| |
| |||||||
Log-Analyse und Auswertung: Rechner m. E. clean aber sendet ständig DatenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
24.01.2014, 10:42
| #1 |
| |  Rechner m. E. clean aber sendet ständig Daten Hi, folgendes Problem: Halte meinen Rechner eigentlich sauber, benutze in Win7 Browser in der Sandbox, habe keine unnötigen Autostarts und stelle meine Programme immer so ein, dass nichts automatisch im Hintergrund lädt bzw. Traffic verursacht. Daher ist (bzw. war) mein TCPview und die Traffic-Anzeige auf meinem Desktop eigentlich auch immer leer. Logisch. Seit einiger Zeit habe ich aber folgendes Problem: Im TCP View ist nach wie vor alles leer, also keine Prozesse die Traffic verursachen. Aber meine Traffic-Anzeige auf dem Desktop zeigt an, dass ca. jede Sekunde genau 208 Byte rausgesendet werden (siehe Anhangsbild). Da frage ich mich, wie das sein kann. Das ist bei mir zuhause so. Wenn ich z.B. in der Bibliothek oder Uni im WLAN bin ist noch mehr Traffic, nicht nur nach außen sondern auch zu meinem Laptop hin. Aber TCPview IMMER leer. Noch ein interessanter Fakt: Wenn ich zuhause das Internetkabel aus dem Router ziehe geht der Traffic genauso (208 B/Sekunde) weiter, wenn ich den Strom vom Router nehme ist der Traffic sofort bei 0. Jetzt ist meine Frage, was da los ist. Anbei die Logs. PS: Der Antivir-Log mit dem Fund dürfte unproblematisch sein, habe da nichts ausgeführt oder so. Danke für die Hilfe. Defogger Log: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:53 on 24/01/2014 (x)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Log: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2014
Ran by x (administrator) on X- on 24-01-2014 09:54:28
Running from C:\Users\x\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-12] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [DisplayFusion] - C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [7299584 2013-02-16] (Binary Fortress Software)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [266448 2013-06-21] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [214448 2013-06-21] (NVIDIA Corporation)
Startup: C:\Users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
Startup: C:\Users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Thunderbird.lnk
ShortcutTarget: Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\nn3dj5jw.default
FF Homepage: https://startpage.com/do/mypage.pl?prf=a3366353a9aaa3d03525971204f5d9ca
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Youtube MP3 Podcaster - C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\nn3dj5jw.default\Extensions\youtubemp3podcaster@jeremy.d.gregorio.com [2014-01-23]
FF Extension: NoScript - C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\nn3dj5jw.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-07-17]
FF Extension: Adblock Plus - C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\nn3dj5jw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-17]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-12] (Avira Operations GmbH & Co. KG)
S4 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1243024 2013-02-11] (Binary Fortress Software)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [183896 2013-07-08] (Sandboxie Holdings, LLC)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-09-02] (Brother Industries Ltd.)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-07] (Disc Soft Ltd)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [199384 2013-07-08] (Sandboxie Holdings, LLC)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-24 09:54 - 2014-01-24 09:54 - 00016515 _____ C:\Users\x\Desktop\FRST.txt
2014-01-24 09:54 - 2014-01-24 09:54 - 00000000 ____D C:\FRST
2014-01-24 09:53 - 2014-01-24 09:53 - 02077696 _____ (Farbar) C:\Users\x\Desktop\FRST64.exe
2014-01-24 09:52 - 2014-01-24 09:53 - 00000464 _____ C:\Users\x\Desktop\defogger_disable.log
2014-01-24 09:52 - 2014-01-24 09:52 - 00000000 _____ C:\Users\x\defogger_reenable
2014-01-24 09:51 - 2014-01-24 09:51 - 00050477 _____ C:\Users\x\Desktop\Defogger.exe
2014-01-15 06:01 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 06:01 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 06:01 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 06:01 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 06:01 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 06:01 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 06:01 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 06:01 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 06:01 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-04 18:31 - 2014-01-04 18:31 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-04 18:31 - 2014-01-04 18:31 - 00000000 ____D C:\Program Files\iPod
2014-01-04 18:31 - 2014-01-04 18:31 - 00000000 ____D C:\Program Files (x86)\iTunes
2014-01-04 18:29 - 2014-01-04 18:29 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-12-30 16:44 - 2013-12-30 16:44 - 00000000 _____ C:\Users\x\Sti_Trace.log
2013-12-30 16:30 - 2013-12-30 16:30 - 00000000 ___HD C:\ProgramData\CanonIJScan
2013-12-30 16:29 - 2013-12-30 16:30 - 00000000 ____D C:\Users\x\AppData\Roaming\Canon
2013-12-30 14:38 - 2013-12-30 14:38 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2013-12-30 14:38 - 2012-07-04 11:55 - 01354240 _____ (CANON INC.) C:\Windows\system32\CNQ2414C.dll
2013-12-30 14:38 - 2012-07-04 11:55 - 00112128 _____ (CANON INC.) C:\Windows\system32\CNQ2414I.dll
2013-12-30 14:38 - 2012-07-04 11:29 - 00106496 _____ (CANON INC.) C:\Windows\SysWOW64\CNQ2414U.dll
2013-12-30 14:38 - 2010-12-17 14:49 - 00515072 _____ (CANON INC.) C:\Windows\system32\CNQ2414L.dll
2013-12-30 14:38 - 2010-12-17 14:49 - 00438272 _____ (CANON INC.) C:\Windows\SysWOW64\CNQ2414L.dll
2013-12-30 14:38 - 2010-03-19 10:04 - 00393256 _____ C:\Windows\SysWOW64\CNQ2414N.DAT
2013-12-30 14:38 - 2010-03-19 10:04 - 00393256 _____ C:\Windows\system32\CNQ2414N.DAT
2013-12-30 14:38 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2013-12-30 14:38 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2013-12-30 14:37 - 2013-12-30 14:37 - 00000000 ___HD C:\Program Files\CanonBJ
2013-12-30 14:37 - 2012-04-18 14:24 - 00103424 _____ (Canon Inc.) C:\Windows\system32\CNQ2414O.dll
2013-12-30 14:37 - 2010-03-11 08:57 - 00248320 _____ (CANON INC.) C:\Windows\system32\CNQ2414Y.dll
2013-12-30 14:29 - 2013-12-30 14:39 - 00000000 ____D C:\Program Files (x86)\Canon
2013-12-30 09:44 - 2013-12-30 09:44 - 00003326 _____ C:\Windows\System32\Tasks\{749A62D5-2F41-4186-9658-BB5F56E284A8}
2013-12-26 16:13 - 2013-12-26 16:13 - 00000000 ____D C:\Users\x\AppData\Roaming\AVS4YOU
2013-12-26 16:12 - 2013-12-26 16:34 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-12-26 16:12 - 2013-12-26 16:13 - 00000000 ____D C:\ProgramData\AVS4YOU
2013-12-26 16:12 - 2012-03-23 19:59 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2013-12-26 16:12 - 2012-03-23 19:59 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
==================== One Month Modified Files and Folders =======
2014-01-24 09:54 - 2014-01-24 09:54 - 00016515 _____ C:\Users\x\Desktop\FRST.txt
2014-01-24 09:54 - 2014-01-24 09:54 - 00000000 ____D C:\FRST
2014-01-24 09:53 - 2014-01-24 09:53 - 02077696 _____ (Farbar) C:\Users\x\Desktop\FRST64.exe
2014-01-24 09:53 - 2014-01-24 09:52 - 00000464 _____ C:\Users\x\Desktop\defogger_disable.log
2014-01-24 09:52 - 2014-01-24 09:52 - 00000000 _____ C:\Users\x\defogger_reenable
