| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Rechner langsam und voll mit Viren/Trojana/MalwareWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
11.04.2015, 08:48
| #1 |
 |  Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware Hallo Communtiy, ich habe einen Laptop (Acer Aspire 7736G) von einer Bekannteten bekommen. Er fährt viel zu langsam hoch bzw runter und es öffet sich immer mehrere Popups im Firefox z.b. Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:20 on 11/04/2015 (EROL)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-11 09:32:38
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BEVT-22ZAT0 rev.01.01A01 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\EROL\AppData\Local\Temp\kgldapod.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1764] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000760d1401 2 bytes JMP 7611b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1764] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000760d1419 2 bytes JMP 7611b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1764] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000760d1431 2 bytes JMP 76198ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1764] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000760d144a 2 bytes CALL 760f48ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1764] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000760d14dd 2 bytes JMP 761987a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1764] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000760d14f5 2 bytes JMP 76198978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1764] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000760d150d 2 bytes JMP 76198698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1764] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000760d1525 2 bytes JMP 76198a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1764] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000760d153d 2 bytes JMP 7610fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1764] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000760d1555 2 bytes JMP 761168ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1764] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000760d156d 2 bytes JMP 76198f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1764] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000760d1585 2 bytes JMP 76198ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1764] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000760d159d 2 bytes JMP 7619865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1764] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000760d15b5 2 bytes JMP 7610fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1764] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000760d15cd 2 bytes JMP 7611b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1764] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000760d16b2 2 bytes JMP 76198e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1764] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000760d16bd 2 bytes JMP 761985f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2140] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000760d1401 2 bytes JMP 7611b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2140] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000760d1419 2 bytes JMP 7611b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2140] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000760d1431 2 bytes JMP 76198ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2140] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000760d144a 2 bytes CALL 760f48ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2140] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000760d14dd 2 bytes JMP 761987a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2140] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000760d14f5 2 bytes JMP 76198978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2140] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000760d150d 2 bytes JMP 76198698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2140] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000760d1525 2 bytes JMP 76198a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2140] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000760d153d 2 bytes JMP 7610fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2140] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000760d1555 2 bytes JMP 761168ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2140] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000760d156d 2 bytes JMP 76198f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2140] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000760d1585 2 bytes JMP 76198ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2140] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000760d159d 2 bytes JMP 7619865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2140] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000760d15b5 2 bytes JMP 7610fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2140] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000760d15cd 2 bytes JMP 7611b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2140] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000760d16b2 2 bytes JMP 76198e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2140] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000760d16bd 2 bytes JMP 761985f1 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760d1401 2 bytes JMP 7611b21b C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe[2172] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760d1419 2 bytes JMP 7611b346 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760d1431 2 bytes JMP 76198ea9 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760d144a 2 bytes CALL 760f48ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe[2172] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760d14dd 2 bytes JMP 761987a2 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760d14f5 2 bytes JMP 76198978 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe[2172] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760d150d 2 bytes JMP 76198698 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760d1525 2 bytes JMP 76198a62 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760d153d 2 bytes JMP 7610fca8 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe[2172] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760d1555 2 bytes JMP 761168ef C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760d156d 2 bytes JMP 76198f61 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760d1585 2 bytes JMP 76198ac2 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe[2172] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760d159d 2 bytes JMP 7619865c C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760d15b5 2 bytes JMP 7610fd41 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760d15cd 2 bytes