | ---D | M] -- C:\Users\Ann-Kristin.B\AppData\Roaming\ASUS WebStorage [2013.04.02 20:38:32 | 000,000,000 | ---D | M] -- C:\Users\Ann-Kristin.B\AppData\Roaming\Babylon [2013.05.23 11:14:15 | 000,000,000 | ---D | M] -- C:\Users\Ann-Kristin.B\AppData\Roaming\Dropbox [2012.12.10 09:53:14 | 000,000,000 | ---D | M] -- C:\Users\Ann-Kristin.B\AppData\Roaming\DVDVideoSoft [2013.04.02 20:38:31 | 000,000,000 | ---D | M] -- C:\Users\Ann-Kristin.B\AppData\Roaming\File Scout [2013.01.04 21:30:41 | 000,000,000 | ---D | M] -- C:\Users\Ann-Kristin.B\AppData\Roaming\GMATPrep [2013.05.01 20:09:57 | 000,000,000 | ---D | M] -- C:\Users\Ann-Kristin.B\AppData\Roaming\ICQ [2012.09.30 21:43:29 | 000,000,000 | ---D | M] -- C:\Users\Ann-Kristin.B\AppData\Roaming\ICQ Search [2012.09.30 17:07:24 | 000,000,000 | ---D | M] -- C:\Users\Ann-Kristin.B\AppData\Roaming\Nuance [2012.09.30 13:21:49 | 000,000,000 | ---D | M] -- C:\Users\Ann-Kristin.B\AppData\Roaming\OpenOffice.org [2013.04.30 11:39:47 | 000,000,000 | ---D | M] -- C:\Users\Ann-Kristin.B\AppData\Roaming\PerformerSoft [2013.05.20 14:09:00 | 000,000,000 | ---D | M] -- C:\Users\Ann-Kristin.B\AppData\Roaming\PersBackup5 [2013.04.02 20:38:57 | 000,000,000 | ---D | M] -- C:\Users\Ann-Kristin.B\AppData\Roaming\SpeedanAlysis [2013.05.23 11:52:43 | 000,000,000 | ---D | M] -- C:\Users\Ann-Kristin.B\AppData\Roaming\Spotify [2013.05.14 17:17:27 | 000,000,000 | ---D | M] -- C:\Users\Ann-Kristin.B\AppData\Roaming\Swiss Academic Software [2012.09.30 17:07:23 | 000,000,000 | ---D | M] -- C:\Users\Ann-Kristin.B\AppData\Roaming\Zeon ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 23.05.2013 11:30:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ann-Kristin.B\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,90 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 35,19% Memory free
7,81 Gb Paging File | 4,85 Gb Available in Paging File | 62,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 95,39 Gb Total Space | 4,59 Gb Free Space | 4,82% Space Free | Partition Type: NTFS
Drive D: | 135,08 Gb Total Space | 134,26 Gb Free Space | 99,39% Space Free | Partition Type: NTFS
Computer Name: ANN-KRISTINB-PC | User Name: Ann-Kristin.B | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Ann-Kristin.B\AppData\Roaming\File Scout\filescout.exe" /open "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Ann-Kristin.B\AppData\Roaming\File Scout\filescout.exe" /open "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11AB1217-C14A-434C-A214-CA789E4E6665}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2486CC2E-1ED4-4EC9-9DC2-3D94C0FDF57D}" = rport=137 | protocol=17 | dir=out | app=system |
"{25DBE947-1D8A-429A-BBEF-9F39F4DD18C1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{304F06C8-44C4-4508-99F6-7F41FDC98E1A}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{35138EFB-A5CD-4F9C-B0CA-22955FD728C8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{3AB3FE31-A7E2-47C5-A3B7-D9B89F783636}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3D8F0BCE-0B78-4F48-90C4-FF8D8BB72E23}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{45965A9E-CB6E-4F80-8CB6-2479306B6448}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{489C0B04-3012-4790-AD7B-600C87045BA3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5148AB41-415B-4761-BC08-320445C478AB}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{52CFE999-B874-4610-B4C0-89F64D9DF3E5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5313633B-0C5E-4733-B274-FAA7C016D82D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5E36473F-385E-4418-AFF4-A3CDBB1A8FE3}" = rport=2869 | protocol=6 | dir=out | app=system |
"{66BA708F-8FBD-4858-8D6A-3B080147F7BB}" = rport=139 | protocol=6 | dir=out | app=system |
"{706E474C-B565-463C-BE7C-416FD89AD845}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{70D5E0F2-FAD1-411A-A9B0-8C232FA11204}" = lport=2869 | protocol=6 | dir=in | app=system |
"{728C3760-A594-4DED-8B6E-8DD1C4E77369}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{78453381-8146-489E-8C70-43E70788B6B2}" = lport=137 | protocol=17 | dir=in | app=system |
"{7AC46C47-1AD2-49D4-AF80-154F16D3E0AC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{85DCF5FF-D80A-4600-8D00-468537DCEE90}" = rport=445 | protocol=6 | dir=out | app=system |
"{8A6B58BD-6BAA-43E7-88BB-71717E5386C4}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8AEB04BB-59D3-4048-B4BB-9091F619D2E6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8DD9D8F6-F5E3-484D-BE94-59452D142224}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{91F3C7C3-E2BA-457B-9815-878F7C441EB6}" = rport=138 | protocol=17 | dir=out | app=system |
"{99A1359C-B3F6-4D01-8FE9-837A812C0997}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9E60ED47-D869-4D86-B4B5-78E813852362}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AC882C1F-EBF3-48BF-83D5-5954B640008A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B0862B5F-83C4-4410-95B1-A01F57B25ADF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B2F5C2D9-2E2B-43FD-8368-3A0D08433B69}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BA6CA42A-B1B7-431E-9B98-54A4CFD84562}" = lport=138 | protocol=17 | dir=in | app=system |
"{BCD4C04D-69E6-4DFF-AE9A-B7344B6A8234}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BDC53C73-0E33-4C4F-B4A8-D0B01E2AB520}" = lport=445 | protocol=6 | dir=in | app=system |
"{C56FB0F5-31E6-40EC-8017-5E902BE61C17}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CABD667A-D7FF-445A-A641-EB406C641FC0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CE845B0A-8C47-45E5-B64A-30565AD8140A}" = lport=139 | protocol=6 | dir=in | app=system |
"{D1265378-4793-42FC-A6D1-78AE9466C623}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D3DA41FE-69C5-4E3E-992A-DB7BC87D66A4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DFFB1129-CDFD-488F-9636-333D51D3A37B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EBBC876C-FCF8-4B4F-A9E6-D3F168DD81C0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F6125247-F86F-4AC2-B4CA-E6CD2F0F2E7D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F80E1847-BE3D-43CD-BC94-B2D77DD84196}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F845247F-1E63-4FE3-965D-FB92243F35F8}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{057587D7-F584-4B7E-B560-7795152A3390}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{1123624D-F4CA-40D0-9E83-EA8212EA0C07}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{1772B24C-4253-4517-864D-DFF680280AA6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{200E67EE-4780-4CB7-9989-D72723446988}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{209F67F8-9274-4899-AF62-8973792805E9}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{22D3B5E2-94C6-4EA3-A595-6B098036A06F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{26AC851B-32DA-4FDD-88B1-1FB3A5BD0938}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{293C2774-1FFB-4A93-B83E-406F22ABD302}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{2E3346A1-B250-409D-9246-7EF7F768BAD6}" = protocol=6 | dir=in | app=c:\program files (x86)\search results toolbar\datamngr\srtool~1\dtuser.exe |
"{37ADF6F8-ED6A-4D37-B984-753C8260F961}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{405C0A6A-178A-4CA4-B81F-19A3BBCE444D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{438FF002-C9D9-4138-8D89-29742F2A3DFF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4CC1A29E-4EB8-4374-8995-AA3CB6CCD94C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{57DA4DAA-D0AE-432E-B6FF-BF6FA88FE834}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{58629E3E-7D21-4FC5-8B74-2BCCDB9ECEDF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{591D37B9-FBC0-4341-B868-ECF7F29B626D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{5E2E44C9-295F-4E2E-AE58-AE4E342DAC43}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{681CFC57-F415-44D3-B15B-21BAA8AD190F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6D1D3A4C-A07A-4829-9741-507E617A36C9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{73C9730C-C958-46A0-9CE7-6BC257BAF59C}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{75F3B432-54D1-49F8-937A-ABF57110E1C5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{798D0F6C-3ADD-445A-87C3-704DF4308C2D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{800A286C-6428-48F2-A50E-102826E6E861}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8BCD0107-EA58-41CD-9836-73618D67CC75}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{96A03537-287E-48FA-800B-DFF724D8D3B7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{97A7C9EF-CB4E-4921-95D9-FED64770B231}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9C7C9A34-7C60-44CF-A908-7A33198AD324}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9F6A35B9-61F0-457A-BB7D-A1B622F71F77}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A9CE206F-A4C3-4AA2-8379-C4AC27D67B5F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A9D89E4C-9ACF-460C-B3BB-82640289AFB4}" = protocol=6 | dir=out | app=system |
"{AB857E93-B320-43B3-9C30-B8F959487842}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B1FBA132-9554-464A-90A0-4EDF7B6862BC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B3ADBCAB-D3AB-4A92-8AC7-DDBDAF57EF58}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B6B8422D-2270-4BBB-BE55-87F0E0BC8012}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B825761A-0490-4CE2-B4F1-3B67B70D0757}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{BFC62DE7-34D2-4533-B7A4-E9CBCDCDC2DC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CA507FC3-0647-49EC-8727-CF326E337140}" = protocol=17 | dir=in | app=c:\program files (x86)\search results toolbar\datamngr\srtool~1\dtuser.exe |
"{CDF2B718-9927-457E-83CF-82155C9761CE}" = protocol=17 | dir=in | app=c:\users\ann-kristin.b\appdata\roaming\dropbox\bin\dropbox.exe |
"{D129C0AA-43B7-47B2-8F51-C90B88398569}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DBC075B4-AC56-4C61-95AE-6577F85A0D7E}" = protocol=6 | dir=in | app=c:\users\ann-kristin.b\appdata\roaming\dropbox\bin\dropbox.exe |
"{E119CC67-6F4B-4A66-8245-E80860F9E499}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F58E3A90-C478-4F80-8BCA-B04C1E114591}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F991A32A-075F-4B7E-A7CD-1EE5E229829D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FC96263D-6D88-4B8C-BFAF-26CEA6AF87D8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FDD96A5B-D830-49E1-B8D6-3C634B41B339}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"TCP Query User{1B4B9571-D86D-4A9F-BDB7-011955A50BDF}C:\users\ann-kristin.b\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\ann-kristin.b\appdata\roaming\spotify\spotify.exe |
"TCP Query User{45F83161-AAF1-47F3-B7BF-88DF892A44E1}C:\program files (x86)\icq7m\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"TCP Query User{52842473-25C5-4527-A9BE-EB64A2E3A8AE}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{57A56DE4-DB8C-4167-A168-B60CD04F487D}C:\users\ann-kristin.b\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\ann-kristin.b\appdata\roaming\spotify\spotify.exe |
"TCP Query User{E91A5721-FE31-4D79-A232-964E7A6383A5}C:\users\ann-kristin.b\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\ann-kristin.b\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{06F16684-0F3E-49EE-9F52-CE3B78AB936E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{3F1CF8FC-E4CE-4E03-B455-B360D4E70AEC}C:\program files (x86)\icq7m\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"UDP Query User{6EEEAD1F-BDD5-461F-895F-9128E04A8D58}C:\users\ann-kristin.b\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\ann-kristin.b\appdata\roaming\spotify\spotify.exe |
"UDP Query User{777D5FA4-504B-4195-82C8-47F297F896DC}C:\users\ann-kristin.b\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\ann-kristin.b\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{9AC40C84-A7E6-4F85-A487-D00EDE9C0253}C:\users\ann-kristin.b\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\ann-kristin.b\appdata\roaming\spotify\spotify.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E66AC4-B28B-494C-993D-3CD17020BEBC}" = Fresco Logic USB3.0 Host Controller
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3CE222BA-66A6-4D18-BEE9-5D21C5798C3E}" = Windows Live Family Safety
"{3D7F836A-AE1F-4FA6-8DB9-4FE06697AB0A}" = Windows Live Family Safety
"{3E776E7A-F4C3-4A89-8EAD-535E722C8397}" = Windows Live Family Safety
"{53375A2B-FE08-42B6-8EB8-16818CD27B2C}" = Windows Live Family Safety
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{63919769-655A-48A8-AD6C-39B471F683ED}" = Windows Live Family Safety
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}" = SpyHunter
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6DDCFF78-6F91-438C-9567-C5CAA9D7F56C}" = Windows Live Family Safety
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{761C6783-D3BC-48AB-8E7C-61CE918A8436}" = ASUS Secure Delete
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B36055BF-5F0E-4EAB-804D-9203DFB34ADC}" = Windows Live Family Safety
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E01819BD-709F-43A1-9600-6F5E4C584C37}" = Windows Live Family Safety
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E60F14FA-E114-4F25-AEE0-33FE9EC9B1C3}" = Windows Live Family Safety
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F11009B0-F4DB-463B-B717-5266E47498AA}" = Windows Live Family Safety
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Elantech" = ETDWare PS/2-X64 10.0.5.2_WHQL
"Personal Backup 5_is1" = Personal Backup 5.4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{54A168C9-2250-4058-80EB-1F4A4192548A}" = AX88772B Windows 7 Drivers
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58172D66-2F69-4215-9AEC-ED8196023736}" = ASUS Tutor
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn for NB
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111249233}" = Dream Vacation Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115290153}" = Go Go Gourmet Chef of the Year
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115320460}" = Turbo Fiesta
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116672750}" = World of Goo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117080787}" = Plants vs Zombies
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117948443}" = Mahjong Memoirs
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118716773}" = Deadtime Stories
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119205603}" = Farm Frenzy 3 - Madagascar
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AECA3622-E634-4A55-A696-70A511CBE06E}" = ASUS USB Charger Plus
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B60C4F-0DB8-42EF-8EDC-5F21D4C2D73F}" = PWR Option
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C4BC5A5F-4A97-47CC-99C3-AB8E10572AFE}" = Wireless Console 3
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CC0A85B2-734A-45B3-B678-05F6A6499AC7}" = Citavi 4
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDI Bestellsoftware" = ALDI Bestellsoftware 4.12.2
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"avast" = avast! Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Game Park Console" = Game Park Console
"GMATPrep 2.1.279" = GMATPrep
"Google Chrome" = Google Chrome
"ICQToolbar" = ICQ Toolbar
"InstallShield_{54A168C9-2250-4058-80EB-1F4A4192548A}" = AX88772B Windows 7 Drivers
"jziptoolbargaw" = Search-Results Toolbar
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SpeedAnalysis.com" = SpeedAnalysis.com
"Updater Service" = Updater Service
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"jZip" = jZip
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.05.2013 05:48:03 | Computer Name = Ann-KristinB-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1232
Error - 02.05.2013 08:19:59 | Computer Name = Ann-KristinB-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Dwm.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc541 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000000000
ID
des fehlerhaften Prozesses: 0x9c0 Startzeit der fehlerhaften Anwendung: 0x01ce472f59104dec
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\Dwm.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 9b463323-b322-11e2-acf5-e0b9a5d3b907
Error - 02.05.2013 08:20:53 | Computer Name = Ann-KristinB-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ICQ.exe, Version: 7.8.0.6800, Zeitstempel:
0x4f9e81cc Name des fehlerhaften Moduls: mshtml.dll, Version: 10.0.9200.16540, Zeitstempel:
0x5125ef5c Ausnahmecode: 0xc00000fd Fehleroffset: 0x0003cdcd ID des fehlerhaften Prozesses:
0x11c0 Startzeit der fehlerhaften Anwendung: 0x01ce472f60894e86 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\ICQ7M\ICQ.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\mshtml.dll
Berichtskennung:
bb6c4296-b322-11e2-acf5-e0b9a5d3b907
Error - 02.05.2013 09:26:19 | Computer Name = Ann-KristinB-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 02.05.2013 09:26:19 | Computer Name = Ann-KristinB-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1279
Error - 02.05.2013 09:26:19 | Computer Name = Ann-KristinB-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1279
Error - 02.05.2013 11:06:06 | Computer Name = Ann-KristinB-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 02.05.2013 11:06:06 | Computer Name = Ann-KristinB-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5988207
Error - 02.05.2013 11:06:06 | Computer Name = Ann-KristinB-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5988207
Error - 02.05.2013 11:12:01 | Computer Name = Ann-KristinB-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Dwm.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc541 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000000000
ID
des fehlerhaften Prozesses: 0x8f8 Startzeit der fehlerhaften Anwendung: 0x01ce474760cfeda8
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\Dwm.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: a38d89c3-b33a-11e2-acd9-e0b9a5d3b907
Error - 03.05.2013 07:01:29 | Computer Name = Ann-KristinB-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Dwm.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc541 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000000000
ID
des fehlerhaften Prozesses: 0xa54 Startzeit der fehlerhaften Anwendung: 0x01ce47ed8b3ca900
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\Dwm.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: ce22eab2-b3e0-11e2-b6ef-e0b9a5d3b907
[ OSession Events ]
Error - 11.12.2012 12:25:29 | Computer Name = Ann-KristinB-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2670
seconds with 120 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 09.05.2013 16:50:27 | Computer Name = Ann-KristinB-PC | Source = ipnathlp | ID = 31004
Description =
Error - 09.05.2013 16:50:27 | Computer Name = Ann-KristinB-PC | Source = ipnathlp | ID = 31004
Description =
Error - 09.05.2013 16:51:05 | Computer Name = Ann-KristinB-PC | Source = ipnathlp | ID = 31004
Description =
Error - 09.05.2013 16:52:06 | Computer Name = Ann-KristinB-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "FontCache" wurde mit folgendem Fehler beendet: %%193
Error - 09.05.2013 16:52:33 | Computer Name = Ann-KristinB-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 10.05.2013 02:32:23 | Computer Name = Ann-KristinB-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "FontCache" wurde mit folgendem Fehler beendet: %%193
Error - 10.05.2013 02:32:50 | Computer Name = Ann-KristinB-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 10.05.2013 02:41:12 | Computer Name = Ann-KristinB-PC | Source = DCOM | ID = 10010
Description =
Error - 12.05.2013 13:09:42 | Computer Name = Ann-KristinB-PC | Source = ipnathlp | ID = 31004
Description =
Error - 12.05.2013 13:09:42 | Computer Name = Ann-KristinB-PC | Source = ipnathlp | ID = 31004
Description =
< End of report >
|
|
23.05.2013, 11:32
| #2 |
| /// TB-Ausbilder   | Virenbefall durch Delta Search und Konsorten Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Schritt 1 Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Schritt 2 Bitte lade dir  GMER herunter: (Dateiname zufällig)
 Tauchen Probleme auf?