2014-01-24 09:52 - 2013-07-17 12:43 - 00000000 ____D C:\Users\x
2014-01-24 09:51 - 2014-01-24 09:51 - 00050477 _____ C:\Users\x\Desktop\Defogger.exe
2014-01-24 09:49 - 2013-07-17 18:16 - 00000000 ____D C:\Users\x\AppData\Roaming\DisplayFusion
2014-01-24 09:26 - 2009-07-14 05:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-24 09:26 - 2009-07-14 05:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-24 09:22 - 2013-07-11 07:52 - 01422220 _____ C:\Windows\WindowsUpdate.log
2014-01-24 09:18 - 2013-10-12 16:15 - 00000256 _____ C:\Windows\Tasks\AutoKMS.job
2014-01-24 09:18 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-24 09:18 - 2009-07-14 05:51 - 00078604 _____ C:\Windows\setupact.log
2014-01-23 22:48 - 2013-07-11 17:45 - 00699666 _____ C:\Windows\system32\perfh007.dat
2014-01-23 22:48 - 2013-07-11 17:45 - 00149774 _____ C:\Windows\system32\perfc007.dat
2014-01-23 22:48 - 2009-07-14 06:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-23 21:06 - 2013-07-18 09:33 - 00000000 ____D C:\Users\x\AppData\Roaming\vlc
2014-01-20 22:12 - 2013-07-18 08:52 - 00000441 _____ C:\Windows\BRWMARK.INI
2014-01-15 06:08 - 2009-07-14 05:45 - 00371840 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 06:03 - 2013-07-17 15:28 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 06:01 - 2013-07-17 13:51 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-08 21:41 - 2013-08-31 22:22 - 00000000 ____D C:\Users\x\AppData\Roaming\dvdcss
2014-01-08 11:35 - 2013-07-17 18:20 - 00000000 ____D C:\Users\x\AppData\Roaming\Skype
2014-01-07 07:16 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-04 18:31 - 2014-01-04 18:31 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-04 18:31 - 2014-01-04 18:31 - 00000000 ____D C:\Program Files\iPod
2014-01-04 18:31 - 2014-01-04 18:31 - 00000000 ____D C:\Program Files (x86)\iTunes
2014-01-04 18:31 - 2013-08-04 13:16 - 00000000 ____D C:\Program Files\iTunes
2014-01-04 18:29 - 2014-01-04 18:29 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-12-31 10:02 - 2013-07-17 18:19 - 00002970 _____ C:\Windows\Sandboxie.ini
2013-12-30 18:03 - 2013-07-17 12:46 - 00087608 _____ C:\Users\x\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-30 17:36 - 2013-07-17 17:56 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-12-30 16:44 - 2013-12-30 16:44 - 00000000 _____ C:\Users\x\Sti_Trace.log
2013-12-30 16:30 - 2013-12-30 16:30 - 00000000 ___HD C:\ProgramData\CanonIJScan
2013-12-30 16:30 - 2013-12-30 16:29 - 00000000 ____D C:\Users\x\AppData\Roaming\Canon
2013-12-30 16:28 - 2009-07-14 04:20 - 00000000 __RSD C:\Windows\Media
2013-12-30 14:39 - 2013-12-30 14:29 - 00000000 ____D C:\Program Files (x86)\Canon
2013-12-30 14:38 - 2013-12-30 14:38 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2013-12-30 14:37 - 2013-12-30 14:37 - 00000000 ___HD C:\Program Files\CanonBJ
2013-12-30 09:44 - 2013-12-30 09:44 - 00003326 _____ C:\Windows\System32\Tasks\{749A62D5-2F41-4186-9658-BB5F56E284A8}
2013-12-29 00:41 - 2013-07-17 15:24 - 00000000 ____D C:\Program Files\Wallpapers
2013-12-26 16:34 - 2013-12-26 16:12 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-12-26 16:13 - 2013-12-26 16:13 - 00000000 ____D C:\Users\x\AppData\Roaming\AVS4YOU
2013-12-26 16:13 - 2013-12-26 16:12 - 00000000 ____D C:\ProgramData\AVS4YOU
Some content of TEMP:
====================
C:\Users\x\AppData\Local\Temp\avgnt.exe
C:\Users\x\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\x\AppData\Local\Temp\MSETUP4.EXE
C:\Users\x\AppData\Local\Temp\ose00000.exe
C:\Users\x\AppData\Local\Temp\ose00001.exe
C:\Users\x\AppData\Local\Temp\ose00002.exe
C:\Users\x\AppData\Local\Temp\Quarantine.exe
C:\Users\x\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-19 07:08
==================== End Of Log ============================
Addition Log: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2014
Ran by x at 2014-01-24 09:55:01
Running from C:\Users\x\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Acer Crystal Eye Webcam (x32 Version: 1.5.2904.00 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.5.2904.00 - CyberLink Corp.) Hidden
Acer ePower Management (x32 Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (x32 Version: 5.00.3504 - Acer Incorporated)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.0.1.152 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) MUI (x32 Version: 10.1.0 - Adobe Systems Incorporated)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
Broadcom Card Reader Driver Installer (Version: 14.8.2.2 - Broadcom Corporation)
Broadcom NetLink Controller (Version: 14.8.4.1 - Broadcom Corporation)
Canon MP Navigator EX 4.0 (x32 Version: - )
CanoScan LiDE 110 Scanner Driver (Version: - Canon Inc.)
Citrix Authentication Manager (x32 Version: 5.1.0.62606 - Citrix Systems, Inc.) Hidden
Citrix Receiver (DV) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HDX Flash-Umleitung) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver (USB) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver (x32 Version: 14.1.0.0 - Citrix Systems, Inc.)
Citrix Receiver Inside (x32 Version: 4.1.0.56471 - Citrix Systems, Inc.) Hidden
Citrix Receiver Updater (x32 Version: 4.1.0.56461 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
DAEMON Tools Lite (x32 Version: 4.48.1.0347 - Disc Soft Ltd)
DisplayFusion 5.0 (x32 Version: 5.0.0.0 - Binary Fortress Software)
Dolby Advanced Audio v2 (x32 Version: 7.2.7000.7 - Dolby Laboratories Inc)
ETDWare PS/2-X64 8.0.6.3_WHQL (Version: 8.0.6.3 - ELAN Microelectronic Corp.)
FreeFileSync 5.18 (x32 Version: 5.18 - Zenju)
Google Earth (x32 Version: 7.1.1.1888 - Google)
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2418 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 10.5.0.1026 - Intel Corporation)
IrfanView (remove only) (x32 Version: 4.36 - Irfan Skiljan)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Launch Manager (x32 Version: 5.1.7 - Acer Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden
Microsoft Office 64-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Project MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Project Professional 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Project Professional 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1 - Mozilla)
Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8 - Mozilla)
NVIDIA GeForce Experience 1.5 (Version: 1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 320.49 (Version: 320.49 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA Optimus 4.11.9 (Version: 4.11.9 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Systemsteuerung 320.49 (Version: 320.49 - NVIDIA Corporation) Hidden
NVIDIA Update 4.11.9 (Version: 4.11.9 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 4.11.9 - NVIDIA Corporation) Hidden
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PDF24 Creator 5.6.0 (x32 Version: - PDF24.org)
Rainmeter (x32 Version: 3.0 beta r2085 - )
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6438 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Sandboxie 4.04 (64-bit) (Version: 4.04 - Sandboxie Holdings, LLC)
Secure Eraser (x32 Version: 4.2.0.1 - ASCOMP Software GmbH)
Self-Service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
TeamViewer 9 (x32 Version: 9.0.24951 - TeamViewer)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (Version: 2.1.23.0 - Intel)
VLC media player 2.0.7 (Version: 2.0.7 - VideoLAN)
WinRAR 4.20 (64-Bit) (Version: 4.20.0 - win.rar GmbH)