JMP 7611b2dc C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760d16b2 2 bytes JMP 76198e24 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760d16bd 2 bytes JMP 761985f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760d1401 2 bytes JMP 7611b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2212] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760d1419 2 bytes JMP 7611b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760d1431 2 bytes JMP 76198ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760d144a 2 bytes CALL 760f48ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2212] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760d14dd 2 bytes JMP 761987a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760d14f5 2 bytes JMP 76198978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2212] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760d150d 2 bytes JMP 76198698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760d1525 2 bytes JMP 76198a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760d153d 2 bytes JMP 7610fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2212] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760d1555 2 bytes JMP 761168ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760d156d 2 bytes JMP 76198f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760d1585 2 bytes JMP 76198ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2212] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760d159d 2 bytes JMP 7619865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760d15b5 2 bytes JMP 7610fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760d15cd 2 bytes JMP 7611b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760d16b2 2 bytes JMP 76198e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760d16bd 2 bytes JMP 761985f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760d1401 2 bytes JMP 7611b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2256] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760d1419 2 bytes JMP 7611b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760d1431 2 bytes JMP 76198ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760d144a 2 bytes CALL 760f48ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2256] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760d14dd 2 bytes JMP 761987a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760d14f5 2 bytes JMP 76198978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2256] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760d150d 2 bytes JMP 76198698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760d1525 2 bytes JMP 76198a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760d153d 2 bytes JMP 7610fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2256] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760d1555 2 bytes JMP 761168ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760d156d 2 bytes JMP 76198f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760d1585 2 bytes JMP 76198ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2256] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760d159d 2 bytes JMP 7619865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760d15b5 2 bytes JMP 7610fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760d15cd 2 bytes JMP 7611b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760d16b2 2 bytes JMP 76198e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760d16bd 2 bytes JMP 761985f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760d1401 2 bytes JMP 7611b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2280] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760d1419 2 bytes JMP 7611b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760d1431 2 bytes JMP 76198ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760d144a 2 bytes CALL 760f48ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2280] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760d14dd 2 bytes JMP 761987a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760d14f5 2 bytes JMP 76198978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2280] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760d150d 2 bytes JMP 76198698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760d1525 2 bytes JMP 76198a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760d153d 2 bytes JMP 7610fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2280] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760d1555 2 bytes JMP 761168ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760d156d 2 bytes JMP 76198f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760d1585 2 bytes JMP 76198ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2280] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760d159d 2 bytes JMP 7619865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760d15b5 2 bytes JMP 7610fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760d15cd 2 bytes JMP 7611b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760d16b2 2 bytes JMP 76198e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760d16bd 2 bytes JMP 761985f1 C:\Windows\syswow64\kernel32.dll
.text C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760d1401 2 bytes JMP 7611b21b C:\Windows\syswow64\kernel32.dll
.text C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp[2340] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760d1419 2 bytes JMP 7611b346 C:\Windows\syswow64\kernel32.dll
.text C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760d1431 2 bytes JMP 76198ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760d144a 2 bytes CALL 760f48ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp[2340] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760d14dd 2 bytes JMP 761987a2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp[2340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760d14f5 2 bytes JMP 76198978 C:\Windows\syswow64\kernel32.dll
.text C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp[2340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760d150d 2 bytes JMP 76198698 C:\Windows\syswow64\kernel32.dll
.text C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp[2340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760d1525 2 bytes JMP 76198a62 C:\Windows\syswow64\kernel32.dll
.text C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760d153d 2 bytes JMP 7610fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp[2340] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760d1555 2 bytes JMP 761168ef C:\Windows\syswow64\kernel32.dll
.text C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp[2340] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760d156d 2 bytes JMP 76198f61 C:\Windows\syswow64\kernel32.dll
.text C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp[2340] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760d1585 2 bytes JMP 76198ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp[2340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760d159d 2 bytes JMP 7619865c C:\Windows\syswow64\kernel32.dll