Bitte poste mit deiner nächsten Antwort
|
|
23.05.2013, 15:01
| #3 |
| | Virenbefall durch Delta Search und Konsorten Hallo Matthias,
__________________mit der Kürze hat das nicht ganz geklappt, GMER hat recht lange gedauert  Hier die Ergebnisse: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-23 15:52:14
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SanDisk_ rev.10.0 238,47GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ANN-KR~1.B\AppData\Local\Temp\axkdqpod.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800031eb000 45 bytes [B0, CA, EB, 0A, 80, FA, FF, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff800031eb02f 90 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[660] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Windows\system32\services.exe[724] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Windows\system32\lsass.exe[760] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[880] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Windows\system32\winlogon.exe[956] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE[1020] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[316] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[620] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[428] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[116] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1188] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1372] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007638a30a 1 byte [62]
.text C:\Windows\system32\WLANExt.exe[1388] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Windows\system32\conhost.exe[1396] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1472] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007638a30a 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1696] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1732] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1912] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007638a30a 1 byte [62]
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1944] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007638a30a 1 byte [62]
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe[1204] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077d3faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe[1204] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077d3fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe[1204] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe[1204] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe[1204] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe[1204] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d5c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe[1204] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d61217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe[1204] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007638a30a 1 byte [62]
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe[1204] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007593ee09 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe[1204] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075943982 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe[1204] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075947603 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe[1204] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007594835c 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe[1204] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007595f52b 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe[1204] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000776a5181 5 bytes JMP 0000000100251014
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe[1204] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000776a5254 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe[1204] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000776a53d5 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe[1204] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000776a54c2 5 bytes JMP 0000000100250c0c
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe[1204] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000776a55e2 5 bytes JMP 0000000100250e10
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe[1204] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000776a567c 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe[1204] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000776a589f 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe[1204] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000776a5a22 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1556] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077d3faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1556] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077d3fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1556] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1556] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1556] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1556] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d5c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1556] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d61217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1556] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007638a30a 1 byte [62]
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1556] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007593ee09 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1556] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075943982 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1556] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075947603 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1556] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007594835c 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1556] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007595f52b 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1556] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000776a5181 5 bytes JMP 0000000100251014
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1556] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000776a5254 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1556] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000776a53d5 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1556] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000776a54c2 5 bytes JMP 0000000100250c0c
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1556] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000776a55e2 5 bytes JMP 0000000100250e10
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1556] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000776a567c 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1556] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000776a589f 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1556] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000776a5a22 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b63ae0 5 bytes JMP 000000010048075c
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b67a90 5 bytes JMP 00000001004803a4
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b91490 5 bytes JMP 0000000100480b14
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b914f0 5 bytes JMP 0000000100480ecc
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b915d0 5 bytes JMP 000000010048163c
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b91810 5 bytes JMP 0000000100481284
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b92840 5 bytes JMP 00000001004819f4
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe4a6e00 5 bytes JMP 000007ff7e4c1dac
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe4a6f2c 5 bytes JMP 000007ff7e4c0ecc
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe4a7220 5 bytes JMP 000007ff7e4c1284
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe4a739c 5 bytes JMP 000007ff7e4c163c
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe4a7538 5 bytes JMP 000007ff7e4c19f4
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe4a75e8 5 bytes JMP 000007ff7e4c03a4
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe4a790c 5 bytes JMP 000007ff7e4c075c
.text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1776] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe4a7ab4 5 bytes JMP 000007ff7e4c0b14
.text C:\Program Files\Bonjour\mDNSResponder.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b63ae0 5 bytes JMP 00000001001c075c
.text C:\Program Files\Bonjour\mDNSResponder.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b67a90 5 bytes JMP 00000001001c03a4
.text C:\Program Files\Bonjour\mDNSResponder.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b91490 5 bytes JMP 00000001001c0b14
.text C:\Program Files\Bonjour\mDNSResponder.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b914f0 5 bytes JMP 00000001001c0ecc
.text C:\Program Files\Bonjour\mDNSResponder.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b915d0 5 bytes JMP 00000001001c163c
.text C:\Program Files\Bonjour\mDNSResponder.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b91810 5 bytes JMP 00000001001c1284
.text C:\Program Files\Bonjour\mDNSResponder.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b92840 5 bytes JMP 00000001001c19f4
.text C:\Program Files\Bonjour\mDNSResponder.exe[2284] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2284] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe4a6e00 5 bytes JMP 000007ff7e4c1dac
.text C:\Program Files\Bonjour\mDNSResponder.exe[2284] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe4a6f2c 5 bytes JMP 000007ff7e4c0ecc
.text C:\Program Files\Bonjour\mDNSResponder.exe[2284] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe4a7220 5 bytes JMP 000007ff7e4c1284
.text C:\Program Files\Bonjour\mDNSResponder.exe[2284] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe4a739c 5 bytes JMP 000007ff7e4c163c
.text C:\Program Files\Bonjour\mDNSResponder.exe[2284] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe4a7538 5 bytes JMP 000007ff7e4c19f4
.text C:\Program Files\Bonjour\mDNSResponder.exe[2284] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe4a75e8 5 bytes JMP 000007ff7e4c03a4
.text C:\Program Files\Bonjour\mDNSResponder.exe[2284] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe4a790c 5 bytes JMP 000007ff7e4c075c
.text C:\Program Files\Bonjour\mDNSResponder.exe[2284] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe4a7ab4 5 bytes JMP 000007ff7e4c0b14
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077d3faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077d3fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe[2360] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe[2360] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d5c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe[2360] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d61217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe[2360] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007638a30a 1 byte [62]
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe[2360] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007593ee09 5 bytes JMP 00000001001001f8
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe[2360] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075943982 5 bytes JMP 00000001001003fc
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe[2360] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075947603 5 bytes JMP 0000000100100804
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe[2360] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007594835c 5 bytes JMP 0000000100100600
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe[2360] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007595f52b 5 bytes JMP 0000000100100a08
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe[2360] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000776a5181 5 bytes JMP 0000000100111014
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe[2360] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000776a5254 5 bytes JMP 0000000100110804
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe[2360] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000776a53d5 5 bytes JMP 0000000100110a08
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe[2360] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000776a54c2 5 bytes JMP 0000000100110c0c
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe[2360] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000776a55e2 5 bytes JMP 0000000100110e10
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe[2360] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000776a567c 5 bytes JMP 00000001001101f8
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe[2360] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000776a589f 5 bytes JMP 00000001001103fc
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe[2360] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000776a5a22 5 bytes JMP 0000000100110600
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075f11465 2 bytes [F1, 75]
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075f114bb 2 bytes [F1, 75]
.text ... * 2
.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b63ae0 5 bytes JMP 000000010026075c
.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b67a90 5 bytes JMP 00000001002603a4
.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b91490 5 bytes JMP 0000000100260b14
.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b914f0 5 bytes JMP 0000000100260ecc
.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b915d0 5 bytes JMP 000000010026163c
.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b91810 5 bytes JMP 0000000100261284
.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b92840 5 bytes JMP 00000001002619f4
.text C:\Windows\system32\svchost.exe[2400] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe4a6e00 5 bytes JMP 000007ff7e4c1dac
.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe4a6f2c 5 bytes JMP 000007ff7e4c0ecc
.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe4a7220 5 bytes JMP 000007ff7e4c1284
.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe4a739c 5 bytes JMP 000007ff7e4c163c
.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe4a7538 5 bytes JMP 000007ff7e4c19f4
.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe4a75e8 5 bytes JMP 000007ff7e4c03a4
.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe4a790c 5 bytes JMP 000007ff7e4c075c
.text C:\Windows\system32\svchost.exe[2400] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe4a7ab4 5 bytes JMP 000007ff7e4c0b14
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077d3faa0 5 bytes JMP 0000000100030600
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077d3fb38 5 bytes JMP 0000000100030804
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 0000000077d3fc18 5 bytes JMP 0000000170961780
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 0000000170962ad0
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077d3fd44 5 bytes JMP 00000001709616b0
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 0000000100030a08
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077d40094 5 bytes JMP 0000000170961600
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\SysWOW64\ntdll.dll!NtOpenDirectoryObject 0000000077d400dc 5 bytes JMP 0000000170961740
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\SysWOW64\ntdll.dll!NtCreateDirectoryObject 0000000077d406a4 5 bytes JMP 0000000170961700
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\SysWOW64\ntdll.dll!NtDeleteFile 0000000077d409c4 5 bytes JMP 0000000170961680
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 0000000100030e10
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d5c45a 5 bytes JMP 0000000170962370
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d61217 5 bytes JMP 00000001000303fc
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007638a30a 1 byte [62]
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007593ee09 5 bytes JMP 00000001001101f8
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075943982 5 bytes JMP 00000001001103fc
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075947603 5 bytes JMP 0000000100110804
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007594835c 5 bytes JMP 0000000100110600
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007595f52b 5 bytes JMP 0000000100110a08
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\syswow64\ADVAPI32.dll!RegDeleteKeyTransactedW 00000000766fa8ea 5 bytes JMP 0000000170963af0
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\syswow64\ADVAPI32.dll!RegDeleteKeyExW 00000000766fa9c5 5 bytes JMP 0000000170963ab0
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\syswow64\ADVAPI32.dll!RegDeleteValueW 00000000766fcf31 5 bytes JMP 0000000170963a10
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\syswow64\ADVAPI32.dll!RegDeleteKeyW 0000000076701272 7 bytes JMP 0000000170963a70
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExW 00000000767014d6 5 bytes JMP 00000001709634b0
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\syswow64\ADVAPI32.dll!RegSetKeyValueW 0000000076717180 5 bytes JMP 00000001709637f0
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueW 000000007671a68a 5 bytes JMP 0000000170963660
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\syswow64\ADVAPI32.dll!RegDeleteTreeW 00000000767334a3 5 bytes JMP 0000000170963b40
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\syswow64\ADVAPI32.dll!RegDeleteKeyValueW 000000007674f84b 5 bytes JMP 00000001709639a0
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000776a5181 5 bytes JMP 0000000100121014
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000776a5254 5 bytes JMP 0000000100120804
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000776a53d5 5 bytes JMP 0000000100120a08
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000776a54c2 5 bytes JMP 0000000100120c0c
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000776a55e2 5 bytes JMP 0000000100120e10
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000776a567c 5 bytes JMP 00000001001201f8
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000776a589f 5 bytes JMP 00000001001203fc
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000776a5a22 5 bytes JMP 0000000100120600
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\syswow64\WININET.dll!InternetOpenW 00000000765ae9b4 5 bytes JMP 0000000170962010
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\syswow64\WININET.dll!InternetAttemptConnect 00000000765df0ca 5 bytes JMP 0000000170962030
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\syswow64\WININET.dll!InternetCheckConnectionW 00000000765dffcf 5 bytes JMP 0000000170962020
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\syswow64\WININET.dll!InternetGoOnlineW 00000000765e30c0 5 bytes JMP 0000000170962020
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\syswow64\WS2_32.dll!WSAStartup 00000000764d3ab2 7 bytes JMP 00000001709620b0
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\syswow64\WS2_32.dll!WSASocketW 00000000764d3cd3 7 bytes JMP 00000001709620a0
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\syswow64\WS2_32.dll!socket 00000000764d3eb8 5 bytes JMP 0000000170962040
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\syswow64\WS2_32.dll!bind 00000000764d4582 5 bytes JMP 0000000170962040
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\syswow64\WS2_32.dll!connect 00000000764d6bdd 5 bytes JMP 0000000170962040
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\syswow64\WS2_32.dll!listen 00000000764db001 5 bytes JMP 0000000170962060
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000764dcc3f 5 bytes JMP 0000000170962070
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\syswow64\WS2_32.dll!WSAConnectByList 00000000764ebfdd 5 bytes JMP 0000000170962080
.text C:\ProgramData\IBUpdaterService\ibsvc.exe[2488] C:\Windows\syswow64\WS2_32.dll!WSAConnectByNameW 00000000764ec52f 5 bytes JMP 0000000170962090
.text C:\Windows\system32\taskhost.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b63ae0 5 bytes JMP 000000010012075c
.text C:\Windows\system32\taskhost.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b67a90 5 bytes JMP 00000001001203a4
.text C:\Windows\system32\taskhost.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b91490 5 bytes JMP 0000000100120b14
.text C:\Windows\system32\taskhost.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b914f0 5 bytes JMP 0000000100120ecc
.text C:\Windows\system32\taskhost.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b915d0 5 bytes JMP 000000010012163c
.text C:\Windows\system32\taskhost.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b91810 5 bytes JMP 0000000100121284
.text C:\Windows\system32\taskhost.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b92840 5 bytes JMP 00000001001219f4
.text C:\Windows\system32\taskhost.exe[2604] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Windows\system32\taskhost.exe[2604] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe4a6e00 5 bytes JMP 000007ff7e4c1dac
.text C:\Windows\system32\taskhost.exe[2604] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe4a6f2c 5 bytes JMP 000007ff7e4c0ecc
.text C:\Windows\system32\taskhost.exe[2604] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe4a7220 5 bytes JMP 000007ff7e4c1284