==================== Restore Points =========================
04-01-2014 17:29:55 Installed iTunes
04-01-2014 17:33:46 Removed Bonjour
12-01-2014 09:49:38 Geplanter Prüfpunkt
15-01-2014 05:01:13 Windows Update
22-01-2014 14:58:49 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {4C00CEB4-2515-42CE-8CE2-7D9D0885016D} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {5B6E8396-8800-4414-94D0-F2878A533F30} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {9192E7FB-E3D0-4776-A73E-9F22A687A935} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {CFB2D706-A6E3-485D-B18B-E90BE23BA1C4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {E534047A-55AD-4DB5-99D4-FA62A3762511} - System32\Tasks\{572CA396-F381-4792-8628-8B4C1C9DDFEC} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/go/help.faq.installer?LastError=1618
Task: {E8A710ED-0F77-4BDD-ABEA-2FDF4F375BF9} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
==================== Loaded Modules (whitelisted) =============
2011-03-16 23:07 - 2011-03-16 23:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2013-07-17 17:55 - 2012-09-07 15:57 - 00559424 _____ () C:\Program Files (x86)\ASCOMP Software\Secure Eraser\SecEraser64.dll
2013-08-26 15:35 - 2013-08-26 15:35 - 00750776 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2013-08-26 15:32 - 2013-08-26 15:32 - 00013824 _____ () C:\Program Files\Rainmeter\Plugins\PerfMon.dll
2013-07-17 15:20 - 2013-07-17 15:18 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-14 06:58 - 2013-08-14 06:58 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f60b3ee2de3f41a024920486d46d49f2\IsdiInterop.ni.dll
2013-07-11 07:57 - 2011-04-29 23:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-07-18 10:35 - 2013-07-18 10:35 - 16166280 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
2013-08-21 07:15 - 2013-08-21 07:15 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-03-16 23:11 - 2011-03-16 23:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Broadcom NetLink (TM) Gigabit Ethernet
Description: Broadcom NetLink (TM) Gigabit Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: k57nd60a
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/24/2014 09:19:01 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/23/2014 01:16:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/23/2014 10:17:57 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/23/2014 07:58:41 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/22/2014 06:11:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/22/2014 01:43:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/21/2014 03:46:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/21/2014 09:31:18 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/20/2014 01:59:19 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/20/2014 10:08:51 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (01/24/2014 09:18:50 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/23/2014 01:16:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/23/2014 10:17:46 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/23/2014 07:58:31 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/22/2014 06:11:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/22/2014 01:42:46 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/21/2014 03:46:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/21/2014 09:31:03 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/20/2014 01:59:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/20/2014 10:08:41 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (01/24/2014 09:19:01 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/23/2014 01:16:22 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/23/2014 10:17:57 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/23/2014 07:58:41 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/22/2014 06:11:36 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/22/2014 01:43:02 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/21/2014 03:46:45 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/21/2014 09:31:18 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/20/2014 01:59:19 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/20/2014 10:08:51 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 30%
Total physical RAM: 8043.86 MB
Available physical RAM: 5566.8 MB
Total Pagefile: 16085.9 MB
Available Pagefile: 13439.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:222.73 GB) (Free:163.18 GB) NTFS
Drive d: (DATA) (Fixed) (Total:223.4 GB) (Free:184.9 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 7B5D9035)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=223 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=223 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Antivir Log: Code:
ATTFilter Die Datei 'C:\Program Files\Sandboxie\Sandbox\x\DefaultBox\user\current\Desktop\FLVPlayerSetup-0vomBLC.exe'
enthielt einen Virus oder unerwünschtes Programm 'APPL/Somoto.Gen2' [program].
Durchgeführte Aktion(en):
Eine Sicherungskopie wurde unter dem Namen 55153640.qua erstellt ( QUARANTÄNE ).
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4d8219cf.qua' verschoben!
In der Datei 'C:\Program Files\Sandboxie\Sandbox\x\DefaultBox\user\current\Desktop\FLVPlayerSetup-0vomBLC.exe'
wurde ein Virus oder unerwünschtes Programm 'APPL/Somoto.Gen2' [program] gefunden.
Ausgeführte Aktion: Zugriff verweigern
In der Datei 'C:\Program Files\Sandboxie\Sandbox\x\DefaultBox\user\current\Desktop\FLVPlayerSetup-0vomBLC.exe'
wurde ein Virus oder unerwünschtes Programm 'APPL/Somoto.Gen2' [program] gefunden.
Ausgeführte Aktion: Zugriff verweigern
In der Datei 'C:\Program Files\Sandboxie\Sandbox\x\DefaultBox\user\current\Desktop\FLVPlayerSetup-0vomBLC.exe'
wurde ein Virus oder unerwünschtes Programm 'APPL/Somoto.Gen2' [program] gefunden.
Ausgeführte Aktion: Zugriff verweigern
In der Datei 'C:\Program Files\Sandboxie\Sandbox\x\DefaultBox\user\current\Desktop\FLVPlayerSetup-0vomBLC.exe'
wurde ein Virus oder unerwünschtes Programm 'APPL/Somoto.Gen2' [program] gefunden.
Ausgeführte Aktion: Zugriff verweigern
In der Datei 'C:\Program Files\Sandboxie\Sandbox\x\DefaultBox\user\current\Desktop\FLVPlayerSetup-0vomBLC.exe'
wurde ein Virus oder unerwünschtes Programm 'APPL/Somoto.Gen2' [program] gefunden.
Ausgeführte Aktion: Zugriff verweigern
In der Datei 'C:\Program Files\Sandboxie\Sandbox\x\DefaultBox\user\current\Desktop\FLVPlayerSetup-0vomBLC.exe'
wurde ein Virus oder unerwünschtes Programm 'APPL/Somoto.Gen2' [program] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
In der Datei 'C:\Program Files\Sandboxie\Sandbox\x\DefaultBox\user\current\AppData\Local\Temp\IRsHGwxz.exe.part'
wurde ein Virus oder unerwünschtes Programm 'APPL/Somoto.Gen2' [program] gefunden.
Ausgeführte Aktion: Zugriff verweigern
In der Datei 'C:\Program Files\Sandboxie\Sandbox\x\DefaultBox\user\current\AppData\Local\Temp\IRsHGwxz.exe.part'
wurde ein Virus oder unerwünschtes Programm 'APPL/Somoto.Gen2' [program] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
GMER Log: Im Anhang (Gmer.rar), da zu Text lang. |
|
24.01.2014, 10:55
| #2 |
| /// the machine /// TB-Ausbilder    |  Rechner m. E. clean aber sendet ständig Daten Hi,
__________________mit Internetkabel meinst Du die Verbindung von Router zu Inet, nicht zum Rechner oder? Schonmal deinen Citrix Client abgeschossen oder Avira udn geschaut ob es dann weg ist?
