Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Watch4 - Google Chrome - Windows 8.1

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.12.2015, 23:24   #1
Renate1966
 
Watch4 - Google Chrome - Windows 8.1 - Standard

Watch4 - Google Chrome - Windows 8.1



Hallo,

leider habe ich auch das Problem, dass sich Watch4 im Google Chrome selbständig einfach öffnet. Im Laufe des heutigen Nachmittag gleich mehrmals. Bitdefender Totalt Security 2016, welchen ich vor 2 Tagen erst gekauft und installiert habe, hat nichts erkannt :-(

(Ich habe am Schluss noch versucht das Logfile von GMER, da es ewig lang ist, aufzuteilen und anzuhängen. Wird das unbedingt benötigt??)

Hier die Logfiles:

defogger:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:14 on 03/12/2015 (Conny)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015
durchgeführt von Conny (Administrator) auf CONNY (03-12-2015 22:15:53)
Gestartet von C:\Users\Cornelia\Desktop
Geladene Profile: Conny (Verfügbare Profile: Conny & Peter)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe
(Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(SafeNet, Inc.) C:\Program Files\SafeNet\Authentication\SAC\x64\SACSrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Pokki) C:\Users\Cornelia\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Pokki) C:\Users\Cornelia\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SafeNet, Inc.) C:\Program Files\SafeNet\Authentication\SAC\x64\SACMonitor.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
(Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Pokki) C:\Users\Cornelia\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Pokki) C:\Users\Cornelia\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Cornelia\Desktop\Defogger.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13657304 2013-10-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778352 2013-08-28] (Synaptics Incorporated)
HKLM\...\Run: [SACMonitor] => C:\Program Files\SafeNet\Authentication\SAC\x64\SACMonitor.exe [2162136 2011-10-02] (SafeNet, Inc.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [1683920 2015-11-23] (Bitdefender)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: 
Winlogon\Notify\ScCertProp: 
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Atheros Communications)
HKU\S-1-5-21-590815698-3921352140-1693951138-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1104384 2014-02-26] (Spotify Ltd)
HKU\S-1-5-21-590815698-3921352140-1693951138-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50143872 2015-11-17] (Skype Technologies S.A.)
HKU\S-1-5-21-590815698-3921352140-1693951138-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-590815698-3921352140-1693951138-1001\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe [1416608 2015-11-25] (Bitdefender)
HKU\S-1-5-21-590815698-3921352140-1693951138-1001\...\RunOnce: [Application Restart #0] => C:\Users\Cornelia\AppData\Local\Pokki\Engine\pokki.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-si (Der Dateneintrag hat 546 mehr Zeichen).
HKU\S-1-5-21-590815698-3921352140-1693951138-1001\...\MountPoints2: {f6adddf8-e289-11e3-825e-201a06e13bbf} - "E:\Autorun.exe" 
HKU\S-1-5-21-590815698-3921352140-1693951138-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [133632 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [1769312 2015-07-27] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  Keine Datei
Startup: C:\Users\Cornelia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 2050 J510 series.lnk [2014-09-05]
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 2050 J510 series.lnk -> C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-08-08] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-08-08] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-08-08] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-08-08] (Lavasoft Limited)
Winsock: Catalog9 16 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-08-08] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-08-08] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-08-08] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-08-08] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-08-08] (Lavasoft Limited)
Winsock: Catalog9-x64 16 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-08-08] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{44B1AFB3-3923-4D89-92E9-9497F310CF5C}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C3F84BD2-BA9E-4F3A-853C-B685F9E07C9A}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-590815698-3921352140-1693951138-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-590815698-3921352140-1693951138-1001 -> {8F474358-1CC8-4435-859D-9414BDF9FFB9} URL = 
SearchScopes: HKU\S-1-5-21-590815698-3921352140-1693951138-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2015-10-29] (Bitdefender)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2015-10-29] (Bitdefender)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2015-10-29] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2015-10-29] (Bitdefender)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Cornelia\AppData\Roaming\Mozilla\Firefox\Profiles\de2frg98.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2016\bdwteff [2015-11-25] [ist nicht signiert]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2015-11-25] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff [2015-11-25] [ist nicht signiert]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nicht gefunden
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext

Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://de.yahoo.com/"
CHR Profile: C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-01]
CHR Extension: (Google Docs) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-01]
CHR Extension: (Google Drive) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-01]
CHR Extension: (YouTube) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-01]
CHR Extension: (Taraxacum) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckejknbidndhlcalbhhfplcaehndobbn [2015-12-01]
CHR Extension: (Google-Suche) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-01]
CHR Extension: (Google Docs Offline) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-02]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-01]
CHR Extension: (Amazon) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj [2015-12-01]
CHR Extension: (Google Mail) - C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-01]
CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Cornelia\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2015-02-16]