.text C:\Windows\system32\taskhost.exe[2604] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe4a739c 5 bytes JMP 000007ff7e4c163c
.text C:\Windows\system32\taskhost.exe[2604] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe4a7538 5 bytes JMP 000007ff7e4c19f4
.text C:\Windows\system32\taskhost.exe[2604] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe4a75e8 5 bytes JMP 000007ff7e4c03a4
.text C:\Windows\system32\taskhost.exe[2604] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe4a790c 5 bytes JMP 000007ff7e4c075c
.text C:\Windows\system32\taskhost.exe[2604] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe4a7ab4 5 bytes JMP 000007ff7e4c0b14
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2648] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077d3faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2648] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077d3fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2648] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2648] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2648] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2648] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d5c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2648] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d61217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2648] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007638a30a 1 byte [62]
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2648] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007593ee09 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2648] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075943982 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2648] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075947603 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2648] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007594835c 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2648] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007595f52b 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2648] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000776a5181 5 bytes JMP 0000000100251014
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2648] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000776a5254 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2648] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000776a53d5 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2648] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000776a54c2 5 bytes JMP 0000000100250c0c
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2648] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000776a55e2 5 bytes JMP 0000000100250e10
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2648] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000776a567c 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2648] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000776a589f 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[2648] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000776a5a22 5 bytes JMP 0000000100250600
.text C:\Windows\system32\taskeng.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b63ae0 5 bytes JMP 00000001003c075c
.text C:\Windows\system32\taskeng.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b67a90 5 bytes JMP 00000001003c03a4
.text C:\Windows\system32\taskeng.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b91490 5 bytes JMP 00000001003c0b14
.text C:\Windows\system32\taskeng.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b914f0 5 bytes JMP 00000001003c0ecc
.text C:\Windows\system32\taskeng.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b915d0 5 bytes JMP 00000001003c163c
.text C:\Windows\system32\taskeng.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b91810 5 bytes JMP 00000001003c1284
.text C:\Windows\system32\taskeng.exe[2760] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b92840 5 bytes JMP 00000001003c19f4
.text C:\Windows\system32\taskeng.exe[2760] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Windows\system32\taskeng.exe[2760] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe4a6e00 5 bytes JMP 000007ff7e4c1dac
.text C:\Windows\system32\taskeng.exe[2760] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe4a6f2c 5 bytes JMP 000007ff7e4c0ecc
.text C:\Windows\system32\taskeng.exe[2760] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe4a7220 5 bytes JMP 000007ff7e4c1284
.text C:\Windows\system32\taskeng.exe[2760] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe4a739c 5 bytes JMP 000007ff7e4c163c
.text C:\Windows\system32\taskeng.exe[2760] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe4a7538 5 bytes JMP 000007ff7e4c19f4
.text C:\Windows\system32\taskeng.exe[2760] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe4a75e8 5 bytes JMP 000007ff7e4c03a4
.text C:\Windows\system32\taskeng.exe[2760] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe4a790c 5 bytes JMP 000007ff7e4c075c
.text C:\Windows\system32\taskeng.exe[2760] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe4a7ab4 5 bytes JMP 000007ff7e4c0b14
.text C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE[2876] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077d3faa0 5 bytes JMP 0000000100030600
.text C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE[2876] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077d3fb38 5 bytes JMP 0000000100030804
.text C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE[2876] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 0000000100030c0c
.text C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE[2876] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 0000000100030a08
.text C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE[2876] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 0000000100030e10
.text C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE[2876] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d5c45a 5 bytes JMP 00000001000301f8
.text C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE[2876] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d61217 5 bytes JMP 00000001000303fc
.text C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE[2876] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007638a30a 1 byte [62]
.text C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE[2876] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007593ee09 5 bytes JMP 00000001002501f8
.text C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE[2876] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075943982 5 bytes JMP 00000001002503fc
.text C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE[2876] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075947603 5 bytes JMP 0000000100250804
.text C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE[2876] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007594835c 5 bytes JMP 0000000100250600
.text C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE[2876] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007595f52b 5 bytes JMP 0000000100250a08
.text C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE[2876] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000776a5181 5 bytes JMP 0000000100261014
.text C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE[2876] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000776a5254 5 bytes JMP 0000000100260804
.text C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE[2876] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000776a53d5 5 bytes JMP 0000000100260a08
.text C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE[2876] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000776a54c2 5 bytes JMP 0000000100260c0c
.text C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE[2876] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000776a55e2 5 bytes JMP 0000000100260e10
.text C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE[2876] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000776a567c 5 bytes JMP 00000001002601f8
.text C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE[2876] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000776a589f 5 bytes JMP 00000001002603fc
.text C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE[2876] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000776a5a22 5 bytes JMP 0000000100260600
.text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b63ae0 5 bytes JMP 000000010020075c
.text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b67a90 5 bytes JMP 00000001002003a4
.text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b91490 5 bytes JMP 0000000100200b14
.text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b914f0 5 bytes JMP 0000000100200ecc
.text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b915d0 5 bytes JMP 000000010020163c
.text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b91810 5 bytes JMP 0000000100201284
.text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b92840 5 bytes JMP 00000001002019f4
.text C:\Windows\Explorer.EXE[2980] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe4a6e00 5 bytes JMP 000007ff7e4c1dac
.text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe4a6f2c 5 bytes JMP 000007ff7e4c0ecc
.text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe4a7220 5 bytes JMP 000007ff7e4c1284
.text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe4a739c 5 bytes JMP 000007ff7e4c163c
.text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe4a7538 5 bytes JMP 000007ff7e4c19f4
.text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe4a75e8 5 bytes JMP 000007ff7e4c03a4
.text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe4a790c 5 bytes JMP 000007ff7e4c075c
.text C:\Windows\Explorer.EXE[2980] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe4a7ab4 5 bytes JMP 000007ff7e4c0b14
.text C:\Windows\SysWOW64\nlssrv32.exe[3052] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077d3faa0 5 bytes JMP 0000000100030600
.text C:\Windows\SysWOW64\nlssrv32.exe[3052] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077d3fb38 5 bytes JMP 0000000100030804
.text C:\Windows\SysWOW64\nlssrv32.exe[3052] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 0000000100030c0c
.text C:\Windows\SysWOW64\nlssrv32.exe[3052] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 0000000100030a08
.text C:\Windows\SysWOW64\nlssrv32.exe[3052] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 0000000100030e10
.text C:\Windows\SysWOW64\nlssrv32.exe[3052] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d5c45a 5 bytes JMP 00000001000301f8
.text C:\Windows\SysWOW64\nlssrv32.exe[3052] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d61217 5 bytes JMP 00000001000303fc
.text C:\Windows\SysWOW64\nlssrv32.exe[3052] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007638a30a 1 byte [62]
.text C:\Windows\SysWOW64\nlssrv32.exe[3052] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000776a5181 5 bytes JMP 00000001001e1014
.text C:\Windows\SysWOW64\nlssrv32.exe[3052] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000776a5254 5 bytes JMP 00000001001e0804
.text C:\Windows\SysWOW64\nlssrv32.exe[3052] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000776a53d5 5 bytes JMP 00000001001e0a08
.text C:\Windows\SysWOW64\nlssrv32.exe[3052] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000776a54c2 5 bytes JMP 00000001001e0c0c
.text C:\Windows\SysWOW64\nlssrv32.exe[3052] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000776a55e2 5 bytes JMP 00000001001e0e10
.text C:\Windows\SysWOW64\nlssrv32.exe[3052] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000776a567c 5 bytes JMP 00000001001e01f8
.text C:\Windows\SysWOW64\nlssrv32.exe[3052] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000776a589f 5 bytes JMP 00000001001e03fc
.text C:\Windows\SysWOW64\nlssrv32.exe[3052] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000776a5a22 5 bytes JMP 00000001001e0600
.text C:\Windows\SysWOW64\nlssrv32.exe[3052] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007593ee09 3 bytes JMP 00000001001f01f8
.text C:\Windows\SysWOW64\nlssrv32.exe[3052] C:\Windows\syswow64\USER32.dll!SetWinEventHook + 4 000000007593ee0d 1 byte [8A]
.text C:\Windows\SysWOW64\nlssrv32.exe[3052] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075943982 5 bytes JMP 00000001001f03fc
.text C:\Windows\SysWOW64\nlssrv32.exe[3052] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075947603 5 bytes JMP 00000001001f0804
.text C:\Windows\SysWOW64\nlssrv32.exe[3052] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007594835c 5 bytes JMP 00000001001f0600
.text C:\Windows\SysWOW64\nlssrv32.exe[3052] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007595f52b 5 bytes JMP 00000001001f0a08
.text C:\Windows\system32\taskeng.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b63ae0 5 bytes JMP 00000001001f075c
.text C:\Windows\system32\taskeng.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b67a90 5 bytes JMP 00000001001f03a4
.text C:\Windows\system32\taskeng.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b91490 5 bytes JMP 00000001001f0b14
.text C:\Windows\system32\taskeng.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b914f0 5 bytes JMP 00000001001f0ecc
.text C:\Windows\system32\taskeng.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b915d0 5 bytes JMP 00000001001f163c
.text C:\Windows\system32\taskeng.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b91810 5 bytes JMP 00000001001f1284
.text C:\Windows\system32\taskeng.exe[2292] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b92840 5 bytes JMP 00000001001f19f4
.text C:\Windows\system32\taskeng.exe[2292] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Windows\system32\taskeng.exe[2292] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe4a6e00 5 bytes JMP 000007ff7e4c1dac
.text C:\Windows\system32\taskeng.exe[2292] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe4a6f2c 5 bytes JMP 000007ff7e4c0ecc
.text C:\Windows\system32\taskeng.exe[2292] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe4a7220 5 bytes JMP 000007ff7e4c1284
.text C:\Windows\system32\taskeng.exe[2292] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe4a739c 5 bytes JMP 000007ff7e4c163c
.text C:\Windows\system32\taskeng.exe[2292] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe4a7538 5 bytes JMP 000007ff7e4c19f4
.text C:\Windows\system32\taskeng.exe[2292] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe4a75e8 5 bytes JMP 000007ff7e4c03a4
.text C:\Windows\system32\taskeng.exe[2292] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe4a790c 5 bytes JMP 000007ff7e4c075c
.text C:\Windows\system32\taskeng.exe[2292] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe4a7ab4 5 bytes JMP 000007ff7e4c0b14
.text C:\Windows\system32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b63ae0 5 bytes JMP 00000001000a075c
.text C:\Windows\system32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b67a90 5 bytes JMP 00000001000a03a4
.text C:\Windows\system32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b91490 5 bytes JMP 00000001000a0b14
.text C:\Windows\system32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b914f0 5 bytes JMP 00000001000a0ecc
.text C:\Windows\system32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b915d0 5 bytes JMP 00000001000a163c
.text C:\Windows\system32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b91810 5 bytes JMP 00000001000a1284
.text C:\Windows\system32\svchost.exe[2728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b92840 5 bytes JMP 00000001000a19f4
.text C:\Windows\system32\svchost.exe[2728] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[2728] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe4a6e00 5 bytes JMP 000007ff7e4c1dac
.text C:\Windows\system32\svchost.exe[2728] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe4a6f2c 5 bytes JMP 000007ff7e4c0ecc
.text C:\Windows\system32\svchost.exe[2728] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe4a7220 5 bytes JMP 000007ff7e4c1284
.text C:\Windows\system32\svchost.exe[2728] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe4a739c 5 bytes JMP 000007ff7e4c163c
.text C:\Windows\system32\svchost.exe[2728] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe4a7538 5 bytes JMP 000007ff7e4c19f4
.text C:\Windows\system32\svchost.exe[2728] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe4a75e8 5 bytes JMP 000007ff7e4c03a4
.text C:\Windows\system32\svchost.exe[2728] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe4a790c 5 bytes JMP 000007ff7e4c075c
.text C:\Windows\system32\svchost.exe[2728] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe4a7ab4 5 bytes JMP 000007ff7e4c0b14
.text C:\Program Files\Trend Micro\Titanium\TiMiniService.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b63ae0 5 bytes JMP 00000001002d075c
.text C:\Program Files\Trend Micro\Titanium\TiMiniService.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b67a90 5 bytes JMP 00000001002d03a4
.text C:\Program Files\Trend Micro\Titanium\TiMiniService.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b91490 5 bytes JMP 00000001002d0b14
.text C:\Program Files\Trend Micro\Titanium\TiMiniService.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b914f0 5 bytes JMP 00000001002d0ecc
.text C:\Program Files\Trend Micro\Titanium\TiMiniService.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b915d0 5 bytes JMP 00000001002d163c
.text C:\Program Files\Trend Micro\Titanium\TiMiniService.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b91810 5 bytes JMP 00000001002d1284
.text C:\Program Files\Trend Micro\Titanium\TiMiniService.exe[3064] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b92840 5 bytes JMP 00000001002d19f4
.text C:\Program Files\Trend Micro\Titanium\TiMiniService.exe[3064] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Program Files\Trend Micro\Titanium\TiMiniService.exe[3064] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe4a6e00 5 bytes JMP 000007ff7e4c1dac
.text C:\Program Files\Trend Micro\Titanium\TiMiniService.exe[3064] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe4a6f2c 5 bytes JMP 000007ff7e4c0ecc
.text C:\Program Files\Trend Micro\Titanium\TiMiniService.exe[3064] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe4a7220 5 bytes JMP 000007ff7e4c1284
.text C:\Program Files\Trend Micro\Titanium\TiMiniService.exe[3064] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe4a739c 5 bytes JMP 000007ff7e4c163c
.text C:\Program Files\Trend Micro\Titanium\TiMiniService.exe[3064] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe4a7538 5 bytes JMP 000007ff7e4c19f4
.text C:\Program Files\Trend Micro\Titanium\TiMiniService.exe[3064] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe4a75e8 5 bytes JMP 000007ff7e4c03a4
.text C:\Program Files\Trend Micro\Titanium\TiMiniService.exe[3064] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe4a790c 5 bytes JMP 000007ff7e4c075c
.text C:\Program Files\Trend Micro\Titanium\TiMiniService.exe[3064] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe4a7ab4 5 bytes JMP 000007ff7e4c0b14
.text C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b63ae0 5 bytes JMP 000000010046075c
.text C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b67a90 5 bytes JMP 00000001004603a4
.text C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b91490 5 bytes JMP 0000000100460b14
.text C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b914f0 5 bytes JMP 0000000100460ecc
.text C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b915d0 5 bytes JMP 000000010046163c
.text C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b91810 5 bytes JMP 0000000100461284
.text C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe[3112] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b92840 5 bytes JMP 00000001004619f4
.text C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe[3112] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe[3112] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe4a6e00 5 bytes JMP 000007ff7e4c1dac
.text C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe[3112] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe4a6f2c 5 bytes JMP 000007ff7e4c0ecc
.text C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe[3112] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe4a7220 5 bytes JMP 000007ff7e4c1284
.text C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe[3112] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe4a739c 5 bytes JMP 000007ff7e4c163c
.text C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe[3112] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe4a7538 5 bytes JMP 000007ff7e4c19f4
.text C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe[3112] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe4a75e8 5 bytes JMP 000007ff7e4c03a4
.text C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe[3112] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe4a790c 5 bytes JMP 000007ff7e4c075c
.text C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe[3112] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe4a7ab4 5 bytes JMP 000007ff7e4c0b14
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3120] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b63ae0 5 bytes JMP 00000001001e075c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3120] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b67a90 5 bytes JMP 00000001001e03a4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3120] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b91490 5 bytes JMP 00000001001e0b14