__________________ |
|
24.01.2014, 11:00
| #3 | |
| | Gmer-Log Aufgeteilt, Teil 1Code:
ATTFilter GMER 2.1.19355 - hxxp://www.gmer.net
Rootkit scan 2014-01-24 10:07:27
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: gmer.exe; Driver: C:\Users\x\AppData\Local\Temp\ugldipow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1652] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000077a9af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1652] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077aa4a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1652] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077ac2990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1652] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077acefe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1652] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077af99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1652] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077b094d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1652] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077b09640 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1652] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077b2a500 7 bytes JMP 000000016fff0228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1652] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdbe2db0 5 bytes JMP 000007fffdbd0180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1652] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdbe37d0 7 bytes JMP 000007fffdbd00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1652] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdbe8ef0 6 bytes JMP 000007fffdbd0148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1652] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdbfaf60 5 bytes JMP 000007fffdbd0110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1652] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe8e89e0 8 bytes JMP 000007fffdbd01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1652] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe8ebe40 8 bytes JMP 000007fffdbd01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1652] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe117490 11 bytes JMP 000007fffdbd0228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1652] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe12bf00 7 bytes JMP 000007fffdbd0260
.text C:\Windows\system32\Dwm.exe[1908] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000077a9af40 7 bytes JMP 000000016fff0260
.text C:\Windows\system32\Dwm.exe[1908] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077aa4a60 5 bytes JMP 000000016fff01b8
.text C:\Windows\system32\Dwm.exe[1908] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077ac2990 5 bytes JMP 000000016fff01f0
.text C:\Windows\system32\Dwm.exe[1908] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077acefe0 5 bytes JMP 000000016fff0148
.text C:\Windows\system32\Dwm.exe[1908] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077af99b0 7 bytes JMP 000000016fff00d8
.text C:\Windows\system32\Dwm.exe[1908] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077b094d0 5 bytes JMP 000000016fff0180
.text C:\Windows\system32\Dwm.exe[1908] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077b09640 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\Dwm.exe[1908] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077b2a500 7 bytes JMP 000000016fff0228
.text C:\Windows\system32\Dwm.exe[1908] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdbe2db0 5 bytes JMP 000007fffdbd0180
.text C:\Windows\system32\Dwm.exe[1908] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdbe37d0 7 bytes JMP 000007fffdbd00d8
.text C:\Windows\system32\Dwm.exe[1908] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdbe8ef0 6 bytes JMP 000007fffdbd0148
.text C:\Windows\system32\Dwm.exe[1908] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdbfaf60 5 bytes JMP 000007fffdbd0110
.text C:\Windows\system32\Dwm.exe[1908] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe8e89e0 8 bytes JMP 000007fffdbd01f0
.text C:\Windows\system32\Dwm.exe[1908] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe8ebe40 8 bytes JMP 000007fffdbd01b8
.text C:\Windows\system32\Dwm.exe[1908] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef8f6dc88 5 bytes JMP 000007fff8d600d8
.text C:\Windows\system32\Dwm.exe[1908] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef8f6de10 5 bytes JMP 000007fff8d60110
.text C:\Program Files\Elantech\ETDCtrl.exe[2328] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000077a9af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\Elantech\ETDCtrl.exe[2328] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077aa4a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Elantech\ETDCtrl.exe[2328] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077ac2990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Elantech\ETDCtrl.exe[2328] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077acefe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Elantech\ETDCtrl.exe[2328] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077af99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Elantech\ETDCtrl.exe[2328] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077b094d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Elantech\ETDCtrl.exe[2328] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077b09640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Elantech\ETDCtrl.exe[2328] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077b2a500 7 bytes JMP 000000016fff0228
.text C:\Program Files\Elantech\ETDCtrl.exe[2328] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdbe2db0 5 bytes JMP 000007fffdbd0180
.text C:\Program Files\Elantech\ETDCtrl.exe[2328] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdbe37d0 7 bytes JMP 000007fffdbd00d8
.text C:\Program Files\Elantech\ETDCtrl.exe[2328] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdbe8ef0 6 bytes JMP 000007fffdbd0148
.text C:\Program Files\Elantech\ETDCtrl.exe[2328] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdbfaf60 5 bytes JMP 000007fffdbd0110
.text C:\Program Files\Elantech\ETDCtrl.exe[2328] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe8e89e0 8 bytes JMP 000007fffdbd01f0
.text C:\Program Files\Elantech\ETDCtrl.exe[2328] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe8ebe40 8 bytes JMP 000007fffdbd01b8
.text C:\Program Files\Elantech\ETDCtrl.exe[2328] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe117490 11 bytes JMP 000007fffdbd0228
.text C:\Program Files\Elantech\ETDCtrl.exe[2328] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe12bf00 7 bytes JMP 000007fffdbd0260
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2336] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000077a9af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2336] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077aa4a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2336] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077ac2990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2336] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077acefe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2336] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077af99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2336] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077b094d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2336] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077b09640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2336] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077b2a500 7 bytes JMP 000000016fff0228
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2336] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdbe2db0 5 bytes JMP 000007fffdbd0180
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2336] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdbe37d0 7 bytes JMP 000007fffdbd00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2336] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdbe8ef0 6 bytes JMP 000007fffdbd0148
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2336] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdbfaf60 5 bytes JMP 000007fffdbd0110
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2336] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe8e89e0 8 bytes JMP 000007fffdbd01f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2336] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe8ebe40 8 bytes JMP 000007fffdbd01b8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2336] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe117490 11 bytes JMP 000007fffdbd0228
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2336] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe12bf00 7 bytes JMP 000007fffdbd0260
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2344] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000077a9af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2344] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077aa4a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2344] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077ac2990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2344] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077acefe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2344] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077af99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2344] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077b094d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2344] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077b09640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2344] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077b2a500 7 bytes JMP 000000016fff0228
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2344] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdbe2db0 5 bytes JMP 000007fffdbd0180
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2344] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdbe37d0 7 bytes JMP 000007fffdbd00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2344] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdbe8ef0 6 bytes JMP 000007fffdbd0148
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2344] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdbfaf60 5 bytes JMP 000007fffdbd0110
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2344] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe117490 11 bytes JMP 000007fffdbd0228
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2344] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe12bf00 7 bytes JMP 000007fffdbd0260
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2344] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe8e89e0 8 bytes JMP 000007fffdbd01f0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2344] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe8ebe40 8 bytes JMP 000007fffdbd01b8
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2380] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000077a9af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2380] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077aa4a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2380] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077ac2990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2380] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077acefe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2380] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077af99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2380] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077b094d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2380] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077b09640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2380] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077b2a500 7 bytes JMP 000000016fff0228
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2380] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdbe2db0 5 bytes JMP 000007fffdbd0180
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2380] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdbe37d0 7 bytes JMP 000007fffdbd00d8
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2380] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdbe8ef0 6 bytes JMP 000007fffdbd0148
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2380] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdbfaf60 5 bytes JMP 000007fffdbd0110
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2380] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe8e89e0 8 bytes JMP 000007fffdbd01f0
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2380] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe8ebe40 8 bytes JMP 000007fffdbd01b8
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2380] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe117490 11 bytes JMP 000007fffdbd0228
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2380] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe12bf00 7 bytes JMP 000007fffdbd0260
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2468] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075961eee 7 bytes JMP 00000001709f16b3
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2468] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075965b85 7 bytes JMP 00000001709f11cc
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2468] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000759713e1 7 bytes JMP 00000001709f12a8
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2468] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007597ea0d 7 bytes JMP 00000001709f1262