Opera: 
=======
OPR Extension: (Translator) - C:\Users\Cornelia\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnbpedcoekjafichoehopgaaldogogch [2015-11-17]
OPR Extension: (Adblock Plus) - C:\Users\Cornelia\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-11-27]
OPR Extension: (Bookmarks Import & Export) - C:\Users\Cornelia\AppData\Roaming\Opera Software\Opera Stable\Extensions\omhcddilnfoiiplehpjihipcocdplljn [2015-12-01]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2858336 2015-07-23] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
S3 Intel(R) TA SAM; C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18064 2015-04-18] ()
R2 Intel(R) Technology Access Legacy CS Loader; C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe [144128 2015-07-31] (Intel(R) Corporation)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [481536 2015-07-31] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751792 2015-08-08] (Lavasoft Limited)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-02] (Acer Incorporate)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [834664 2015-10-13] (Bitdefender)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457768 2013-08-02] (Acer Incorporate)
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [448040 2013-08-02] (Acer Incorporate)
R2 SACSrv; C:\Program Files\SafeNet\Authentication\SAC\x64\SACSrv.exe [10712 2011-10-02] (SafeNet, Inc.)
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [13312 2015-08-08] () [Datei ist nicht signiert]
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [124488 2015-09-29] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1595864 2015-11-25] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 AKSIFDH; C:\Windows\system32\DRIVERS\aksifdh.sys [62632 2008-07-30] (Aladdin Knowledge Systems, Ltd.)
S3 AKSUP; C:\Windows\system32\drivers\aksup.sys [44712 2008-07-30] (Aladdin Knowledge Systems, Ltd.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1600512 2015-10-28] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [282000 2015-09-17] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [775424 2015-09-17] (BitDefender)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [87920 2015-11-16] (BitDefender)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160032 2015-04-29] (BitDefender LLC)
R0 ignis; C:\Windows\system32\DRIVERS\ignis.sys [271808 2015-10-22] (Bitdefender)
R3 iKeyEnum; C:\Windows\system32\DRIVERS\ikeyenum.sys [16160 2010-07-08] (SafeNet, Inc.)
R3 iKeyIFD; C:\Windows\system32\DRIVERS\ikeyifd.sys [22304 2010-07-08] (SafeNet, Inc.)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2014-03-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)
R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2015-04-30] (Intel Corporation)
R3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [67800 2015-04-30] (Intel Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
U5 RnbToken; C:\Windows\System32\Drivers\RnbToken.sys [24352 2010-07-08] (SafeNet, Inc.)
S3 tccp; C:\Windows\System32\DRIVERS\tccp.sys [30264 2014-07-08] (TrusCont Ltd)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [477272 2015-06-02] (BitDefender S.R.L.)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-03 22:15 - 2015-12-03 22:16 - 00023447 _____ C:\Users\Cornelia\Desktop\FRST.txt
2015-12-03 22:15 - 2015-12-03 22:15 - 02350080 _____ (Farbar) C:\Users\Cornelia\Desktop\FRST64.exe
2015-12-03 22:15 - 2015-12-03 22:15 - 00000000 ____D C:\FRST
2015-12-03 22:14 - 2015-12-03 22:14 - 00000000 _____ C:\Users\Cornelia\defogger_reenable
2015-12-03 22:12 - 2015-12-03 22:12 - 00050477 _____ C:\Users\Cornelia\Desktop\Defogger.exe
2015-12-03 22:00 - 2015-12-03 22:00 - 00000787 _____ C:\bdlog.txt
2015-12-03 21:49 - 2015-12-03 21:49 - 00000000 ____D C:\Users\Cornelia\AppData\Temp
2015-12-03 10:08 - 2015-12-03 10:27 - 00000000 ____D C:\Users\Cornelia\Downloads\Bitdefender Safepay
2015-12-02 22:37 - 2015-12-02 22:37 - 00019735 _____ C:\Users\Cornelia\Downloads\semnones.pdf
2015-12-01 23:26 - 2015-12-01 23:26 - 00000385 _____ C:\Users\Cornelia\AppData\Roaminguser_gensett.xml
2015-12-01 23:25 - 2015-12-01 23:25 - 00429555 _____ C:\ProgramData\1449008489.bdinstall.bin
2015-12-01 23:25 - 2015-12-01 23:25 - 00000385 _____ C:\Windows\system32\user_gensett.xml
2015-12-01 23:24 - 2015-12-01 23:29 - 00000000 ____D C:\Users\Cornelia\AppData\Roaming\Bitdefender
2015-12-01 23:24 - 2015-12-01 23:24 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-12-01 23:24 - 2015-12-01 23:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016
2015-12-01 23:24 - 2015-12-01 23:24 - 00000000 ____D C:\ProgramData\BDLogging
2015-12-01 23:24 - 2015-11-16 08:51 - 00087920 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2015-12-01 23:24 - 2015-10-28 13:01 - 01600512 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2015-12-01 23:24 - 2015-10-22 14:02 - 00271808 _____ (Bitdefender) C:\Windows\system32\Drivers\ignis.sys
2015-12-01 23:24 - 2015-09-17 21:24 - 00282000 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2015-12-01 23:24 - 2015-09-17 21:23 - 00775424 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2015-12-01 23:24 - 2013-09-08 19:04 - 00023568 _____ (Bitdefender) C:\Windows\system32\Drivers\bdelam.sys
2015-12-01 23:24 - 2007-04-11 10:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2015-12-01 23:21 - 2015-12-02 07:46 - 00000000 ____D C:\ProgramData\Bitdefender
2015-12-01 23:21 - 2015-12-01 23:21 - 00000000 ____D C:\Users\Cornelia\AppData\Roaming\QuickScan
2015-12-01 23:21 - 2015-12-01 23:21 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2015-12-01 23:21 - 2015-12-01 23:21 - 00000000 ____D C:\Program Files\Bitdefender