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3120] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b914f0 5 bytes JMP 00000001001e0ecc
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b915d0 5 bytes JMP 00000001001e163c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3120] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b91810 5 bytes JMP 00000001001e1284
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3120] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b92840 5 bytes JMP 00000001001e19f4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3120] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3120] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe4a6e00 5 bytes JMP 000007ff7e4c1dac
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3120] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe4a6f2c 5 bytes JMP 000007ff7e4c0ecc
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3120] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe4a7220 5 bytes JMP 000007ff7e4c1284
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3120] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe4a739c 5 bytes JMP 000007ff7e4c163c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3120] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe4a7538 5 bytes JMP 000007ff7e4c19f4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3120] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe4a75e8 5 bytes JMP 000007ff7e4c03a4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3120] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe4a790c 5 bytes JMP 000007ff7e4c075c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3120] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe4a7ab4 5 bytes JMP 000007ff7e4c0b14
.text C:\Windows\system32\conhost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b63ae0 5 bytes JMP 00000001001b075c
.text C:\Windows\system32\conhost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b67a90 5 bytes JMP 00000001001b03a4
.text C:\Windows\system32\conhost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b91490 5 bytes JMP 00000001001b0b14
.text C:\Windows\system32\conhost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b914f0 5 bytes JMP 00000001001b0ecc
.text C:\Windows\system32\conhost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b915d0 5 bytes JMP 00000001001b163c
.text C:\Windows\system32\conhost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b91810 5 bytes JMP 00000001001b1284
.text C:\Windows\system32\conhost.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b92840 5 bytes JMP 00000001001b19f4
.text C:\Windows\system32\conhost.exe[3132] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077d3faa0 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077d3fb38 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 0000000100240c0c
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 0000000100240e10
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3560] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d5c45a 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3560] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d61217 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3560] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007638a30a 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3560] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007593ee09 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3560] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075943982 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3560] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075947603 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3560] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007594835c 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3560] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007595f52b 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3560] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000776a5181 5 bytes JMP 0000000100261014
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3560] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000776a5254 5 bytes JMP 0000000100260804
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3560] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000776a53d5 5 bytes JMP 0000000100260a08
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3560] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000776a54c2 5 bytes JMP 0000000100260c0c
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3560] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000776a55e2 5 bytes JMP 0000000100260e10
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3560] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000776a567c 5 bytes JMP 00000001002601f8
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3560] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000776a589f 5 bytes JMP 00000001002603fc
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[3560] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000776a5a22 5 bytes JMP 0000000100260600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b63ae0 5 bytes JMP 000000010044075c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b67a90 5 bytes JMP 00000001004403a4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b91490 5 bytes JMP 0000000100440b14
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b914f0 5 bytes JMP 0000000100440ecc
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b915d0 5 bytes JMP 000000010044163c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b91810 5 bytes JMP 0000000100441284
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b92840 5 bytes JMP 00000001004419f4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3600] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3600] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe4a6e00 5 bytes JMP 000007ff7e4c1dac
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3600] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe4a6f2c 5 bytes JMP 000007ff7e4c0ecc
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3600] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe4a7220 5 bytes JMP 000007ff7e4c1284
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3600] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe4a739c 5 bytes JMP 000007ff7e4c163c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3600] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe4a7538 5 bytes JMP 000007ff7e4c19f4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3600] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe4a75e8 5 bytes JMP 000007ff7e4c03a4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3600] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe4a790c 5 bytes JMP 000007ff7e4c075c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3600] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe4a7ab4 5 bytes JMP 000007ff7e4c0b14
.text C:\Program Files\Elantech\ETDCtrl.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b63ae0 5 bytes JMP 000000010039075c
.text C:\Program Files\Elantech\ETDCtrl.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b67a90 5 bytes JMP 00000001003903a4
.text C:\Program Files\Elantech\ETDCtrl.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b91490 5 bytes JMP 0000000100390b14
.text C:\Program Files\Elantech\ETDCtrl.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b914f0 5 bytes JMP 0000000100390ecc
.text C:\Program Files\Elantech\ETDCtrl.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b915d0 5 bytes JMP 000000010039163c
.text C:\Program Files\Elantech\ETDCtrl.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b91810 5 bytes JMP 0000000100391284
.text C:\Program Files\Elantech\ETDCtrl.exe[3720] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b92840 5 bytes JMP 00000001003919f4
.text C:\Program Files\Elantech\ETDCtrl.exe[3720] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Program Files\Elantech\ETDCtrl.exe[3720] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe4a6e00 5 bytes JMP 000007ff7e4c1dac
.text C:\Program Files\Elantech\ETDCtrl.exe[3720] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe4a6f2c 5 bytes JMP 000007ff7e4c0ecc
.text C:\Program Files\Elantech\ETDCtrl.exe[3720] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe4a7220 5 bytes JMP 000007ff7e4c1284
.text C:\Program Files\Elantech\ETDCtrl.exe[3720] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe4a739c 5 bytes JMP 000007ff7e4c163c
.text C:\Program Files\Elantech\ETDCtrl.exe[3720] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe4a7538 5 bytes JMP 000007ff7e4c19f4
.text C:\Program Files\Elantech\ETDCtrl.exe[3720] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe4a75e8 5 bytes JMP 000007ff7e4c03a4
.text C:\Program Files\Elantech\ETDCtrl.exe[3720] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe4a790c 5 bytes JMP 000007ff7e4c075c
.text C:\Program Files\Elantech\ETDCtrl.exe[3720] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe4a7ab4 5 bytes JMP 000007ff7e4c0b14
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b63ae0 5 bytes JMP 00000001003f075c
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b67a90 5 bytes JMP 00000001003f03a4
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b91490 5 bytes JMP 00000001003f0b14
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b914f0 5 bytes JMP 00000001003f0ecc
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b915d0 5 bytes JMP 00000001003f163c
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b91810 5 bytes JMP 00000001003f1284
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3836] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b92840 5 bytes JMP 00000001003f19f4
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3836] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3836] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe4a6e00 5 bytes JMP 000007ff7e4c1dac
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3836] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe4a6f2c 5 bytes JMP 000007ff7e4c0ecc
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3836] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe4a7220 5 bytes JMP 000007ff7e4c1284
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3836] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe4a739c 5 bytes JMP 000007ff7e4c163c
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3836] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe4a7538 5 bytes JMP 000007ff7e4c19f4
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3836] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe4a75e8 5 bytes JMP 000007ff7e4c03a4
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3836] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe4a790c 5 bytes JMP 000007ff7e4c075c
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3836] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe4a7ab4 5 bytes JMP 000007ff7e4c0b14
.text C:\Windows\system32\wbem\wmiprvse.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b63ae0 5 bytes JMP 000000010017075c
.text C:\Windows\system32\wbem\wmiprvse.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b67a90 5 bytes JMP 00000001001703a4
.text C:\Windows\system32\wbem\wmiprvse.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b91490 5 bytes JMP 0000000100170b14
.text C:\Windows\system32\wbem\wmiprvse.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b914f0 5 bytes JMP 0000000100170ecc
.text C:\Windows\system32\wbem\wmiprvse.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b915d0 5 bytes JMP 000000010017163c
.text C:\Windows\system32\wbem\wmiprvse.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b91810 5 bytes JMP 0000000100171284
.text C:\Windows\system32\wbem\wmiprvse.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b92840 5 bytes JMP 00000001001719f4
.text C:\Windows\system32\wbem\wmiprvse.exe[4008] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[4008] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe4a6e00 5 bytes JMP 000007ff7e4c1dac
.text C:\Windows\system32\wbem\wmiprvse.exe[4008] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe4a6f2c 5 bytes JMP 000007ff7e4c0ecc
.text C:\Windows\system32\wbem\wmiprvse.exe[4008] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe4a7220 5 bytes JMP 000007ff7e4c1284
.text C:\Windows\system32\wbem\wmiprvse.exe[4008] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe4a739c 5 bytes JMP 000007ff7e4c163c
.text C:\Windows\system32\wbem\wmiprvse.exe[4008] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe4a7538 5 bytes JMP 000007ff7e4c19f4
.text C:\Windows\system32\wbem\wmiprvse.exe[4008] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe4a75e8 5 bytes JMP 000007ff7e4c03a4
.text C:\Windows\system32\wbem\wmiprvse.exe[4008] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe4a790c 5 bytes JMP 000007ff7e4c075c
.text C:\Windows\system32\wbem\wmiprvse.exe[4008] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe4a7ab4 5 bytes JMP 000007ff7e4c0b14
.text C:\Windows\System32\alg.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b63ae0 5 bytes JMP 00000001003c075c
.text C:\Windows\System32\alg.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b67a90 5 bytes JMP 00000001003c03a4
.text C:\Windows\System32\alg.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b91490 5 bytes JMP 00000001003c0b14
.text C:\Windows\System32\alg.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b914f0 5 bytes JMP 00000001003c0ecc
.text C:\Windows\System32\alg.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b915d0 5 bytes JMP 00000001003c163c
.text C:\Windows\System32\alg.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b91810 5 bytes JMP 00000001003c1284
.text C:\Windows\System32\alg.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b92840 5 bytes JMP 00000001003c19f4
.text C:\Windows\System32\alg.exe[4028] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Windows\System32\alg.exe[4028] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe4a6e00 5 bytes JMP 000007ff7e4c1dac
.text C:\Windows\System32\alg.exe[4028] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe4a6f2c 5 bytes JMP 000007ff7e4c0ecc
.text C:\Windows\System32\alg.exe[4028] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe4a7220 5 bytes JMP 000007ff7e4c1284
.text C:\Windows\System32\alg.exe[4028] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe4a739c 5 bytes JMP 000007ff7e4c163c
.text C:\Windows\System32\alg.exe[4028] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe4a7538 5 bytes JMP 000007ff7e4c19f4
.text C:\Windows\System32\alg.exe[4028] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe4a75e8 5 bytes JMP 000007ff7e4c03a4
.text C:\Windows\System32\alg.exe[4028] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe4a790c 5 bytes JMP 000007ff7e4c075c
.text C:\Windows\System32\alg.exe[4028] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe4a7ab4 5 bytes JMP 000007ff7e4c0b14
.text C:\Windows\system32\svchost.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b63ae0 5 bytes JMP 000000010039075c
.text C:\Windows\system32\svchost.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b67a90 5 bytes JMP 00000001003903a4
.text C:\Windows\system32\svchost.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b91490 5 bytes JMP 0000000100390b14
.text C:\Windows\system32\svchost.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b914f0 5 bytes JMP 0000000100390ecc
.text C:\Windows\system32\svchost.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b915d0 5 bytes JMP 000000010039163c
.text C:\Windows\system32\svchost.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b91810 5 bytes JMP 0000000100391284
.text C:\Windows\system32\svchost.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b92840 5 bytes JMP 00000001003919f4
.text C:\Windows\system32\svchost.exe[3548] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[3548] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe4a6e00 5 bytes JMP 000007ff7e4c1dac
.text C:\Windows\system32\svchost.exe[3548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe4a6f2c 5 bytes JMP 000007ff7e4c0ecc
.text C:\Windows\system32\svchost.exe[3548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe4a7220 5 bytes JMP 000007ff7e4c1284
.text C:\Windows\system32\svchost.exe[3548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe4a739c 5 bytes JMP 000007ff7e4c163c
.text C:\Windows\system32\svchost.exe[3548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe4a7538 5 bytes JMP 000007ff7e4c19f4
.text C:\Windows\system32\svchost.exe[3548] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe4a75e8 5 bytes JMP 000007ff7e4c03a4
.text C:\Windows\system32\svchost.exe[3548] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe4a790c 5 bytes JMP 000007ff7e4c075c
.text C:\Windows\system32\svchost.exe[3548] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe4a7ab4 5 bytes JMP 000007ff7e4c0b14
.text C:\Windows\System32\igfxtray.exe[4060] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b63ae0 5 bytes JMP 000000010048075c
.text C:\Windows\System32\igfxtray.exe[4060] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b67a90 5 bytes JMP 00000001004803a4
.text C:\Windows\System32\igfxtray.exe[4060] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b91490 5 bytes JMP 0000000100480b14
.text C:\Windows\System32\igfxtray.exe[4060] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b914f0 5 bytes JMP 0000000100480ecc
.text C:\Windows\System32\igfxtray.exe[4060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b915d0 5 bytes JMP 000000010048163c
.text C:\Windows\System32\igfxtray.exe[4060] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b91810 5 bytes JMP 0000000100481284
.text C:\Windows\System32\igfxtray.exe[4060] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b92840 5 bytes JMP 00000001004819f4
.text C:\Windows\System32\igfxtray.exe[4060] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Windows\System32\igfxtray.exe[4060] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe4a6e00 5 bytes JMP 000007ff7e4c1dac
.text C:\Windows\System32\igfxtray.exe[4060] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe4a6f2c 5 bytes JMP 000007ff7e4c0ecc
.text C:\Windows\System32\igfxtray.exe[4060] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe4a7220 5 bytes JMP 000007ff7e4c1284
.text C:\Windows\System32\igfxtray.exe[4060] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe4a739c 5 bytes JMP 000007ff7e4c163c
.text C:\Windows\System32\igfxtray.exe[4060] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe4a7538 5 bytes JMP 000007ff7e4c19f4
.text C:\Windows\System32\igfxtray.exe[4060] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe4a75e8 5 bytes JMP 000007ff7e4c03a4
.text C:\Windows\System32\igfxtray.exe[4060] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe4a790c 5 bytes JMP 000007ff7e4c075c
.text C:\Windows\System32\igfxtray.exe[4060] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe4a7ab4 5 bytes JMP 000007ff7e4c0b14
.text C:\Windows\System32\hkcmd.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b63ae0 5 bytes JMP 000000010045075c
.text C:\Windows\System32\hkcmd.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b67a90 5 bytes JMP 00000001004503a4
.text C:\Windows\System32\hkcmd.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b91490 5 bytes JMP 0000000100450b14
.text C:\Windows\System32\hkcmd.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b914f0 5 bytes JMP 0000000100450ecc
.text C:\Windows\System32\hkcmd.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b915d0 5 bytes JMP 000000010045163c
.text C:\Windows\System32\hkcmd.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b91810 5 bytes JMP 0000000100451284
.text C:\Windows\System32\hkcmd.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b92840 5 bytes JMP 00000001004519f4
.text C:\Windows\System32\hkcmd.exe[1340] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Windows\System32\hkcmd.exe[1340] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe4a6e00 5 bytes JMP 000007ff7e4c1dac
.text C:\Windows\System32\hkcmd.exe[1340] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe4a6f2c 5 bytes JMP 000007ff7e4c0ecc
.text C:\Windows\System32\hkcmd.exe[1340] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe4a7220 5 bytes JMP 000007ff7e4c1284
.text C:\Windows\System32\hkcmd.exe[1340] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe4a739c 5 bytes JMP 000007ff7e4c163c
.text C:\Windows\System32\hkcmd.exe[1340] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe4a7538 5 bytes JMP 000007ff7e4c19f4
.text C:\Windows\System32\hkcmd.exe[1340] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe4a75e8 5 bytes JMP 000007ff7e4c03a4
.text C:\Windows\System32\hkcmd.exe[1340] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe4a790c 5 bytes JMP 000007ff7e4c075c
.text C:\Windows\System32\hkcmd.exe[1340] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe4a7ab4 5 bytes JMP 000007ff7e4c0b14
.text C:\Windows\system32\svchost.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b63ae0 5 bytes JMP 000000010039075c
.text C:\Windows\system32\svchost.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b67a90 5 bytes JMP 00000001003903a4
.text C:\Windows\system32\svchost.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b91490 5 bytes JMP 0000000100390b14