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2468] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007598b1d3 5 bytes JMP 00000001709f15c8
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2468] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075a088b4 7 bytes JMP 00000001709f1357
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2468] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075a08939 5 bytes JMP 00000001709f16f4
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2468] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075a08c8f 5 bytes JMP 00000001709f101e
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2468] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076d81d1b 5 bytes JMP 00000001709f11e5
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2468] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076d81dc9 5 bytes JMP 00000001709f1019
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2468] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076d82aa4 5 bytes JMP 00000001709f1573
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2468] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076d82d0a 5 bytes JMP 00000001709f128f
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2468] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075868a29 5 bytes JMP 00000001709f1046
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2468] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075874572 5 bytes JMP 00000001709f10c8
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2468] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007588e567 5 bytes JMP 00000001709f1433
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2468] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000758c7a5c 5 bytes JMP 00000001709f15f0
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2468] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076c9e96b 5 bytes JMP 00000001709f15e1
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2468] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076c9eba5 5 bytes JMP 00000001709f11a9
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2468] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075bd5ea5 5 bytes JMP 00000001709f1618
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2468] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075c09d0b 5 bytes JMP 00000001709f123f
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2476] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075961eee 7 bytes JMP 00000001709f16b3
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2476] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075965b85 7 bytes JMP 00000001709f11cc
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2476] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000759713e1 7 bytes JMP 00000001709f12a8
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2476] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007597ea0d 7 bytes JMP 00000001709f1262
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2476] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007598b1d3 5 bytes JMP 00000001709f15c8
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2476] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075a088b4 7 bytes JMP 00000001709f1357
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2476] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075a08939 5 bytes JMP 00000001709f16f4
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2476] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075a08c8f 5 bytes JMP 00000001709f101e
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2476] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076d81d1b 5 bytes JMP 00000001709f11e5
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2476] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076d81dc9 5 bytes JMP 00000001709f1019
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2476] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076d82aa4 5 bytes JMP 00000001709f1573
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2476] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076d82d0a 5 bytes JMP 00000001709f128f
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2476] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075868a29 5 bytes JMP 00000001709f1046
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2476] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075874572 5 bytes JMP 00000001709f10c8
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2476] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007588e567 5 bytes JMP 00000001709f1433
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2476] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000758c7a5c 5 bytes JMP 00000001709f15f0
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2476] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076c9e96b 5 bytes JMP 00000001709f15e1
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2476] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076c9eba5 5 bytes JMP 00000001709f11a9
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2476] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075bd5ea5 5 bytes JMP 00000001709f1618
.text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2476] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075c09d0b 5 bytes JMP 00000001709f123f
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2660] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075961eee 7 bytes JMP 00000001709f16b3
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2660] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075965b85 7 bytes JMP 00000001709f11cc
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2660] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000759713e1 7 bytes JMP 00000001709f12a8
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2660] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007597ea0d 7 bytes JMP 00000001709f1262
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2660] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007598b1d3 5 bytes JMP 00000001709f15c8
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2660] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075a088b4 7 bytes JMP 00000001709f1357
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2660] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075a08939 5 bytes JMP 00000001709f16f4
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2660] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075a08c8f 5 bytes JMP 00000001709f101e
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2660] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076d81d1b 5 bytes JMP 00000001709f11e5
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2660] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076d81dc9 5 bytes JMP 00000001709f1019
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2660] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076d82aa4 5 bytes JMP 00000001709f1573
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2660] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076d82d0a 5 bytes JMP 00000001709f128f
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2660] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076c9e96b 5 bytes JMP 00000001709f15e1
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2660] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076c9eba5 5 bytes JMP 00000001709f11a9
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2660] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075868a29 5 bytes JMP 00000001709f1046
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2660] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075874572 5 bytes JMP 00000001709f10c8
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2660] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007588e567 5 bytes JMP 00000001709f1433
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2660] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000758c7a5c 5 bytes JMP 00000001709f15f0
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2660] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075bd5ea5 5 bytes JMP 00000001709f1618
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2660] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075c09d0b 5 bytes JMP 00000001709f123f
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[2672] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000077a9af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[2672] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077aa4a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[2672] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077ac2990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[2672] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077acefe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[2672] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077af99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[2672] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077b094d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[2672] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077b09640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[2672] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077b2a500 7 bytes JMP 000000016fff0228
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[2672] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdbe2db0 5 bytes JMP 000007fffdbd0180
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[2672] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdbe37d0 7 bytes JMP 000007fffdbd00d8
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[2672] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdbe8ef0 6 bytes JMP 000007fffdbd0148
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[2672] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdbfaf60 5 bytes JMP 000007fffdbd0110
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[2672] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe8e89e0 8 bytes JMP 000007fffdbd01f0
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[2672] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe8ebe40 8 bytes JMP 000007fffdbd01b8
.text C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe[2680] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 0000000077a9af40 7 bytes JMP 000000016fff0260
.text C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe[2680] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 0000000077aa4a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe[2680] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 0000000077ac2990 5 bytes JMP 000000016fff01f0
.text C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe[2680] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 0000000077acefe0 5 bytes JMP 000000016fff0148
.text C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe[2680] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 0000000077af99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe[2680] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 0000000077b094d0 5 bytes JMP 000000016fff0180
.text C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe[2680] C:\Windows\system32\KERNEL32.dll!K32GetModuleFileNameExW 0000000077b09640 5 bytes JMP 000000016fff0110
.text C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe[2680] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 0000000077b2a500 7 bytes JMP 000000016fff0228
.text C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe[2680] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdbe2db0 5 bytes JMP 000007fffdbd0180
.text C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe[2680] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdbe37d0 7 bytes JMP 000007fffdbd00d8
.text C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe[2680] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdbe8ef0 6 bytes JMP 000007fffdbd0148
.text C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe[2680] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdbfaf60 5 bytes JMP 000007fffdbd0110
.text C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe[2680] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe8e89e0 8 bytes JMP 000007fffdbd01f0
.text C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe[2680] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe8ebe40 8 bytes JMP 000007fffdbd01b8
.text C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe[2680] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe117490 11 bytes JMP 000007fffdbd0228
.text C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe[2680] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe12bf00 7 bytes JMP 000007fffdbd0260
.text C:\Program Files\Rainmeter\Rainmeter.exe[2696] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000077a9af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\Rainmeter\Rainmeter.exe[2696] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077aa4a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Rainmeter\Rainmeter.exe[2696] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077ac2990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Rainmeter\Rainmeter.exe[2696] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077acefe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Rainmeter\Rainmeter.exe[2696] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077af99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Rainmeter\Rainmeter.exe[2696] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077b094d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Rainmeter\Rainmeter.exe[2696] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077b09640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Rainmeter\Rainmeter.exe[2696] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077b2a500 7 bytes JMP 000000016fff0228