.text C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760d15b5 2 bytes JMP 7610fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760d15cd 2 bytes JMP 7611b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp[2340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760d16b2 2 bytes JMP 76198e24 C:\Windows\syswow64\kernel32.dll
.text C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp[2340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760d16bd 2 bytes JMP 761985f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2396] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000760d1401 2 bytes JMP 7611b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2396] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000760d1419 2 bytes JMP 7611b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2396] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000760d1431 2 bytes JMP 76198ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2396] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000760d144a 2 bytes CALL 760f48ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2396] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000760d14dd 2 bytes JMP 761987a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2396] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000760d14f5 2 bytes JMP 76198978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2396] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000760d150d 2 bytes JMP 76198698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2396] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000760d1525 2 bytes JMP 76198a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2396] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000760d153d 2 bytes JMP 7610fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2396] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000760d1555 2 bytes JMP 761168ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2396] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000760d156d 2 bytes JMP 76198f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2396] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000760d1585 2 bytes JMP 76198ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2396] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000760d159d 2 bytes JMP 7619865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2396] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000760d15b5 2 bytes JMP 7610fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2396] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000760d15cd 2 bytes JMP 7611b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2396] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000760d16b2 2 bytes JMP 76198e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2396] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000760d16bd 2 bytes JMP 761985f1 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\eazyzoom\1.1.0.30\isekdxa.exe[3284] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 000000007616b2fe 5 bytes JMP 0000000100358e50
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 000000007616b2fe 5 bytes JMP 0000000106818e50
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760d1401 2 bytes JMP 7611b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760d1419 2 bytes JMP 7611b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760d1431 2 bytes JMP 76198ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760d144a 2 bytes CALL 760f48ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760d14dd 2 bytes JMP 761987a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760d14f5 2 bytes JMP 76198978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760d150d 2 bytes JMP 76198698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760d1525 2 bytes JMP 76198a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760d153d 2 bytes JMP 7610fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760d1555 2 bytes JMP 761168ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760d156d 2 bytes JMP 76198f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760d1585 2 bytes JMP 76198ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760d159d 2 bytes JMP 7619865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760d15b5 2 bytes JMP 7610fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760d15cd 2 bytes JMP 7611b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760d16b2 2 bytes JMP 76198e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760d16bd 2 bytes JMP 761985f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000632b11a8 2 bytes [2B, 63]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 00000000632b127d 2 bytes CALL 760f14b9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 395 00000000632b1310 2 bytes CALL 760f14b9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000632b13a8 2 bytes [2B, 63]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 00000000632b1422 2 bytes [2B, 63]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 00000000632b1498 2 bytes [2B, 63]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760d1401 2 bytes JMP 7611b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2936] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760d1419 2 bytes JMP 7611b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760d1431 2 bytes JMP 76198ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760d144a 2 bytes CALL 760f48ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2936] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760d14dd 2 bytes JMP 761987a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760d14f5 2 bytes JMP 76198978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2936] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760d150d 2 bytes JMP 76198698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760d1525 2 bytes JMP 76198a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760d153d 2 bytes JMP 7610fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2936] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760d1555 2 bytes JMP 761168ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760d156d 2 bytes JMP 76198f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760d1585 2 bytes JMP 76198ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2936] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760d159d 2 bytes JMP 7619865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760d15b5 2 bytes JMP 7610fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760d15cd 2 bytes JMP 7611b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760d16b2 2 bytes JMP 76198e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760d16bd 2 bytes JMP 761985f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760d1401 2 bytes JMP 7611b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4604] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760d1419 2 bytes JMP 7611b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760d1431 2 bytes JMP 76198ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760d144a 