.text C:\Windows\system32\svchost.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b914f0 5 bytes JMP 0000000100390ecc
.text C:\Windows\system32\svchost.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b915d0 5 bytes JMP 000000010039163c
.text C:\Windows\system32\svchost.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b91810 5 bytes JMP 0000000100391284
.text C:\Windows\system32\svchost.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b92840 5 bytes JMP 00000001003919f4
.text C:\Windows\system32\svchost.exe[2864] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[2864] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe4a6e00 5 bytes JMP 000007ff7e4c1dac
.text C:\Windows\system32\svchost.exe[2864] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe4a6f2c 5 bytes JMP 000007ff7e4c0ecc
.text C:\Windows\system32\svchost.exe[2864] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe4a7220 5 bytes JMP 000007ff7e4c1284
.text C:\Windows\system32\svchost.exe[2864] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe4a739c 5 bytes JMP 000007ff7e4c163c
.text C:\Windows\system32\svchost.exe[2864] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe4a7538 5 bytes JMP 000007ff7e4c19f4
.text C:\Windows\system32\svchost.exe[2864] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe4a75e8 5 bytes JMP 000007ff7e4c03a4
.text C:\Windows\system32\svchost.exe[2864] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe4a790c 5 bytes JMP 000007ff7e4c075c
.text C:\Windows\system32\svchost.exe[2864] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe4a7ab4 5 bytes JMP 000007ff7e4c0b14
.text C:\Windows\System32\igfxpers.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b63ae0 5 bytes JMP 00000001002e075c
.text C:\Windows\System32\igfxpers.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b67a90 5 bytes JMP 00000001002e03a4
.text C:\Windows\System32\igfxpers.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b91490 5 bytes JMP 00000001002e0b14
.text C:\Windows\System32\igfxpers.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b914f0 5 bytes JMP 00000001002e0ecc
.text C:\Windows\System32\igfxpers.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b915d0 5 bytes JMP 00000001002e163c
.text C:\Windows\System32\igfxpers.exe[4324]
|
|
23.05.2013, 15:02
| #4 |
| | Virenbefall durch Delta Search und Konsorten Hier der zweite: Vom Defogger gab es keine Logfile Code:
ATTFilter C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b91810 5 bytes JMP 00000001002e1284
.text C:\Windows\System32\igfxpers.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b92840 5 bytes JMP 00000001002e19f4
.text C:\Windows\System32\igfxpers.exe[4324] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Windows\System32\igfxpers.exe[4324] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe4a6e00 5 bytes JMP 000007ff7e4c1dac
.text C:\Windows\System32\igfxpers.exe[4324] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe4a6f2c 5 bytes JMP 000007ff7e4c0ecc
.text C:\Windows\System32\igfxpers.exe[4324] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe4a7220 5 bytes JMP 000007ff7e4c1284
.text C:\Windows\System32\igfxpers.exe[4324] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe4a739c 5 bytes JMP 000007ff7e4c163c
.text C:\Windows\System32\igfxpers.exe[4324] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe4a7538 5 bytes JMP 000007ff7e4c19f4
.text C:\Windows\System32\igfxpers.exe[4324] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe4a75e8 5 bytes JMP 000007ff7e4c03a4
.text C:\Windows\System32\igfxpers.exe[4324] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe4a790c 5 bytes JMP 000007ff7e4c075c
.text C:\Windows\System32\igfxpers.exe[4324] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe4a7ab4 5 bytes JMP 000007ff7e4c0b14
.text C:\Users\Ann-Kristin.B\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077d3faa0 5 bytes JMP 0000000100030600
.text C:\Users\Ann-Kristin.B\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077d3fb38 5 bytes JMP 0000000100030804
.text C:\Users\Ann-Kristin.B\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 0000000100030c0c
.text C:\Users\Ann-Kristin.B\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 0000000100030a08
.text C:\Users\Ann-Kristin.B\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4472] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 0000000100030e10
.text C:\Users\Ann-Kristin.B\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4472] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d5c45a 5 bytes JMP 00000001000301f8
.text C:\Users\Ann-Kristin.B\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4472] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d61217 5 bytes JMP 00000001000303fc
.text C:\Users\Ann-Kristin.B\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4472] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007638a30a 1 byte [62]
.text C:\Users\Ann-Kristin.B\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4472] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007593ee09 5 bytes JMP 00000001001401f8
.text C:\Users\Ann-Kristin.B\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4472] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075943982 5 bytes JMP 00000001001403fc
.text C:\Users\Ann-Kristin.B\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4472] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075947603 5 bytes JMP 0000000100140804
.text C:\Users\Ann-Kristin.B\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4472] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007594835c 5 bytes JMP 0000000100140600
.text C:\Users\Ann-Kristin.B\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4472] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007595f52b 5 bytes JMP 0000000100140a08
.text C:\Users\Ann-Kristin.B\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4472] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000776a5181 5 bytes JMP 0000000100151014
.text C:\Users\Ann-Kristin.B\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4472] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000776a5254 5 bytes JMP 0000000100150804
.text C:\Users\Ann-Kristin.B\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4472] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000776a53d5 5 bytes JMP 0000000100150a08
.text C:\Users\Ann-Kristin.B\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4472] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000776a54c2 5 bytes JMP 0000000100150c0c
.text C:\Users\Ann-Kristin.B\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4472] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000776a55e2 5 bytes JMP 0000000100150e10
.text C:\Users\Ann-Kristin.B\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4472] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000776a567c 5 bytes JMP 00000001001501f8
.text C:\Users\Ann-Kristin.B\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4472] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000776a589f 5 bytes JMP 00000001001503fc
.text C:\Users\Ann-Kristin.B\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[4472] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000776a5a22 5 bytes JMP 0000000100150600
.text C:\Windows\system32\SearchIndexer.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b63ae0 5 bytes JMP 00000001002b075c
.text C:\Windows\system32\SearchIndexer.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b67a90 5 bytes JMP 00000001002b03a4
.text C:\Windows\system32\SearchIndexer.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b91490 5 bytes JMP 00000001002b0b14
.text C:\Windows\system32\SearchIndexer.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b914f0 5 bytes JMP 00000001002b0ecc
.text C:\Windows\system32\SearchIndexer.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b915d0 5 bytes JMP 00000001002b163c
.text C:\Windows\system32\SearchIndexer.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b91810 5 bytes JMP 00000001002b1284
.text C:\Windows\system32\SearchIndexer.exe[4780] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b92840 5 bytes JMP 00000001002b19f4
.text C:\Windows\system32\SearchIndexer.exe[4780] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[4780] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe4a6e00 5 bytes JMP 000007ff7e4c1dac
.text C:\Windows\system32\SearchIndexer.exe[4780] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe4a6f2c 5 bytes JMP 000007ff7e4c0ecc
.text C:\Windows\system32\SearchIndexer.exe[4780] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe4a7220 5 bytes JMP 000007ff7e4c1284
.text C:\Windows\system32\SearchIndexer.exe[4780] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe4a739c 5 bytes JMP 000007ff7e4c163c
.text C:\Windows\system32\SearchIndexer.exe[4780] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe4a7538 5 bytes JMP 000007ff7e4c19f4
.text C:\Windows\system32\SearchIndexer.exe[4780] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe4a75e8 5 bytes JMP 000007ff7e4c03a4
.text C:\Windows\system32\SearchIndexer.exe[4780] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe4a790c 5 bytes JMP 000007ff7e4c075c
.text C:\Windows\system32\SearchIndexer.exe[4780] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe4a7ab4 5 bytes JMP 000007ff7e4c0b14
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b63ae0 5 bytes JMP 000000010031075c
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b67a90 5 bytes JMP 00000001003103a4
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b91490 5 bytes JMP 0000000100310b14
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b914f0 5 bytes JMP 0000000100310ecc
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b915d0 5 bytes JMP 000000010031163c
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b91810 5 bytes JMP 0000000100311284
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b92840 5 bytes JMP 00000001003119f4
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4364] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4364] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe4a6e00 5 bytes JMP 000007ff7e4c1dac
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4364] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe4a6f2c 5 bytes JMP 000007ff7e4c0ecc
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4364] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe4a7220 5 bytes JMP 000007ff7e4c1284
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4364] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe4a739c 5 bytes JMP 000007ff7e4c163c
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4364] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe4a7538 5 bytes JMP 000007ff7e4c19f4
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4364] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe4a75e8 5 bytes JMP 000007ff7e4c03a4
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4364] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe4a790c 5 bytes JMP 000007ff7e4c075c
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4364] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe4a7ab4 5 bytes JMP 000007ff7e4c0b14
.text C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b63ae0 5 bytes JMP 000000010041075c
.text C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b67a90 5 bytes JMP 00000001004103a4
.text C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b91490 5 bytes JMP 0000000100410b14
.text C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b914f0 5 bytes JMP 0000000100410ecc
.text C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b915d0 5 bytes JMP 000000010041163c
.text C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b91810 5 bytes JMP 0000000100411284
.text C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe[4152] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b92840 5 bytes JMP 00000001004119f4
.text C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe[4152] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe[4152] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe4a6e00 5 bytes JMP 000007ff7e4c1dac
.text C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe[4152] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe4a6f2c 5 bytes JMP 000007ff7e4c0ecc
.text C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe[4152] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe4a7220 5 bytes JMP 000007ff7e4c1284
.text C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe[4152] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe4a739c 5 bytes JMP 000007ff7e4c163c
.text C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe[4152] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe4a7538 5 bytes JMP 000007ff7e4c19f4
.text C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe[4152] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe4a75e8 5 bytes JMP 000007ff7e4c03a4
.text C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe[4152] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe4a790c 5 bytes JMP 000007ff7e4c075c
.text C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe[4152] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe4a7ab4 5 bytes JMP 000007ff7e4c0b14
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3928] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077d3faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3928] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077d3fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3928] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3928] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3928] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3928] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d5c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3928] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d61217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3928] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007638a30a 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3928] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007593ee09 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3928] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075943982 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3928] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075947603 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3928] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007594835c 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3928] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007595f52b 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3928] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000776a5181 5 bytes JMP 00000001002d1014
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3928] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000776a5254 5 bytes JMP 00000001002d0804
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3928] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000776a53d5 5 bytes JMP 00000001002d0a08
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3928] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000776a54c2 5 bytes JMP 00000001002d0c0c
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3928] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000776a55e2 5 bytes JMP 00000001002d0e10
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3928] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000776a567c 5 bytes JMP 00000001002d01f8
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3928] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000776a589f 5 bytes JMP 00000001002d03fc
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3928] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000776a5a22 5 bytes JMP 00000001002d0600
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2780] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007638a30a 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4144] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077d3faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4144] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077d3fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4144] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4144] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4144] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4144] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d5c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4144] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d61217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4144] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007638a30a 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4144] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007593ee09 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4144] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075943982 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4144] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075947603 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4144] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007594835c 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4144] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007595f52b 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4144] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000776a5181 5 bytes JMP 0000000100251014
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4144] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000776a5254 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4144] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000776a53d5 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4144] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000776a54c2 5 bytes JMP 0000000100250c0c
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4144] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000776a55e2 5 bytes JMP 0000000100250e10
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4144] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000776a567c 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4144] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000776a589f 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4144] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000776a5a22 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrUI.exe[4224] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077d3faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrUI.exe[4224] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077d3fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrUI.exe[4224] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrUI.exe[4224] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrUI.exe[4224] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrUI.exe[4224] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d5c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrUI.exe[4224] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d61217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrUI.exe[4224] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007638a30a 1 byte [62]
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrUI.exe[4224] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007593ee09 5 bytes JMP 00000001000d01f8
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrUI.exe[4224] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075943982 5 bytes JMP 00000001000d03fc
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrUI.exe[4224] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075947603 5 bytes JMP 00000001000d0804
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrUI.exe[4224] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007594835c 5 bytes JMP 00000001000d0600
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrUI.exe[4224] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007595f52b 5 bytes JMP 00000001000d0a08
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrUI.exe[4224] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000776a5181 5 bytes JMP 00000001000e1014
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrUI.exe[4224] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000776a5254 5 bytes JMP 00000001000e0804
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrUI.exe[4224] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000776a53d5 5 bytes JMP 00000001000e0a08
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrUI.exe[4224] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000776a54c2 5 bytes JMP 00000001000e0c0c
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrUI.exe[4224] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000776a55e2 5 bytes JMP 00000001000e0e10
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrUI.exe[4224] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000776a567c 5 bytes JMP 00000001000e01f8
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrUI.exe[4224] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000776a589f 5 bytes JMP 00000001000e03fc
.text C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrUI.exe[4224] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000776a5a22 5 bytes JMP 00000001000e0600
.text C:\Windows\SysWOW64\ACEngSvr.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077d3faa0 5 bytes JMP 0000000100030600