.text C:\Program Files\Rainmeter\Rainmeter.exe[2696] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdbe2db0 5 bytes JMP 000007fffdbd0180
.text C:\Program Files\Rainmeter\Rainmeter.exe[2696] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdbe37d0 7 bytes JMP 000007fffdbd00d8
.text C:\Program Files\Rainmeter\Rainmeter.exe[2696] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdbe8ef0 6 bytes JMP 000007fffdbd0148
.text C:\Program Files\Rainmeter\Rainmeter.exe[2696] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdbfaf60 5 bytes JMP 000007fffdbd0110
.text C:\Program Files\Rainmeter\Rainmeter.exe[2696] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe8e89e0 8 bytes JMP 000007fffdbd01f0
.text C:\Program Files\Rainmeter\Rainmeter.exe[2696] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe8ebe40 8 bytes JMP 000007fffdbd01b8
.text C:\Program Files (x86)\Launch Manager\LManager.exe[2888] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075961eee 7 bytes JMP 00000001709f16b3
.text C:\Program Files (x86)\Launch Manager\LManager.exe[2888] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075965b85 7 bytes JMP 00000001709f11cc
.text C:\Program Files (x86)\Launch Manager\LManager.exe[2888] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000759713e1 7 bytes JMP 00000001709f12a8
.text C:\Program Files (x86)\Launch Manager\LManager.exe[2888] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007597ea0d 7 bytes JMP 00000001709f1262
.text C:\Program Files (x86)\Launch Manager\LManager.exe[2888] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007598b1d3 5 bytes JMP 00000001709f15c8
.text C:\Program Files (x86)\Launch Manager\LManager.exe[2888] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075a088b4 7 bytes JMP 00000001709f1357
.text C:\Program Files (x86)\Launch Manager\LManager.exe[2888] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075a08939 5 bytes JMP 00000001709f16f4
.text C:\Program Files (x86)\Launch Manager\LManager.exe[2888] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075a08c8f 5 bytes JMP 00000001709f101e
.text C:\Program Files (x86)\Launch Manager\LManager.exe[2888] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076d81d1b 5 bytes JMP 00000001709f11e5
.text C:\Program Files (x86)\Launch Manager\LManager.exe[2888] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076d81dc9 5 bytes JMP 00000001709f1019
.text C:\Program Files (x86)\Launch Manager\LManager.exe[2888] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076d82aa4 5 bytes JMP 00000001709f1573
.text C:\Program Files (x86)\Launch Manager\LManager.exe[2888] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076d82d0a 5 bytes JMP 00000001709f128f
.text C:\Program Files (x86)\Launch Manager\LManager.exe[2888] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076c9e96b 5 bytes JMP 00000001709f15e1
.text C:\Program Files (x86)\Launch Manager\LManager.exe[2888] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076c9eba5 5 bytes JMP 00000001709f11a9
.text C:\Program Files (x86)\Launch Manager\LManager.exe[2888] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075868a29 5 bytes JMP 00000001709f1046
.text C:\Program Files (x86)\Launch Manager\LManager.exe[2888] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075874572 5 bytes JMP 00000001709f10c8
.text C:\Program Files (x86)\Launch Manager\LManager.exe[2888] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007588e567 5 bytes JMP 00000001709f1433
.text C:\Program Files (x86)\Launch Manager\LManager.exe[2888] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000758c7a5c 5 bytes JMP 00000001709f15f0
.text C:\Program Files (x86)\Launch Manager\LManager.exe[2888] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075bd5ea5 5 bytes JMP 00000001709f1618
.text C:\Program Files (x86)\Launch Manager\LManager.exe[2888] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075c09d0b 5 bytes JMP 00000001709f123f
.text C:\Program Files (x86)\Launch Manager\LManager.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077d61465 2 bytes [D6, 77]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077d614bb 2 bytes [D6, 77]
.text ... * 2
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2896] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075961eee 7 bytes JMP 00000001709f16b3
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2896] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075965b85 7 bytes JMP 00000001709f11cc
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2896] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000759713e1 7 bytes JMP 00000001709f12a8
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2896] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 000000007597ea0d 7 bytes JMP 00000001709f1262
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2896] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007598b1d3 5 bytes JMP 00000001709f15c8
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2896] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075a088b4 7 bytes JMP 00000001709f1357
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2896] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075a08939 5 bytes JMP 00000001709f16f4
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2896] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075a08c8f 5 bytes JMP 00000001709f101e
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2896] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076d81d1b 5 bytes JMP 00000001709f11e5
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2896] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076d81dc9 5 bytes JMP 00000001709f1019
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2896] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076d82aa4 5 bytes JMP 00000001709f1573
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2896] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076d82d0a 5 bytes JMP 00000001709f128f
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2896] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076c9e96b 5 bytes JMP 00000001709f15e1
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2896] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076c9eba5 5 bytes JMP 00000001709f11a9
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2896] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075868a29 5 bytes JMP 00000001709f1046
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2896] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075874572 5 bytes JMP 00000001709f10c8
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2896] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007588e567 5 bytes JMP 00000001709f1433
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2896] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000758c7a5c 5 bytes JMP 00000001709f15f0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2896] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075bd5ea5 5 bytes JMP 00000001709f1618
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[2896] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075c09d0b 5 bytes JMP 00000001709f123f
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[2924] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000077a9af40 7 bytes JMP 000000016fff0260
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[2924] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077aa4a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[2924] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077ac2990 5 bytes JMP 000000016fff01f0
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[2924] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077acefe0 5 bytes JMP 000000016fff0148
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[2924] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077af99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[2924] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077b094d0 5 bytes JMP 000000016fff0180
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[2924] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077b09640 5 bytes JMP 000000016fff0110
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[2924] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077b2a500 7 bytes JMP 000000016fff0228
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[2924] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdbe2db0 5 bytes JMP 000007fffdbd0180
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[2924] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdbe37d0 7 bytes JMP 000007fffdbd00d8
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[2924] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdbe8ef0 6 bytes JMP 000007fffdbd0148
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[2924] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdbfaf60 5 bytes JMP 000007fffdbd0110
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[2924] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe8e89e0 8 bytes JMP 000007fffdbd01f0
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[2924] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe8ebe40 8 bytes JMP 000007fffdbd01b8
.text C:\Windows\system32\wbem\unsecapp.exe[3412] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000077a9af40 7 bytes JMP 000000016fff0260
.text C:\Windows\system32\wbem\unsecapp.exe[3412] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077aa4a60 5 bytes JMP 000000016fff01b8
.text C:\Windows\system32\wbem\unsecapp.exe[3412] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077ac2990 5 bytes JMP 000000016fff01f0
.text C:\Windows\system32\wbem\unsecapp.exe[3412] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077acefe0 5 bytes JMP 000000016fff0148
.text C:\Windows\system32\wbem\unsecapp.exe[3412] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077af99b0 7 bytes JMP 000000016fff00d8
.text C:\Windows\system32\wbem\unsecapp.exe[3412] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077b094d0 5 bytes JMP 000000016fff0180
.text C:\Windows\system32\wbem\unsecapp.exe[3412] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077b09640 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\wbem\unsecapp.exe[3412] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077b2a500 7 bytes JMP 000000016fff0228
.text C:\Windows\system32\wbem\unsecapp.exe[3412] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdbe2db0 5 bytes JMP 000007fffdbd0180
.text C:\Windows\system32\wbem\unsecapp.exe[3412] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdbe37d0 7 bytes JMP 000007fffdbd00d8
.text C:\Windows\system32\wbem\unsecapp.exe[3412] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdbe8ef0 6 bytes JMP 000007fffdbd0148
.text C:\Windows\system32\wbem\unsecapp.exe[3412] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdbfaf60 5 bytes JMP 000007fffdbd0110
.text C:\Windows\system32\wbem\unsecapp.exe[3412] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe117490 11 bytes JMP 000007fffdbd0228
.text C:\Windows\system32\wbem\unsecapp.exe[3412] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefe12bf00 7 bytes JMP 000007fffdbd0260
.text C:\Windows\system32\wbem\unsecapp.exe[3412] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe8e89e0 8 bytes JMP 000007fffdbd01f0
.text C:\Windows\system32\wbem\unsecapp.exe[3412] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe8ebe40 8 bytes JMP 000007fffdbd01b8
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3496] C:\Windows\system32\kernel32.dll!RegSetValueExW 0000000077a9af40 7 bytes JMP 000000016fff0260
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3496] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077aa4a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3496] C:\Windows\system32\kernel32.dll!RegDeleteValueW 0000000077ac2990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3496] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077acefe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3496] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077af99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3496] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077b094d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3496] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077b09640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3496] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077b2a500 7 bytes JMP 000000016fff0228
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3496] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdbe2db0 5 bytes JMP 000007fffdbd0180
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3496] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdbe37d0 7 bytes JMP 000007fffdbd00d8
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3496] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdbe8ef0 6 bytes JMP 000007fffdbd0148
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3496] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdbfaf60 5 bytes JMP 000007fffdbd0110
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3496] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe8e89e0 8 bytes JMP 000007fffdbd01f0
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3496] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe8ebe40 8 bytes JMP 000007fffdbd01b8
.text C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe[3612] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000075961eee 7 bytes JMP 00000001709f16b3
.text C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe[3612] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000075965b85 7 bytes JMP 00000001709f11cc
.text C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe[3612] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 00000000759713e1 7 bytes JMP 00000001709f12a8