2 bytes CALL 760f48ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4604] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760d14dd 2 bytes JMP 761987a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760d14f5 2 bytes JMP 76198978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760d150d 2 bytes JMP 76198698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760d1525 2 bytes JMP 76198a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760d153d 2 bytes JMP 7610fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4604] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760d1555 2 bytes JMP 761168ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760d156d 2 bytes JMP 76198f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760d1585 2 bytes JMP 76198ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760d159d 2 bytes JMP 7619865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760d15b5 2 bytes JMP 7610fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760d15cd 2 bytes JMP 7611b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760d16b2 2 bytes JMP 76198e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760d16bd 2 bytes JMP 761985f1 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4612] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 000000007616b2fe 5 bytes JMP 0000000100458e50
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760d1401 2 bytes JMP 7611b21b C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4612] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760d1419 2 bytes JMP 7611b346 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760d1431 2 bytes JMP 76198ea9 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760d144a 2 bytes CALL 760f48ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4612] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760d14dd 2 bytes JMP 761987a2 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760d14f5 2 bytes JMP 76198978 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4612] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760d150d 2 bytes JMP 76198698 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760d1525 2 bytes JMP 76198a62 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760d153d 2 bytes JMP 7610fca8 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4612] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760d1555 2 bytes JMP 761168ef C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760d156d 2 bytes JMP 76198f61 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760d1585 2 bytes JMP 76198ac2 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4612] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760d159d 2 bytes JMP 7619865c C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760d15b5 2 bytes JMP 7610fd41 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760d15cd 2 bytes JMP 7611b2dc C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760d16b2 2 bytes JMP 76198e24 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760d16bd 2 bytes JMP 761985f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4696] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 000000007616b2fe 5 bytes JMP 0000000102af8e50
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4860] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 000000007616b2fe 5 bytes JMP 0000000103988e50
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4860] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000760d1401 2 bytes JMP 7611b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4860] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000760d1419 2 bytes JMP 7611b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4860] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000760d1431 2 bytes JMP 76198ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4860] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000760d144a 2 bytes CALL 760f48ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4860] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000760d14dd 2 bytes JMP 761987a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4860] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000760d14f5 2 bytes JMP 76198978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4860] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000760d150d 2 bytes JMP 76198698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4860] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000760d1525 2 bytes JMP 76198a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4860] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000760d153d 2 bytes JMP 7610fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4860] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000760d1555 2 bytes JMP 761168ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4860] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000760d156d 2 bytes JMP 76198f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4860] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000760d1585 2 bytes JMP 76198ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4860] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000760d159d 2 bytes JMP 7619865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4860] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000760d15b5 2 bytes JMP 7610fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4860] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000760d15cd 2 bytes JMP 7611b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4860] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000760d16b2 2 bytes JMP 76198e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4860] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000760d16bd 2 bytes JMP 761985f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4876] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 000000007616b2fe 5 bytes JMP 00000001032d8e50
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[4916] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 000000007616b2fe 5 bytes JMP 0000000108a08e50
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[4916] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760d1401 2 bytes JMP 7611b21b C:\Windows\syswow64\kernel32.dll
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[4916] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760d1419 2 bytes JMP 7611b346 C:\Windows\syswow64\kernel32.dll
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[4916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760d1431 2 bytes JMP 76198ea9 C:\Windows\syswow64\kernel32.dll
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[4916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760d144a 2 bytes CALL 760f48ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[4916] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760d14dd 2 bytes JMP 761987a2 C:\Windows\syswow64\kernel32.dll
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[4916] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760d14f5 2 bytes JMP 76198978 C:\Windows\syswow64\kernel32.dll