.text C:\Windows\SysWOW64\ACEngSvr.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077d3fb38 5 bytes JMP 0000000100030804
.text C:\Windows\SysWOW64\ACEngSvr.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 0000000100030c0c
.text C:\Windows\SysWOW64\ACEngSvr.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 0000000100030a08
.text C:\Windows\SysWOW64\ACEngSvr.exe[4844] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 0000000100030e10
.text C:\Windows\SysWOW64\ACEngSvr.exe[4844] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d5c45a 5 bytes JMP 00000001000301f8
.text C:\Windows\SysWOW64\ACEngSvr.exe[4844] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d61217 5 bytes JMP 00000001000303fc
.text C:\Windows\SysWOW64\ACEngSvr.exe[4844] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007638a30a 1 byte [62]
.text C:\Windows\SysWOW64\ACEngSvr.exe[4844] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000776a5181 5 bytes JMP 0000000100231014
.text C:\Windows\SysWOW64\ACEngSvr.exe[4844] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000776a5254 5 bytes JMP 0000000100230804
.text C:\Windows\SysWOW64\ACEngSvr.exe[4844] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000776a53d5 5 bytes JMP 0000000100230a08
.text C:\Windows\SysWOW64\ACEngSvr.exe[4844] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000776a54c2 5 bytes JMP 0000000100230c0c
.text C:\Windows\SysWOW64\ACEngSvr.exe[4844] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000776a55e2 5 bytes JMP 0000000100230e10
.text C:\Windows\SysWOW64\ACEngSvr.exe[4844] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000776a567c 5 bytes JMP 00000001002301f8
.text C:\Windows\SysWOW64\ACEngSvr.exe[4844] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000776a589f 5 bytes JMP 00000001002303fc
.text C:\Windows\SysWOW64\ACEngSvr.exe[4844] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000776a5a22 5 bytes JMP 0000000100230600
.text C:\Windows\SysWOW64\ACEngSvr.exe[4844] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007593ee09 5 bytes JMP 00000001002c01f8
.text C:\Windows\SysWOW64\ACEngSvr.exe[4844] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075943982 5 bytes JMP 00000001002c03fc
.text C:\Windows\SysWOW64\ACEngSvr.exe[4844] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075947603 5 bytes JMP 00000001002c0804
.text C:\Windows\SysWOW64\ACEngSvr.exe[4844] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007594835c 5 bytes JMP 00000001002c0600
.text C:\Windows\SysWOW64\ACEngSvr.exe[4844] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007595f52b 5 bytes JMP 00000001002c0a08
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3384] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077d3faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3384] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077d3fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3384] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3384] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3384] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3384] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d5c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3384] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d61217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3384] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007638a30a 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3384] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007593ee09 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3384] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075943982 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3384] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075947603 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3384] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007594835c 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3384] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007595f52b 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3384] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000776a5181 5 bytes JMP 0000000100251014
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3384] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000776a5254 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3384] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000776a53d5 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3384] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000776a54c2 5 bytes JMP 0000000100250c0c
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3384] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000776a55e2 5 bytes JMP 0000000100250e10
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3384] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000776a567c 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3384] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000776a589f 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[3384] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000776a5a22 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5160] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077d3faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5160] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077d3fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5160] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5160] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5160] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5160] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d5c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5160] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d61217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5160] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007638a30a 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5160] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007593ee09 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5160] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075943982 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5160] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075947603 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5160] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007594835c 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5160] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007595f52b 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5160] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000776a5181 5 bytes JMP 0000000100251014
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5160] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000776a5254 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5160] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000776a53d5 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5160] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000776a54c2 5 bytes JMP 0000000100250c0c
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5160] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000776a55e2 5 bytes JMP 0000000100250e10
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5160] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000776a567c 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5160] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000776a589f 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[5160] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000776a5a22 5 bytes JMP 0000000100250600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5568] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b63ae0 5 bytes JMP 000000010038075c
.text C:\Windows\System32\svchost.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b67a90 5 bytes JMP 00000001003803a4
.text C:\Windows\System32\svchost.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b91490 5 bytes JMP 0000000100380b14
.text C:\Windows\System32\svchost.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b914f0 5 bytes JMP 0000000100380ecc
.text C:\Windows\System32\svchost.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b915d0 5 bytes JMP 000000010038163c
.text C:\Windows\System32\svchost.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b91810 5 bytes JMP 0000000100381284
.text C:\Windows\System32\svchost.exe[5744] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b92840 5 bytes JMP 00000001003819f4
.text C:\Windows\System32\svchost.exe[5744] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[5744] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe4a6e00 5 bytes JMP 000007ff7e4c1dac
.text C:\Windows\System32\svchost.exe[5744] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe4a6f2c 5 bytes JMP 000007ff7e4c0ecc
.text C:\Windows\System32\svchost.exe[5744] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe4a7220 5 bytes JMP 000007ff7e4c1284
.text C:\Windows\System32\svchost.exe[5744] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe4a739c 5 bytes JMP 000007ff7e4c163c
.text C:\Windows\System32\svchost.exe[5744] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe4a7538 5 bytes JMP 000007ff7e4c19f4
.text C:\Windows\System32\svchost.exe[5744] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe4a75e8 5 bytes JMP 000007ff7e4c03a4
.text C:\Windows\System32\svchost.exe[5744] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe4a790c 5 bytes JMP 000007ff7e4c075c
.text C:\Windows\System32\svchost.exe[5744] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe4a7ab4 5 bytes JMP 000007ff7e4c0b14
.text C:\Program Files\iPod\bin\iPodService.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b63ae0 5 bytes JMP 000000010031075c
.text C:\Program Files\iPod\bin\iPodService.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b67a90 5 bytes JMP 00000001003103a4
.text C:\Program Files\iPod\bin\iPodService.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b91490 5 bytes JMP 0000000100310b14
.text C:\Program Files\iPod\bin\iPodService.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b914f0 5 bytes JMP 0000000100310ecc
.text C:\Program Files\iPod\bin\iPodService.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b915d0 5 bytes JMP 000000010031163c
.text C:\Program Files\iPod\bin\iPodService.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b91810 5 bytes JMP 0000000100311284
.text C:\Program Files\iPod\bin\iPodService.exe[6032] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b92840 5 bytes JMP 00000001003119f4
.text C:\Program Files\iPod\bin\iPodService.exe[6032] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[6032] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe4a6e00 5 bytes JMP 000007ff7e4c1dac
.text C:\Program Files\iPod\bin\iPodService.exe[6032] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe4a6f2c 5 bytes JMP 000007ff7e4c0ecc
.text C:\Program Files\iPod\bin\iPodService.exe[6032] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe4a7220 5 bytes JMP 000007ff7e4c1284
.text C:\Program Files\iPod\bin\iPodService.exe[6032] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe4a739c 5 bytes JMP 000007ff7e4c163c
.text C:\Program Files\iPod\bin\iPodService.exe[6032] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe4a7538 5 bytes JMP 000007ff7e4c19f4
.text C:\Program Files\iPod\bin\iPodService.exe[6032] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe4a75e8 5 bytes JMP 000007ff7e4c03a4
.text C:\Program Files\iPod\bin\iPodService.exe[6032] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe4a790c 5 bytes JMP 000007ff7e4c075c
.text C:\Program Files\iPod\bin\iPodService.exe[6032] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe4a7ab4 5 bytes JMP 000007ff7e4c0b14
.text C:\Windows\system32\DllHost.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b63ae0 5 bytes JMP 000000010024075c
.text C:\Windows\system32\DllHost.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b67a90 5 bytes JMP 00000001002403a4
.text C:\Windows\system32\DllHost.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b91490 5 bytes JMP 0000000100240b14
.text C:\Windows\system32\DllHost.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b914f0 5 bytes JMP 0000000100240ecc
.text C:\Windows\system32\DllHost.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b915d0 5 bytes JMP 000000010024163c
.text C:\Windows\system32\DllHost.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b91810 5 bytes JMP 0000000100241284
.text C:\Windows\system32\DllHost.exe[6648] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b92840 5 bytes JMP 00000001002419f4
.text C:\Windows\system32\DllHost.exe[6648] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Windows\system32\DllHost.exe[6648] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe4a6e00 5 bytes JMP 000007ff7e4c1dac
.text C:\Windows\system32\DllHost.exe[6648] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe4a6f2c 5 bytes JMP 000007ff7e4c0ecc
.text C:\Windows\system32\DllHost.exe[6648] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe4a7220 5 bytes JMP 000007ff7e4c1284
.text C:\Windows\system32\DllHost.exe[6648] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe4a739c 5 bytes JMP 000007ff7e4c163c
.text C:\Windows\system32\DllHost.exe[6648] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe4a7538 5 bytes JMP 000007ff7e4c19f4
.text C:\Windows\system32\DllHost.exe[6648] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe4a75e8 5 bytes JMP 000007ff7e4c03a4
.text C:\Windows\system32\DllHost.exe[6648] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe4a790c 5 bytes JMP 000007ff7e4c075c
.text C:\Windows\system32\DllHost.exe[6648] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe4a7ab4 5 bytes JMP 000007ff7e4c0b14
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6352] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b63ae0 5 bytes JMP 000000010010075c
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6352] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b67a90 5 bytes JMP 00000001001003a4
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6352] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b91490 5 bytes JMP 0000000100100b14
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6352] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b914f0 5 bytes JMP 0000000100100ecc
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6352] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b915d0 5 bytes JMP 000000010010163c
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6352] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b91810 5 bytes JMP 0000000100101284
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6352] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b92840 5 bytes JMP 00000001001019f4
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6352] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6352] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe4a6e00 5 bytes JMP 000007ff7e4c1dac
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6352] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe4a6f2c 5 bytes JMP 000007ff7e4c0ecc
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6352] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe4a7220 5 bytes JMP 000007ff7e4c1284
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6352] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe4a739c 5 bytes JMP 000007ff7e4c163c
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6352] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe4a7538 5 bytes JMP 000007ff7e4c19f4
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6352] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe4a75e8 5 bytes JMP 000007ff7e4c03a4
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6352] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe4a790c 5 bytes JMP 000007ff7e4c075c
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[6352] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe4a7ab4 5 bytes JMP 000007ff7e4c0b14
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6640] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077d3faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6640] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077d3fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6640] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6640] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6640] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6640] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d5c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6640] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d61217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6640] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007638a30a 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6640] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000776a5181 5 bytes JMP 0000000100241014
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6640] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000776a5254 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6640] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000776a53d5 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6640] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000776a54c2 5 bytes JMP 0000000100240c0c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6640] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000776a55e2 5 bytes JMP 0000000100240e10
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6640] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000776a567c 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6640] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000776a589f 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6640] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000776a5a22 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6640] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007593ee09 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6640] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075943982 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6640] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075947603 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6640] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007594835c 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6640] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007595f52b 5 bytes JMP 0000000100250a08
.text C:\Windows\System32\svchost.exe[6736] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe4a6e00 5 bytes JMP 000007ff7e4c1dac
.text C:\Windows\System32\svchost.exe[6736] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe4a6f2c 5 bytes JMP 000007ff7e4c0ecc
.text C:\Windows\System32\svchost.exe[6736] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe4a7220 5 bytes JMP 000007ff7e4c1284
.text C:\Windows\System32\svchost.exe[6736] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe4a739c 5 bytes JMP 000007ff7e4c163c
.text C:\Windows\System32\svchost.exe[6736] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe4a7538 5 bytes JMP 000007ff7e4c19f4
.text C:\Windows\System32\svchost.exe[6736] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe4a75e8 5 bytes JMP 000007ff7e4c03a4
.text C:\Windows\System32\svchost.exe[6736] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe4a790c 5 bytes JMP 000007ff7e4c075c
.text C:\Windows\System32\svchost.exe[6736] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe4a7ab4 5 bytes JMP 000007ff7e4c0b14
.text C:\Windows\System32\svchost.exe[6736] C:\Windows\system32\USER32.dll!UnhookWinEvent 0000000077928550 5 bytes JMP 000000010046075c
.text C:\Windows\System32\svchost.exe[6736] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000000007792d440 5 bytes JMP 0000000100461284
.text C:\Windows\System32\svchost.exe[6736] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007792f874 5 bytes JMP 0000000100460ecc
.text C:\Windows\System32\svchost.exe[6736] C:\Windows\system32\USER32.dll!SetWinEventHook 0000000077934d4c 5 bytes JMP 00000001004603a4
.text C:\Windows\System32\svchost.exe[6736] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077948c20 5 bytes JMP 0000000100460b14
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077d3faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077d3fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1384] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1384] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d5c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1384] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d61217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1384] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007638a30a 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1384] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000776a5181 5 bytes JMP 0000000100241014
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1384] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000776a5254 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1384] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000776a53d5 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1384] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000776a54c2 5 bytes JMP 0000000100240c0c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1384] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000776a55e2 5 bytes JMP 0000000100240e10