.text C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe[3612] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 000000007597ea0d 7 bytes JMP 00000001709f1262
.text C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe[3612] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 000000007598b1d3 5 bytes JMP 00000001709f15c8
.text C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe[3612] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000075a088b4 7 bytes JMP 00000001709f1357
.text C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe[3612] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000075a08939 5 bytes JMP 00000001709f16f4
.text C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe[3612] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000075a08c8f 5 bytes JMP 00000001709f101e
.text C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe[3612] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076d81d1b 5 bytes JMP 00000001709f11e5
.text C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe[3612] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076d81dc9 5 bytes JMP 00000001709f1019
.text C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe[3612] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076d82aa4 5 bytes JMP 00000001709f1573
.text C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe[3612] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076d82d0a 5 bytes JMP 00000001709f128f
.text C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe[3612] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076c9e96b 5 bytes JMP 00000001709f15e1
.text C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe[3612] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076c9eba5 5 bytes JMP 00000001709f11a9
.text C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe[3612] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075868a29 5 bytes JMP 00000001709f1046
.text C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe[3612] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075874572 5 bytes JMP 00000001709f10c8
.text C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe[3612] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007588e567 5 bytes JMP 00000001709f1433
.text C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe[3612] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000758c7a5c 5 bytes JMP 00000001709f15f0
.text C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe[3612] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075bd5ea5 5 bytes JMP 00000001709f1618
.text C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe[3612] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075c09d0b 5 bytes JMP 00000001709f123f
.text C:\Program Files\Sandboxie\SbieSvc.exe[4964] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdbe2db0 5 bytes JMP 000007fffdbd0180
.text C:\Program Files\Sandboxie\SbieSvc.exe[4964] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdbe37d0 7 bytes JMP 000007fffdbd00d8
.text C:\Program Files\Sandboxie\SbieSvc.exe[4964] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdbe8ef0 6 bytes JMP 000007fffdbd0148
.text C:\Program Files\Sandboxie\SbieSvc.exe[4964] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdbfaf60 5 bytes JMP 000007fffdbd0110
.text C:\Program Files\Sandboxie\SbieSvc.exe[4964] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe8e89e0 8 bytes JMP 000007fffdbd01f0
.text C:\Program Files\Sandboxie\SbieSvc.exe[4964] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe8ebe40 8 bytes JMP 000007fffdbd01b8
.text C:\Program Files\Sandboxie\SbieSvc.exe[4964] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 0000000077996c80 5 bytes JMP 000000016fff0308
.text C:\Program Files\Sandboxie\SbieSvc.exe[4964] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000000007799a5b4 5 bytes JMP 000000016fff02d0
.text C:\Program Files\Sandboxie\SbieSvc.exe[4964] C:\Windows\system32\USER32.dll!CreateWindowExW 00000000779a0810 7 bytes JMP 000000016fff0340
.text C:\Program Files\Sandboxie\SbieSvc.exe[4964] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00000000779accec 9 bytes JMP 000000016fff0298
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!RtlAdjustPrivilege 0000000077bba7d0 5 bytes JMP 0000000100cd26ac
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077bd3b10 5 bytes JMP 0000000175750720
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077bd7ac0 5 bytes JMP 0000000175750680
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!LdrInitializeThunk 0000000077bdc340 5 bytes JMP 0000000077d60008
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx 0000000077be92d0 5 bytes JMP 0000000175752e00
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentDirectory_U 0000000077bfb130 5 bytes JMP 0000000175730a90
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!RtlSetCurrentDirectory_U 0000000077bfb470 5 bytes JMP 0000000175730d20
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryElevationFlags 0000000077bfb870 5 bytes JMP 000000017575ddb0
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!LdrQueryImageFileExecutionOptions 0000000077bfbb60 5 bytes JMP 00000001757507e0
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtMapUserPhysicalPagesScatter 0000000077c012e0 4 bytes [49, C7, C2, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtMapUserPhysicalPagesScatter + 7 0000000077c012e7 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForSingleObject 0000000077c012f0 5 bytes [49, C7, C2, 01, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForSingleObject + 7 0000000077c012f7 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile 0000000077c01310 5 bytes JMP 0000000175726850
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile + 7 0000000077c01317 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile 0000000077c01320 1 byte JMP 000000017572fcb0
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile + 2 0000000077c01322 3 bytes JMP 0000000077c110d9
.text ... * 2
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077c01330 5 bytes JMP 0000000175726970
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 7 0000000077c01337 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtRemoveIoCompletion 0000000077c01340 5 bytes [49, C7, C2, 06, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtRemoveIoCompletion + 7 0000000077c01347 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseSemaphore 0000000077c01350 5 bytes [49, C7, C2, 07, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseSemaphore + 7 0000000077c01357 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c01360 5 bytes [49, C7, C2, 08, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort + 7 0000000077c01367 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtReplyPort 0000000077c01370 5 bytes [49, C7, C2, 09, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtReplyPort + 7 0000000077c01377 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077c01380 5 bytes [49, C7, C2, 0A, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 7 0000000077c01387 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtSetEvent 0000000077c01390 5 bytes [49, C7, C2, 0B, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtSetEvent + 7 0000000077c01397 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077c013a0 5 bytes JMP 0000000175732f80
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 7 0000000077c013a7 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c013b0 1 byte JMP 0000000175752340
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject + 2 0000000077c013b2 3 bytes {JMP 0xfffffffffdb50f90}
.text ... * 2
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationFile 0000000077c013c0 5 bytes JMP 00000001757354e0
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationFile + 7 0000000077c013c7 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 0000000077c013d0 5 bytes JMP 000000017574f350
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey + 7 0000000077c013d7 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateValueKey 0000000077c013e0 1 byte JMP 000000017574ee70
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateValueKey + 2 0000000077c013e2 3 bytes {JMP 0xfffffffffdb4da90}
.text ... * 2
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtFindAtom 0000000077c013f0 5 bytes [49, C7, C2, 11, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtFindAtom + 7 0000000077c013f7 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDefaultLocale 0000000077c01400 5 bytes [49, C7, C2, 12, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDefaultLocale + 7 0000000077c01407 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryKey 0000000077c01410 5 bytes JMP 000000017574f800
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryKey + 7 0000000077c01417 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryValueKey 0000000077c01420 5 bytes JMP 000000017574eac0
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryValueKey + 7 0000000077c01427 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077c01430 5 bytes [49, C7, C2, 15, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 7 0000000077c01437 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess 0000000077c01440 5 bytes [49, C7, C2, 16, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationProcess + 7 0000000077c01447 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForMultipleObjects32 0000000077c01450 5 bytes [49, C7, C2, 17, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForMultipleObjects32 + 7 0000000077c01457 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFileGather 0000000077c01460 5 bytes [49, C7, C2, 18, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFileGather + 7 0000000077c01467 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077c01470 1 byte JMP 0000000175753b00
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 2 0000000077c01472 3 bytes {JMP 0xfffffffffdb52690}
.text ... * 2
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 0000000077c01480 5 bytes JMP 000000017574e140
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey + 7 0000000077c01487 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077c01490 5 bytes [49, C7, C2, 1B, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 7 0000000077c01497 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000077c014a0 5 bytes JMP 00000001757450a0
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 7 0000000077c014a7 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseMutant 0000000077c014b0 5 bytes [49, C7, C2, 1D, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtReleaseMutant + 7 0000000077c014b7 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 0000000077c014c0 5 bytes [49, C7, C2, 1E, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 7 0000000077c014c7 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort 0000000077c014d0 5 bytes JMP 0000000175745740
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort + 7 0000000077c014d7 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryVirtualMemory 0000000077c014e0 5 bytes JMP 00000001757525d0
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryVirtualMemory + 7 0000000077c014e7 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077c014f0 5 bytes [49, C7, C2, 21, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 7 0000000077c014f7 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077c01500 5 bytes [49, C7, C2, 22, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread + 7 0000000077c01507 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c01510 5 bytes JMP 000000017575e5b0
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 7 0000000077c01517 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077c01520 5 bytes JMP 00000001757359c0
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 7 0000000077c01527 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckAndAuditAlarm 0000000077c01540 5 bytes [49, C7, C2, 26, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckAndAuditAlarm + 7 0000000077c01547 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077c01550 5 bytes [49, C7, C2, 27, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 7 0000000077c01557 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c01560 5 bytes [49, C7, C2, 28, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx + 7 0000000077c01567 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtSetEventBoostPriority 0000000077c01580 5 bytes [49, C7, C2, 2A, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtSetEventBoostPriority + 7 0000000077c01587 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtReadFileScatter 0000000077c01590 5 bytes [49, C7, C2, 2B, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtReadFileScatter + 7 0000000077c01597 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077c015a0 5 bytes [49, C7, C2, 2C, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 7 0000000077c015a7 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000077c015b0 5 bytes [49, C7, C2, 2D, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 7 0000000077c015b7 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPerformanceCounter 0000000077c015c0 5 bytes [49, C7, C2, 2E, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryPerformanceCounter + 7 0000000077c015c7 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateKey 0000000077c015d0 5 bytes JMP 000000017574e5f0
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtEnumerateKey + 7 0000000077c015d7 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077c015e0 5 bytes JMP 0000000175735cc0
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 7 0000000077c015e7 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtDelayExecution 0000000077c015f0 5 bytes [49, C7, C2, 31, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtDelayExecution + 7 0000000077c015f7 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile 0000000077c01600 5 bytes JMP 000000017572fee0