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[4916] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760d150d 2 bytes JMP 76198698 C:\Windows\syswow64\kernel32.dll
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[4916] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760d1525 2 bytes JMP 76198a62 C:\Windows\syswow64\kernel32.dll
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[4916] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760d153d 2 bytes JMP 7610fca8 C:\Windows\syswow64\kernel32.dll
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[4916] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760d1555 2 bytes JMP 761168ef C:\Windows\syswow64\kernel32.dll
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[4916] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760d156d 2 bytes JMP 76198f61 C:\Windows\syswow64\kernel32.dll
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[4916] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760d1585 2 bytes JMP 76198ac2 C:\Windows\syswow64\kernel32.dll
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[4916] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760d159d 2 bytes JMP 7619865c C:\Windows\syswow64\kernel32.dll
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[4916] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760d15b5 2 bytes JMP 7610fd41 C:\Windows\syswow64\kernel32.dll
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[4916] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760d15cd 2 bytes JMP 7611b2dc C:\Windows\syswow64\kernel32.dll
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[4916] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760d16b2 2 bytes JMP 76198e24 C:\Windows\syswow64\kernel32.dll
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[4916] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760d16bd 2 bytes JMP 761985f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[5132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000760d1401 2 bytes JMP 7611b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[5132] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000760d1419 2 bytes JMP 7611b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[5132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000760d1431 2 bytes JMP 76198ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[5132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000760d144a 2 bytes CALL 760f48ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[5132] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760d14dd 2 bytes JMP 761987a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[5132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760d14f5 2 bytes JMP 76198978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[5132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000760d150d 2 bytes JMP 76198698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[5132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000760d1525 2 bytes JMP 76198a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[5132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000760d153d 2 bytes JMP 7610fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[5132] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000760d1555 2 bytes JMP 761168ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[5132] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000760d156d 2 bytes JMP 76198f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[5132] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000760d1585 2 bytes JMP 76198ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[5132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000760d159d 2 bytes JMP 7619865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[5132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760d15b5 2 bytes JMP 7610fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[5132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760d15cd 2 bytes JMP 7611b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[5132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760d16b2 2 bytes JMP 76198e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[5132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760d16bd 2 bytes JMP 761985f1 C:\Windows\syswow64\kernel32.dll
---- Processes - GMER 2.1 ----
Process C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp (*** suspicious ***) @ C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp [2340](2015-04-05 14:22:47) 00000000010e0000
Process C:\ProgramData\eazyzoom\1.1.0.30\isek6xa.exe (*** suspicious ***) @ C:\ProgramData\eazyzoom\1.1.0.30\isek6xa.exe [3084](2015-04-02 09:31:04) 000000013f620000
Library C:\ProgramData\eazyzoom\1.1.0.30\isek6xa.dll (*** suspicious ***) @ C:\ProgramData\eazyzoom\1.1.0.30\isek6xa.exe [3084](2015-04-02 09:30:50) 000007fef7120000
Process C:\ProgramData\eazyzoom\1.1.0.30\isekdxa.exe (*** suspicious ***) @ C:\ProgramData\eazyzoom\1.1.0.30\isekdxa.exe [3284](2015-04-02 09:31:36) 0000000000110000
Library C:\ProgramData\eazyzoom\1.1.0.30\isekdxau.dll (*** suspicious ***) @ C:\ProgramData\eazyzoom\1.1.0.30\isekdxa.exe [3284](2015-04-02 09:31:16 000000006f210000
---- EOF - GMER 2.1 ----
|
|
11.04.2015, 09:01
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware Hi,
__________________AV Programm abschalten, dann FRST starten.
__________________ |
|
11.04.2015, 17:01
| #3 |
| | Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware Irgendwie ist das komisch. AV aus der msconfig genommen, startet aber immer noch mit.
__________________Über rechtsklick - Echtszeit-Scanner aktivieren den harken rausmachen, kommt die Fehlermeldung "Auf das angegeben Geräat, bzw. den Pfad oder die Datei kann nicht zugegriffen werden. Sie verfügen eventuell nicht über ausreichende Berechtigungen, um auf das Element zugreifen zu können." Es ist nur ein Benutzer auf dem Rechner erstellt wurden und der ohne Passwort geladen wird. EDIT: Habe den AV jetzt über das mscofig deaktivert bekommen. Aber immer noch bekomm ich die Meldung "****FRST64.exe ist kein zulässige Win32-Anwendung." EDIT2: da ich einige Threads durchgelesen habe, kommt immer dern Post das Sie Malwarebytes Anti-Malware 2.1.4 herrunterladen sollen. Ich habe ihn herruntergeladen, hat aber keine 21 MB sondern nur 2.xxx KB. Egal ob ich es von Filepony oder woanders herrunterlade. Wenn ich es dann starte, kommt die MEldung "The setup files are corrupted. Please obtain a new copy of the program." Geändert von mm0811 (11.04.2015 um 09:28 Uhr) |
|
12.04.2015, 07:35
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware Dann lade FRST bitte an einem andern Rechner und schieb es dann per Stick rüber. Und Finger weg von msconfig, das AV einfach öffnen und Echtzeitschutz beenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Revo Uninstaller (alternativ 
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
Aber er hatte 39 Datein gefunden ...
Emsisoft Emergency Kit herunter
Aber die ganzen Popup's im Firefox sind jetzt wieder weg 
Linear-Darstellung