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1384] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000776a567c 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1384] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000776a589f 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1384] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000776a5a22 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1384] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007593ee09 5 bytes JMP 00000001002d01f8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1384] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075943982 5 bytes JMP 00000001002d03fc
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1384] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075947603 5 bytes JMP 00000001002d0804
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1384] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007594835c 5 bytes JMP 00000001002d0600
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1384] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007595f52b 5 bytes JMP 00000001002d0a08
.text C:\Windows\system32\wuauclt.exe[6056] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077b63ae0 5 bytes JMP 000000010029075c
.text C:\Windows\system32\wuauclt.exe[6056] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077b67a90 5 bytes JMP 00000001002903a4
.text C:\Windows\system32\wuauclt.exe[6056] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077b91490 5 bytes JMP 0000000100290b14
.text C:\Windows\system32\wuauclt.exe[6056] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077b914f0 5 bytes JMP 0000000100290ecc
.text C:\Windows\system32\wuauclt.exe[6056] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077b915d0 5 bytes JMP 000000010029163c
.text C:\Windows\system32\wuauclt.exe[6056] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077b91810 5 bytes JMP 0000000100291284
.text C:\Windows\system32\wuauclt.exe[6056] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077b92840 5 bytes JMP 00000001002919f4
.text C:\Windows\system32\wuauclt.exe[6056] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Windows\system32\wuauclt.exe[6056] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe4a6e00 5 bytes JMP 000007ff7e4c1dac
.text C:\Windows\system32\wuauclt.exe[6056] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe4a6f2c 5 bytes JMP 000007ff7e4c0ecc
.text C:\Windows\system32\wuauclt.exe[6056] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe4a7220 5 bytes JMP 000007ff7e4c1284
.text C:\Windows\system32\wuauclt.exe[6056] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe4a739c 5 bytes JMP 000007ff7e4c163c
.text C:\Windows\system32\wuauclt.exe[6056] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe4a7538 5 bytes JMP 000007ff7e4c19f4
.text C:\Windows\system32\wuauclt.exe[6056] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe4a75e8 5 bytes JMP 000007ff7e4c03a4
.text C:\Windows\system32\wuauclt.exe[6056] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe4a790c 5 bytes JMP 000007ff7e4c075c
.text C:\Windows\system32\wuauclt.exe[6056] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe4a7ab4 5 bytes JMP 000007ff7e4c0b14
.text C:\Windows\system32\AUDIODG.EXE[7448] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000077a7eecd 1 byte [62]
.text C:\Users\Ann-Kristin.B\Downloads\gmer_2.1.19163.exe[3628] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077d3faa0 5 bytes JMP 0000000100030600
.text C:\Users\Ann-Kristin.B\Downloads\gmer_2.1.19163.exe[3628] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077d3fb38 5 bytes JMP 0000000100030804
.text C:\Users\Ann-Kristin.B\Downloads\gmer_2.1.19163.exe[3628] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d3fc90 5 bytes JMP 0000000100030c0c
.text C:\Users\Ann-Kristin.B\Downloads\gmer_2.1.19163.exe[3628] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d40018 5 bytes JMP 0000000100030a08
.text C:\Users\Ann-Kristin.B\Downloads\gmer_2.1.19163.exe[3628] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d41900 5 bytes JMP 0000000100030e10
.text C:\Users\Ann-Kristin.B\Downloads\gmer_2.1.19163.exe[3628] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077d5c45a 5 bytes JMP 00000001000301f8
.text C:\Users\Ann-Kristin.B\Downloads\gmer_2.1.19163.exe[3628] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077d61217 5 bytes JMP 00000001000303fc
.text C:\Users\Ann-Kristin.B\Downloads\gmer_2.1.19163.exe[3628] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007638a30a 1 byte [62]
.text C:\Users\Ann-Kristin.B\Downloads\gmer_2.1.19163.exe[3628] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000776a5181 5 bytes JMP 0000000100241014
.text C:\Users\Ann-Kristin.B\Downloads\gmer_2.1.19163.exe[3628] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000776a5254 5 bytes JMP 0000000100240804
.text C:\Users\Ann-Kristin.B\Downloads\gmer_2.1.19163.exe[3628] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000776a53d5 5 bytes JMP 0000000100240a08
.text C:\Users\Ann-Kristin.B\Downloads\gmer_2.1.19163.exe[3628] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000776a54c2 5 bytes JMP 0000000100240c0c
.text C:\Users\Ann-Kristin.B\Downloads\gmer_2.1.19163.exe[3628] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000776a55e2 5 bytes JMP 0000000100240e10
.text C:\Users\Ann-Kristin.B\Downloads\gmer_2.1.19163.exe[3628] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000776a567c 5 bytes JMP 00000001002401f8
.text C:\Users\Ann-Kristin.B\Downloads\gmer_2.1.19163.exe[3628] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000776a589f 5 bytes JMP 00000001002403fc
.text C:\Users\Ann-Kristin.B\Downloads\gmer_2.1.19163.exe[3628] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000776a5a22 5 bytes JMP 0000000100240600
.text C:\Users\Ann-Kristin.B\Downloads\gmer_2.1.19163.exe[3628] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007593ee09 5 bytes JMP 00000001002501f8
.text C:\Users\Ann-Kristin.B\Downloads\gmer_2.1.19163.exe[3628] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075943982 5 bytes JMP 00000001002503fc
.text C:\Users\Ann-Kristin.B\Downloads\gmer_2.1.19163.exe[3628] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075947603 5 bytes JMP 0000000100250804
.text C:\Users\Ann-Kristin.B\Downloads\gmer_2.1.19163.exe[3628] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007594835c 5 bytes JMP 0000000100250600
.text C:\Users\Ann-Kristin.B\Downloads\gmer_2.1.19163.exe[3628] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007595f52b 5 bytes JMP 0000000100250a08
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5568:3172] 000007fefe860168
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5568:5148] 000007fefbe22a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5568:4280] 000007fef1f1d618
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5568:6192] 000007fef9135124
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5568:6320] 000007fef1eb9730
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5568:6328] 000007fef1f1d618
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5568:3668] 000007fefe860168
Thread C:\Windows\System32\svchost.exe [6736:1168] 000007fef5309688
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 7
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 352673
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition1\Windows
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 10
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 7
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 352673
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition1\Windows
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 10
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
---- EOF - GMER 2.1 ----
Habe die Logfile vom Defoger übersehen, hier ist sie. Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:58 on 23/05/2013 (Ann-Kristin.B)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
|
|
23.05.2013, 16:07
| #5 |
| /// TB-Ausbilder | Virenbefall durch Delta Search und Konsorten Servus, Schritt 1 Scan mit Combofix
AdwCleaner bitte zweimal hintereinander ausführen und beide Logdateien davon posten! Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte poste mit deiner nächsten Antwort
|
|
23.05.2013, 21:41
| #6 |
| | Virenbefall durch Delta Search und Konsorten So, das war eine Prozedur, aber ich denke es hat geholfen. Hier die Logs: Combofix: Code:
ATTFilter ComboFix 13-05-23.02 - Ann-Kristin.B 23.05.2013 19:40:51.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3999.2241 [GMT 2:00]
ausgeführt von:: c:\users\Ann-Kristin.B\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 0 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SpeedAnalysis.com\ScRIpthost.dll
c:\programdata\FullRemove.exe
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\AuthFWSnapIn.Resources.dll
c:\windows\SysWow64\pt\AuthFWWizFwk.Resources.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-23 bis 2013-05-23 ))))))))))))))))))))))))))))))
.
.
2013-05-23 18:27 . 2013-05-23 18:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-23 17:33 . 2013-05-23 17:33 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{75B4D103-4844-49D0-BB38-53C5FCD1B533}\offreg.dll
2013-05-23 16:57 . 2013-05-23 16:57 -------- d-----w- c:\program files (x86)\TeamViewer
2013-05-21 08:14 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{75B4D103-4844-49D0-BB38-53C5FCD1B533}\mpengine.dll
2013-05-20 09:02 . 2013-05-20 12:09 -------- d-----w- c:\users\Ann-Kristin.B\AppData\Roaming\PersBackup5
2013-05-20 09:02 . 2013-05-20 09:02 -------- d-----w- c:\program files\Personal Backup 5
2013-05-20 09:01 . 2013-05-20 09:01 -------- d-----w- c:\users\Ann-Kristin.B\AppData\Local\Programs
2013-05-17 18:54 . 2013-04-05 06:50 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-05-17 18:54 . 2013-04-05 05:26 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-05-17 18:54 . 2013-04-05 06:52 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-05-17 18:54 . 2013-04-05 05:28 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-05-17 18:54 . 2013-04-05 06:50 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-05-17 18:54 . 2013-04-05 05:28 1767424 ----a-w- c:\windows\SysWow64\wininet.dll
2013-05-17 18:54 . 2013-04-05 06:52 2242048 ----a-w- c:\windows\system32\wininet.dll
2013-05-17 18:54 . 2013-04-05 06:50 19231232 ----a-w- c:\windows\system32\mshtml.dll
2013-05-17 18:54 . 2013-04-05 06:50 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-05-16 08:24 . 2013-05-16 08:24 -------- d-----w- c:\programdata\Gibraltar
2013-05-15 09:20 . 2013-05-15 09:20 434176 ----a-r- c:\users\Ann-Kristin.B\AppData\Roaming\Microsoft\Installer\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}\NewShortcut21_BB44E8EFCE184CC8BAF21F23666E91E7.exe
2013-05-15 09:20 . 2013-05-15 09:20 434176 ----a-r- c:\users\Ann-Kristin.B\AppData\Roaming\Microsoft\Installer\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}\NewShortcut2_A231A4E65E1B4B0D9C1B4A4301BC15D3.exe
2013-05-15 09:20 . 2013-05-15 09:20 434176 ----a-r- c:\users\Ann-Kristin.B\AppData\Roaming\Microsoft\Installer\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}\ARPPRODUCTICON.exe
2013-05-15 09:16 . 2013-05-15 09:20 -------- d-----w- c:\program files (x86)\Citavi 4
2013-05-15 09:11 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 09:11 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 09:11 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 09:10 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-15 09:10 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-15 09:10 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-15 09:10 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-15 09:10 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 09:10 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-15 09:09 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 09:09 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 09:09 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-05-14 15:13 . 2013-05-14 15:17 -------- d-----w- c:\users\Ann-Kristin.B\AppData\Roaming\Swiss Academic Software
2013-05-14 14:54 . 2013-05-14 14:55 -------- d-----w- c:\programdata\Swiss Academic Software
2013-05-14 14:47 . 2013-05-14 14:47 -------- d-----w- c:\users\Ann-Kristin.B\AppData\Local\Downloaded Installations
2013-05-08 14:22 . 2013-05-08 14:22 -------- d-----w- c:\programdata\Wincert
2013-05-08 14:21 . 2013-05-08 14:22 -------- d-----w- c:\program files (x86)\Search Results Toolbar
2013-05-08 14:21 . 2013-05-08 14:21 -------- d-----w- c:\users\Ann-Kristin.B\AppData\Local\jZip
2013-05-08 14:21 . 2013-05-23 18:29 -------- d-----w- c:\programdata\Datamngr
2013-05-08 14:21 . 2013-05-08 14:21 -------- d-----w- c:\program files (x86)\jZip
2013-05-01 01:09 . 2013-05-01 01:09 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 20:02 . 2012-06-22 09:01 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2013-04-30 20:02 . 2013-04-30 20:02 110080 ----a-r- c:\users\Ann-Kristin.B\AppData\Roaming\Microsoft\Installer\{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}\IconF7A21AF7.exe
2013-04-30 20:02 . 2013-04-30 20:02 110080 ----a-r- c:\users\Ann-Kristin.B\AppData\Roaming\Microsoft\Installer\{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}\IconD7F16134.exe
2013-04-30 20:02 . 2013-04-30 20:02 110080 ----a-r- c:\users\Ann-Kristin.B\AppData\Roaming\Microsoft\Installer\{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}\Icon1226A4C5.exe
2013-04-30 20:02 . 2013-04-30 20:02 -------- d-----w- C:\sh4ldr
2013-04-30 20:02 . 2013-04-30 20:02 -------- d-----w- c:\program files\Enigma Software Group
2013-04-30 19:59 . 2013-04-30 20:02 -------- d-----w- c:\windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP
2013-04-30 09:37 . 2013-04-30 09:36 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-30 09:35 . 2013-04-30 09:35 -------- d-----w- c:\program files (x86)\Java
2013-04-30 08:59 . 2013-05-09 08:59 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-04-30 08:59 . 2013-05-09 08:59 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-04-30 08:59 . 2013-05-09 08:59 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-04-30 08:59 . 2013-05-09 08:59 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-04-30 08:43 . 2013-05-09 08:59 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-04-30 08:43 . 2013-05-09 08:59 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-04-30 08:43 . 2013-05-09 08:59 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-04-30 08:42 . 2013-05-09 08:59 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-04-30 08:42 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-04-30 08:42 . 2013-04-30 08:42 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-04-30 08:40 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr
2013-04-30 08:38 . 2013-04-30 08:38 -------- d-----w- c:\program files\AVAST Software
2013-04-30 08:33 . 2013-04-30 08:38 -------- d-----w- c:\programdata\AVAST Software
2013-04-30 08:21 . 2013-04-30 08:21 -------- d-----w- c:\windows\SysWow64\searchplugins
2013-04-24 14:24 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-17 19:49 . 2012-09-30 07:49 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe
2013-05-17 19:04 . 2012-10-20 12:52 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-15 08:02 . 2012-10-05 19:13 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 08:02 . 2012-10-05 19:13 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-14 11:15 . 2011-03-29 01:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2012-12-10 07:50 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-30 09:35 . 2012-11-08 10:29 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-30 09:35 . 2012-11-08 10:29 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-13 05:49 . 2013-05-15 09:11 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 09:11 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 09:11 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 09:11 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 09:11 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 09:11 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-03-26 15:18 . 2013-04-23 14:12 112080 ----a-r- c:\windows\system32\drivers\acsock64.sys
2013-03-19 06:04 . 2013-04-10 10:48 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 10:48 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 10:48 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 10:48 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 10:48 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 10:48 112640 ----a-w- c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7abe12ca-e995-4ab4-9a4e-ef8820a20182}]
2012-12-05 22:54 89288 ----a-w- c:\progra~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7abe12ca-e995-4ab4-9a4e-ef8820a20182}"= "c:\progra~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll" [2012-12-05 89288]
.
[HKEY_CLASSES_ROOT\clsid\{7abe12ca-e995-4ab4-9a4e-ef8820a20182}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Ann-Kristin.B\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Ann-Kristin.B\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Ann-Kristin.B\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Ann-Kristin.B\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-05-06 1105408]
"Spotify"="c:\users\Ann-Kristin.B\AppData\Roaming\Spotify\spotify.exe" [2013-05-06 4573184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FLxHCIm64"="c:\program files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" [2011-10-17 47616]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-09-09 2317312]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\users\Ann-Kristin.B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ann-Kristin.B\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
Persbackup.lnk - c:\program files\Personal Backup 5\Persbackup.exe [2013-5-20 8426496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2013-03-26 112080]
R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys [2012-06-22 22704]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-06 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 assd;assd; [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-02-16 277120]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 80816]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-08-02 146592]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-08-02 103584]
S2 DatamngrCoordinator;Datamngr Coordinator;c:\program files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe [2013-04-28 3019264]
S2 IBUpdaterService;Updater Service;c:\programdata\IBUpdaterService\ibsvc.exe [2013-04-02 569120]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-04-23 3574624]
S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2011-02-26 16768]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-08-02 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-08-02 330912]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-08-02 110240]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-08-02 30368]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-08-02 167584]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-08-02 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-08-02 280992]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-08-02 511136]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-10-18 198448]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2011-10-17 202496]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2011-10-17 69888]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-11-03 317440]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2011-03-15 311400]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 13:07 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-05 08:02]
.
2013-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-17 15:28]
.
2013-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-17 15:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Ann-Kristin.B\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Ann-Kristin.B\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Ann-Kristin.B\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Ann-Kristin.B\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-02-21 12452456]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-08-02 961184]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-11-03 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-11-03 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-11-03 416024]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ann-Kristin.B\AppData\Roaming\Mozilla\Firefox\Profiles\psibyyw1.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/102?appid=110
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=110&systemid=102&apn_dtid=BND102&apn_ptnrs=AG7&apn_uid=1556205021544236&o=APN10646&q=
FF - ExtSQL: 2013-04-30 10:41; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-05-08 16:22; {7abe12ca-e995-4ab4-9a4e-ef8820a20182}; c:\users\Ann-Kristin.B\AppData\Roaming\Mozilla\Firefox\Profiles\psibyyw1.default\extensions\{7abe12ca-e995-4ab4-9a4e-ef8820a20182}
FF - ExtSQL: !HIDDEN! 2013-04-02 20:38; speedanalysis@SpeedAnalysis.com; c:\users\Ann-Kristin.B\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 1ef4549b00000000000082b9a5d1bc8b
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15797
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.020:39
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{45564571-A21B-48ED-B584-69752EEE9C3D} - c:\program files (x86)\SpeedAnalysis.com\ScriptHost.dll
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-23 20:38:30
ComboFix-quarantined-files.txt 2013-05-23 18:38
.