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDirectoryFile + 7 0000000077c01607 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemInformation 0000000077c01610 5 bytes JMP 0000000175761130
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySystemInformation + 7 0000000077c01617 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c01620 5 bytes JMP 0000000175748650
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 7 0000000077c01627 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryTimer 0000000077c01630 5 bytes [49, C7, C2, 35, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryTimer + 7 0000000077c01637 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile 0000000077c01640 5 bytes JMP 0000000175732d20
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile + 7 0000000077c01647 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c01650 5 bytes [49, C7, C2, 37, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 7 0000000077c01657 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtCloseObjectAuditAlarm 0000000077c01660 5 bytes [49, C7, C2, 38, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtCloseObjectAuditAlarm + 7 0000000077c01667 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c01670 5 bytes JMP 000000017575e690
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 7 0000000077c01677 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000077c01680 5 bytes JMP 0000000175731d60
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 7 0000000077c01687 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtClearEvent 0000000077c01690 5 bytes [49, C7, C2, 3B, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtClearEvent + 7 0000000077c01697 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory 0000000077c016a0 5 bytes [49, C7, C2, 3C, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory + 7 0000000077c016a7 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c016b0 5 bytes JMP 00000001757479e0
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent + 7 0000000077c016b7 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000077c016c0 5 bytes JMP 000000017575dd70
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 7 0000000077c016c7 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateToken 0000000077c016d0 5 bytes [49, C7, C2, 3F, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateToken + 7 0000000077c016d7 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDefaultUILanguage 0000000077c016f0 5 bytes [49, C7, C2, 41, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryDefaultUILanguage + 7 0000000077c016f7 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077c01700 5 bytes [49, C7, C2, 42, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 7 0000000077c01707 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtYieldExecution 0000000077c01710 5 bytes [49, C7, C2, 43, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtYieldExecution + 7 0000000077c01717 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAddAtom 0000000077c01720 5 bytes [49, C7, C2, 44, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAddAtom + 7 0000000077c01727 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c01730 5 bytes JMP 0000000175747790
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 7 0000000077c01737 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryVolumeInformationFile 0000000077c01740 5 bytes JMP 00000001757331f0
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryVolumeInformationFile + 7 0000000077c01747 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c01750 5 bytes JMP 0000000175748350
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 7 0000000077c01757 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtFlushBuffersFile 0000000077c01760 5 bytes [49, C7, C2, 48, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtFlushBuffersFile + 7 0000000077c01767 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtApphelpCacheControl 0000000077c01770 5 bytes [49, C7, C2, 49, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtApphelpCacheControl + 7 0000000077c01777 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077c01780 5 bytes [49, C7, C2, 4A, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 7 0000000077c01787 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c01790 5 bytes [49, C7, C2, 4B, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 7 0000000077c01797 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtIsProcessInJob 0000000077c017a0 5 bytes [49, C7, C2, 4C, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtIsProcessInJob + 7 0000000077c017a7 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077c017b0 5 bytes [49, C7, C2, 4D, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 7 0000000077c017b7 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySection 0000000077c017c0 5 bytes [49, C7, C2, 4E, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQuerySection + 7 0000000077c017c7 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077c017d0 5 bytes [49, C7, C2, 4F, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread + 7 0000000077c017d7 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtReadRequestData 0000000077c017f0 5 bytes [49, C7, C2, 51, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtReadRequestData + 7 0000000077c017f7 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077c01800 5 bytes JMP 0000000175733c40
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 7 0000000077c01807 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryEvent 0000000077c01810 5 bytes [49, C7, C2, 53, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryEvent + 7 0000000077c01817 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtWriteRequestData 0000000077c01820 5 bytes [49, C7, C2, 54, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtWriteRequestData + 7 0000000077c01827 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject 0000000077c01830 5 bytes [49, C7, C2, 55, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenDirectoryObject + 7 0000000077c01837 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeAndAuditAlarm 0000000077c01840 5 bytes [49, C7, C2, 56, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeAndAuditAlarm + 7 0000000077c01847 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForMultipleObjects 0000000077c01860 5 bytes [49, C7, C2, 58, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForMultipleObjects + 7 0000000077c01867 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationObject 0000000077c01870 5 bytes [49, C7, C2, 59, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationObject + 7 0000000077c01877 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtCancelIoFile 0000000077c01880 5 bytes [49, C7, C2, 5A, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtCancelIoFile + 7 0000000077c01887 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtTraceEvent 0000000077c01890 5 bytes JMP 0000000175760e10
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtTraceEvent + 7 0000000077c01897 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtPowerInformation 0000000077c018a0 5 bytes [49, C7, C2, 5C, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtPowerInformation + 7 0000000077c018a7 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077c018b0 5 bytes JMP 000000017574cd50
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 7 0000000077c018b7 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtCancelTimer 0000000077c018c0 5 bytes [49, C7, C2, 5E, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtCancelTimer + 7 0000000077c018c7 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtSetTimer 0000000077c018d0 5 bytes [49, C7, C2, 5F, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtSetTimer + 7 0000000077c018d7 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAcceptConnectPort 0000000077c018e0 5 bytes [49, C7, C2, 60, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAcceptConnectPort + 7 0000000077c018e7 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheck 0000000077c018f0 5 bytes [49, C7, C2, 61, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheck + 7 0000000077c018f7 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000077c01900 5 bytes [49, C7, C2, 62, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByType + 7 0000000077c01907 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultList 0000000077c01910 5 bytes [49, C7, C2, 63, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultList + 7 0000000077c01917 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultListAndAuditAlarm 0000000077c01920 5 bytes [49, C7, C2, 64, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultListAndAuditAlarm + 7 0000000077c01927 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultListAndAuditAlarmByHandle 0000000077c01930 5 bytes [49, C7, C2, 65, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAccessCheckByTypeResultListAndAuditAlarmByHandle + 7 0000000077c01937 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c01940 5 bytes [49, C7, C2, 66, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 7 0000000077c01947 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAddDriverEntry 0000000077c01950 5 bytes [49, C7, C2, 67, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAddDriverEntry + 7 0000000077c01957 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustGroupsToken 0000000077c01960 5 bytes [49, C7, C2, 68, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustGroupsToken + 7 0000000077c01967 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAlertResumeThread 0000000077c01970 5 bytes [49, C7, C2, 69, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAlertResumeThread + 7 0000000077c01977 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAlertThread 0000000077c01980 5 bytes [49, C7, C2, 6A, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAlertThread + 7 0000000077c01987 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateLocallyUniqueId 0000000077c01990 5 bytes [49, C7, C2, 6B, 00]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateLocallyUniqueId + 7 0000000077c01997 5 bytes JMP 0000000077d60060
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateReserveObject 0000000077c019a0 5 bytes [49, C7, C2, 6C, 00]
Zitat:
Citrix Client ist eigentlich nie aktiviert außer wenn ich diese explizit starte, was sehr selten ist. Avira habe ich noch nicht probiert. Probiere mal es ganz auszumachen und gucke dann. PS: Muss ich den GMER hier noch weiter aufteilen und posten? |
|
24.01.2014, 16:59
| #4 |
| | Rechner m. E. clean aber sendet ständig Daten Sorry für Doppelpost: Hatte Antivir und Citrix jetzt mal komplett deinstalliert. Traffic bleibt gleich, 208 Bytes, einmal pro Sekunde (ca.). Hier noch der Hijackthis-Log: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:48:38, on 24.01.2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.16428) Boot mode: Normal Running processes: C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files\Sandboxie\32\SbieSvc.exe C:\Users\x\Desktop\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-398170461-111651975-3188359683-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-398170461-111651975-3188359683-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user') O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe O4 - Startup: Thunderbird.lnk = C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Sandboxie Service (SbieSvc) - Sandboxie Holdings, LLC - C:\Program Files\Sandboxie\SbieSvc.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) -- End of file - 9300 bytes Request Method: M-SEARCH Request URI: * Request Version: HTTP/1.1 So wie in diesem Post hier: windows - Network flooded with M-SEARCH packets: what does it mean? - Server Fault Habe mal upnp auf dem Router und bei Win7 deaktiviert, Traffic ist aber unverändert. |
|
25.01.2014, 12:59
| #5 |
| /// the machine /// TB-Ausbilder | Rechner m. E. clean aber sendet ständig Daten In welchem Post? Link?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.01.2014, 14:14
| #6 | |
| | Rechner m. E. clean aber sendet ständig DatenZitat:
|
|
26.01.2014, 07:16
| #7 |
| /// the machine /// TB-Ausbilder | Rechner m. E. clean aber sendet ständig Daten Hm, nicht so mein Gebiet. Sauber ist der REchner mal. steht nicht mehr in Wireshark? Vllt ne IP?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.01.2014, 09:55
| #8 |
| |  Rechner m. E. clean aber sendet ständig Daten Guter Hinweis. Anbei mal das vollständige Ding, das Wireshark immer wieder ermittelt hat. Quelle und Ziel waren immer lokale IPv6-Adressen. Habe dann mit diesem Tut IPv6 deaktiviert: hxxp://www.youtube.com/watch?v=00I_Q1qwhxE Seitdem: Himmlische Ruhe auf allen Kanälen. ;-) War anscheinend kein Trojaner sondern irgendein Quatsch der bei Win7 durch dieses IPv6-Protokoll verursacht wird. |
|
26.01.2014, 10:33
| #9 |
| | Rechner m. E. clean aber sendet ständig Daten Nachtrag: Ab und zu kommt noch was, ist aber sehr wenig und nur einmal alle paar Minuten ein paar Bytes. Stellt sich raus, dass das Kommunikation zwischen Fritzbox und Laptop ist. Und die kann man zwar größtenteils einschränken (da unnötig), aber ganz deaktivieren geht nicht. |
|
27.01.2014, 07:56
| #10 |
| /// the machine /// TB-Ausbilder | Rechner m. E. clean aber sendet ständig Daten dann is ja alles in Butter 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Rechner m. E. clean aber sendet ständig Daten |
| 4d36e972-e325-11ce-bfc1-08002be10318, adblock, antivirus, appl/somoto.gen, avira, browser, desktop, error, excel, firefox, flash player, frage, home, homepage, launch, mozilla, mp3, problem, prozesse, realtek, registry, scan, security, siteadvisor, software, svchost.exe, system, tcp view, usb, wlan |
Linear-Darstellung