Vor Suchlauf: 4.446.199.808 Bytes frei
Nach Suchlauf: 6.674.223.104 Bytes frei
.
- - End Of File - - 195CFBD74896647ACD12C4295B49D9C9
Code:
ATTFilter # AdwCleaner v2.301 - Datei am 23/05/2013 um 20:55:55 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Ann-Kristin.B - ANN-KRISTINB-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Ann-Kristin.B\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : DatamngrCoordinator
Gestoppt & Gelöscht : IBUpdaterService
Gestoppt & Gelöscht : ICQ Service
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Users\Ann-Kristin.B\AppData\Roaming\Mozilla\Firefox\Profiles\psibyyw1.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Ann-Kristin.B\AppData\Roaming\Mozilla\Firefox\Profiles\psibyyw1.default\searchplugins\delta.xml
Datei Gelöscht : C:\Users\Ann-Kristin.B\AppData\Roaming\Mozilla\Firefox\Profiles\psibyyw1.default\searchplugins\Search_Results.xml
Gelöscht mit Neustart : C:\Program Files (x86)\search results toolbar
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files (x86)\SpeedAnalysis.com
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\IBUpdaterService
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Ann-Kristin.B\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Ann-Kristin.B\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Ann-Kristin.B\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Ann-Kristin.B\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Ann-Kristin.B\AppData\Roaming\file scout
Ordner Gelöscht : C:\Users\Ann-Kristin.B\AppData\Roaming\Mozilla\Firefox\Profiles\psibyyw1.default\CT2625848
Ordner Gelöscht : C:\Users\Ann-Kristin.B\AppData\Roaming\Mozilla\Firefox\Profiles\psibyyw1.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
Ordner Gelöscht : C:\Users\Ann-Kristin.B\AppData\Roaming\Mozilla\Firefox\Profiles\psibyyw1.default\extensions\{C4A4F5A0-4B89-4392-AFAC-D58010E349AF}
Ordner Gelöscht : C:\Users\Ann-Kristin.B\AppData\Roaming\Mozilla\Firefox\Profiles\psibyyw1.default\Smartbar
Ordner Gelöscht : C:\Users\Ann-Kristin.B\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\Ann-Kristin.B\AppData\Roaming\SpeedanAlysis
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN DTX
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\5a5388ddb138e513
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2625848
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5a5388ddb138e513
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [speedanalysis@SpeedAnalysis.com]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis@SpeedAnalysis.com]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16576
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\Ann-Kristin.B\AppData\Roaming\Mozilla\Firefox\Profiles\psibyyw1.default\prefs.js
C:\Users\Ann-Kristin.B\AppData\Roaming\Mozilla\Firefox\Profiles\psibyyw1.default\user.js ... Gelöscht !
Gelöscht : user_pref("CT2625848.1000082.isDisplayHidden", "true");
Gelöscht : user_pref("CT2625848.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Gelöscht : user_pref("CT2625848.2625848a129894023611240511000000paramsGK1.enc", "eyJ1cGRhdGVSZXFUaW1lIjoxMzU1MD[...]
Gelöscht : user_pref("CT2625848.CBOpenMAMSettings.enc", "MA==");
Gelöscht : user_pref("CT2625848.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2625848.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT2625848.FirstTime", "true");
Gelöscht : user_pref("CT2625848.FirstTimeFF3", "true");
Gelöscht : user_pref("CT2625848.LoginRevertSettingsEnabled", true);
Gelöscht : user_pref("CT2625848.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT262[...]
Gelöscht : user_pref("CT2625848.UserID", "UN98849297996196027");
Gelöscht : user_pref("CT2625848.addressBarTakeOverEnabledInHidden", "true");
Gelöscht : user_pref("CT2625848.autoDisableScopes", -1);
Gelöscht : user_pref("CT2625848.browser.search.defaultthis.engineName", true);
Gelöscht : user_pref("CT2625848.cbcountry_001.enc", "RlI=");
Gelöscht : user_pref("CT2625848.cbfirsttime.enc", "U3VuIERlYyAwOSAyMDEyIDE4OjA1OjQwIEdNVCswMTAw");
Gelöscht : user_pref("CT2625848.defaultSearch", "true");
Gelöscht : user_pref("CT2625848.enableAlerts", "false");
Gelöscht : user_pref("CT2625848.enableFix404ByUser", "TRUE");
Gelöscht : user_pref("CT2625848.enableSearchFromAddressBar", "true");
Gelöscht : user_pref("CT2625848.firstTimeDialogOpened", "true");
Gelöscht : user_pref("CT2625848.fixPageNotFoundError", "true");
Gelöscht : user_pref("CT2625848.fixPageNotFoundErrorByUser", "true");
Gelöscht : user_pref("CT2625848.fixPageNotFoundErrorInHidden", "true");
Gelöscht : user_pref("CT2625848.fixUrls", true);
Gelöscht : user_pref("CT2625848.installId", "conduitnsisintegration");
Gelöscht : user_pref("CT2625848.installType", "conduitnsisintegration");
Gelöscht : user_pref("CT2625848.isCheckedStartAsHidden", true);
Gelöscht : user_pref("CT2625848.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2625848.isFirstTimeToolbarLoading", "false");
Gelöscht : user_pref("CT2625848.isNewTabEnabled", false);
Gelöscht : user_pref("CT2625848.isPerformedSmartBarTransition", "true");
Gelöscht : user_pref("CT2625848.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2625848.keyword", true);
Gelöscht : user_pref("CT2625848.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.condui[...]
Gelöscht : user_pref("CT2625848.lastVersion", "10.16.2.509");
Gelöscht : user_pref("CT2625848.migrateAppsAndComponents", true);
Gelöscht : user_pref("CT2625848.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fvenicebeach.pfit[...]
Gelöscht : user_pref("CT2625848.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2625848.openThankYouPage", "false");
Gelöscht : user_pref("CT2625848.openUninstallPage", "true");
Gelöscht : user_pref("CT2625848.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\[...]
Gelöscht : user_pref("CT2625848.price-gong.isManagedApp", "true");
Gelöscht : user_pref("CT2625848.revertSettingsEnabled", "false");
Gelöscht : user_pref("CT2625848.search.searchAppId", "129181467799155027");
Gelöscht : user_pref("CT2625848.search.searchCount", "0");
Gelöscht : user_pref("CT2625848.searchInNewTabEnabled", "false");
Gelöscht : user_pref("CT2625848.searchInNewTabEnabledByUser", "false");
Gelöscht : user_pref("CT2625848.searchInNewTabEnabledInHidden", "true");
Gelöscht : user_pref("CT2625848.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2625848.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2625848.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT2625848.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT2625848.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1355072729594");
Gelöscht : user_pref("CT2625848.serviceLayer_services_appsMetadata_lastUpdate", "1355091236146");
Gelöscht : user_pref("CT2625848.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1355072731824");
Gelöscht : user_pref("CT2625848.serviceLayer_services_location_lastUpdate", "1368783246593");
Gelöscht : user_pref("CT2625848.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358341037087");
Gelöscht : user_pref("CT2625848.serviceLayer_services_login_10.14.40.128_lastUpdate", "1359408750486");
Gelöscht : user_pref("CT2625848.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360770137853");
Gelöscht : user_pref("CT2625848.serviceLayer_services_login_10.14.65.43_lastUpdate", "1364915677878");
Gelöscht : user_pref("CT2625848.serviceLayer_services_login_10.15.0.562_lastUpdate", "1368783247801");
Gelöscht : user_pref("CT2625848.serviceLayer_services_login_10.16.2.509_lastUpdate", "1368823121192");
Gelöscht : user_pref("CT2625848.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1355072732725");
Gelöscht : user_pref("CT2625848.serviceLayer_services_searchAPI_lastUpdate", "1355072726097");
Gelöscht : user_pref("CT2625848.serviceLayer_services_serviceMap_lastUpdate", "1368783246446");
Gelöscht : user_pref("CT2625848.serviceLayer_services_toolbarContextMenu_lastUpdate", "1355072731355");
Gelöscht : user_pref("CT2625848.serviceLayer_services_toolbarSettings_lastUpdate", "1368823120995");
Gelöscht : user_pref("CT2625848.serviceLayer_services_translation_lastUpdate", "1368783247770");
Gelöscht : user_pref("CT2625848.serviceLayer_services_userApps1ec55dac-8dca-406b-9697-5d68893c1c0c_lastUpdate",[...]
Gelöscht : user_pref("CT2625848.serviceLayer_services_userApps_lastUpdate", "1355091237052");
Gelöscht : user_pref("CT2625848.settingsINI", true);
Gelöscht : user_pref("CT2625848.shouldFirstTimeDialog", "false");
Gelöscht : user_pref("CT2625848.showToolbarPermission", "false");
Gelöscht : user_pref("CT2625848.smartbar.CTID", "CT2625848");
Gelöscht : user_pref("CT2625848.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT2625848.smartbar.homepage", true);
Gelöscht : user_pref("CT2625848.smartbar.isHidden", true);
Gelöscht : user_pref("CT2625848.smartbar.toolbarName", "DVDVideoSoftTB DE ");
Gelöscht : user_pref("CT2625848.startPage", "userChanged");
Gelöscht : user_pref("CT2625848.toolbarBornServerTime", "9-12-2012");
Gelöscht : user_pref("CT2625848.toolbarCurrentServerTime", "17-5-2013");
Gelöscht : user_pref("CT2625848.toolbarLoginClientTime", "Tue Apr 02 2013 20:48:16 GMT+0200");
Gelöscht : user_pref("CT2625848.url_history0001.enc", "aHR0cDovL3d3dy5mYWNlYm9vay5jb20vP3JlZj10bl90bm1uOjo6Y2xp[...]
Gelöscht : user_pref("CT2625848_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Gelöscht : user_pref("browser.search.defaultenginename", "Search Results");
Gelöscht : user_pref("browser.search.order.1", "Search Results");
Gelöscht : user_pref("browser.search.selectedEngine", "Search Results");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.searchnu.com/102?appid=110");
Gelöscht : user_pref("extensions.delta.admin", false);
Gelöscht : user_pref("extensions.delta.aflt", "babsst");
Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Gelöscht : user_pref("extensions.delta.dfltLng", "en");
Gelöscht : user_pref("extensions.delta.excTlbr", false);
Gelöscht : user_pref("extensions.delta.id", "1ef4549b00000000000082b9a5d1bc8b");
Gelöscht : user_pref("extensions.delta.instlDay", "15797");
Gelöscht : user_pref("extensions.delta.instlRef", "sst");
Gelöscht : user_pref("extensions.delta.newTab", false);
Gelöscht : user_pref("extensions.delta.prdct", "delta");
Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Gelöscht : user_pref("extensions.delta.rvrt", "false");
Gelöscht : user_pref("extensions.delta.smplGrp", "none");
Gelöscht : user_pref("extensions.delta.tlbrId", "base");
Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.delta.vrsn", "1.8.10.0");
Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.10.020:39:32");
Gelöscht : user_pref("extensions.delta.vrsni", "1.8.10.0");
Gelöscht : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=110&systemid=102&apn[...]
Gelöscht : user_pref("smartbar.machineId", "/WE+C6HSXEKKYNUWLB0B9TKC262SVRCHMIC8H/PG4ISWWGHXIV8R+OW7X8/SGFK5GM9[...]
-\\ Google Chrome v26.0.1410.64
Datei : C:\Users\Ann-Kristin.B\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.30] : keyword = "search-results.com",
Gelöscht [l.34] : search_url = "hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=110&systemid=102&apn_uid=[...]
*************************
AdwCleaner[S1].txt - [17373 octets] - [23/05/2013 20:55:55]
########## EOF - C:\AdwCleaner[S1].txt - [17434 octets] ##########
Code:
ATTFilter # AdwCleaner v2.301 - Datei am 23/05/2013 um 21:06:37 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Ann-Kristin.B - ANN-KRISTINB-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Ann-Kristin.B\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files (x86)\search results toolbar
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16576
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\Ann-Kristin.B\AppData\Roaming\Mozilla\Firefox\Profiles\psibyyw1.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v26.0.1410.64
Datei : C:\Users\Ann-Kristin.B\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [17490 octets] - [23/05/2013 20:55:55]
AdwCleaner[S2].txt - [1040 octets] - [23/05/2013 21:06:37]
########## EOF - C:\AdwCleaner[S2].txt - [1100 octets] ##########
JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Ann-Kristin.B on 23.05.2013 at 21:26:45,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7abe12ca-e995-4ab4-9a4e-ef8820a20182}
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\filescout
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{651C3DAB-BC92-4E1E-8A9D-75C0AEFB3A03}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\datamngr"
Successfully deleted: [Folder] "C:\ProgramData\wincert"
Successfully deleted: [Folder] "C:\Users\Ann-Kristin.B\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Ann-Kristin.B\appdata\local\{11C79FC3-DC6C-47B2-8AB2-98ED1F59F347}
Successfully deleted: [Empty Folder] C:\Users\Ann-Kristin.B\appdata\local\{309528E5-C24A-4175-A8BC-173AAC6A6462}
Successfully deleted: [Empty Folder] C:\Users\Ann-Kristin.B\appdata\local\{485147DC-960C-43FC-BD83-56BD1F63A273}
Successfully deleted: [Empty Folder] C:\Users\Ann-Kristin.B\appdata\local\{85F4E600-4FD7-422E-9CDA-5FEDEDA94991}
Successfully deleted: [Empty Folder] C:\Users\Ann-Kristin.B\appdata\local\{B9CA9FDB-B57D-434A-98CF-39344F8A5CF5}
Successfully deleted: [Empty Folder] C:\Users\Ann-Kristin.B\appdata\local\{CEFC52FF-D3DA-476D-906B-D48D1B5EDBE1}
Successfully deleted: [Empty Folder] C:\Users\Ann-Kristin.B\appdata\local\{F566808F-E3CF-42BA-9E26-CF76E5AD80DB}
~~~ FireFox
Successfully deleted: [File] C:\Users\Ann-Kristin.B\AppData\Roaming\mozilla\firefox\profiles\psibyyw1.default\invalidprefs.js
Emptied folder: C:\Users\Ann-Kristin.B\AppData\Roaming\mozilla\firefox\profiles\psibyyw1.default\minidumps [92 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.05.2013 at 21:48:18,08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
| Themen zu Virenbefall durch Delta Search und Konsorten |
| adobe reader xi, antivirus, aswrvrt.sys, autorun, bandoo, bho, bonjour, desktop, error, esgscanner.sys, filescout.exe, firefox, flash player, fontcache, format, google, home, iexplore.exe, install.exe, logfile, mozilla, plug-in, realtek, registry, rundll, scan, search results toolbar, security, senden, software, spotify web helper, svchost.exe, windows, wlan, wscript.exe |
Hybrid-Darstellung