2015-12-01 23:21 - 2015-06-02 14:21 - 00477272 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2015-12-01 23:21 - 2015-04-29 13:32 - 00160032 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2015-12-01 22:43 - 2015-12-03 22:09 - 00000000 ____D C:\Program Files\Bitdefender Agent
2015-12-01 22:43 - 2015-12-01 22:43 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2015-12-01 22:42 - 2015-12-01 22:43 - 07236184 _____ C:\Users\Cornelia\Downloads\bitdefender_windows_b50581cf-53fb-4522-83c8-c280f2746580.exe
2015-12-01 21:37 - 2015-12-03 22:09 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-01 21:37 - 2015-12-03 21:42 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-01 21:37 - 2015-12-01 21:37 - 00004092 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-01 21:37 - 2015-12-01 21:37 - 00003856 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-01 21:37 - 2015-12-01 21:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-01 21:36 - 2015-12-01 21:36 - 00000000 ____D C:\Users\Cornelia\AppData\Local\Macromedia
2015-11-24 20:04 - 2015-11-24 20:04 - 00040419 _____ C:\Users\Cornelia\Documents\Rückgabe nice to meet you zur Rechnung November 2015.pdf
2015-11-18 21:19 - 2015-11-18 21:19 - 00002784 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-11-18 21:19 - 2015-11-18 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-11-18 21:19 - 2015-11-18 21:19 - 00000000 ____D C:\Program Files\CCleaner
2015-11-18 20:58 - 2015-11-18 20:58 - 00001135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-11-18 20:58 - 2015-11-18 20:58 - 00000000 ____D C:\Users\Cornelia\AppData\Roaming\Mozilla
2015-11-18 20:58 - 2015-11-18 20:58 - 00000000 ____D C:\Users\Cornelia\AppData\Local\Mozilla
2015-11-18 20:58 - 2015-11-18 20:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-18 20:58 - 2015-11-18 20:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-18 20:18 - 2015-12-01 22:23 - 00000000 ____D C:\Users\Cornelia\AppData\Local\Google
2015-11-18 20:18 - 2015-12-01 21:37 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-18 17:11 - 2015-11-18 17:11 - 00149655 _____ C:\Users\Cornelia\Desktop\Berlin Linienbus.pdf
2015-11-17 10:58 - 2015-11-27 08:02 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-17 10:58 - 2015-11-17 10:58 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-16 19:48 - 2015-11-16 19:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-11-16 19:46 - 2015-11-16 19:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-11-16 19:46 - 2015-11-16 19:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-11-10 20:22 - 2015-10-15 17:08 - 00990208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-10 20:22 - 2015-10-15 16:46 - 00803328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-10 20:22 - 2015-10-15 00:02 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-10 20:22 - 2015-10-15 00:02 - 01659560 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-11-10 20:22 - 2015-10-15 00:02 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-11-10 20:22 - 2015-10-15 00:02 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-11-10 20:22 - 2015-10-15 00:02 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-11-10 20:22 - 2015-10-13 18:10 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-10 20:22 - 2015-10-13 18:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-10 20:22 - 2015-10-13 16:59 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-10 20:22 - 2015-10-13 16:59 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-10 20:22 - 2015-10-13 16:59 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-10 20:22 - 2015-10-13 16:59 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-10 20:22 - 2015-10-13 16:59 - 00106952 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2015-11-10 20:22 - 2015-10-13 16:59 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2015-11-10 20:22 - 2015-10-11 07:36 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-10 20:22 - 2015-10-11 07:36 - 00177496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-10 20:22 - 2015-10-10 19:40 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-10 20:22 - 2015-10-10 19:39 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-10 20:22 - 2015-10-10 19:07 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-11-10 20:22 - 2015-10-10 18:33 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-10 20:22 - 2015-10-10 18:27 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-10 20:22 - 2015-10-10 18:11 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-11-10 20:22 - 2015-10-10 17:45 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-10 20:22 - 2015-09-12 14:47 - 00414559 _____ C:\Windows\system32\ApnDatabase.xml
2015-11-10 20:22 - 2015-08-28 23:20 - 00183368 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2015-11-10 20:21 - 2015-10-20 22:54 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-10 20:21 - 2015-10-20 15:53 - 03705856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-10 20:21 - 2015-10-20 15:36 - 02243072 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-10 20:21 - 2015-10-20 15:35 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-10 20:21 - 2015-10-20 15:34 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-11-10 20:21 - 2015-10-20 15:34 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-10 20:21 - 2015-10-20 15:34 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-10 20:21 - 2015-10-20 15:33 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-10 20:21 - 2015-10-20 15:14 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-10 20:21 - 2015-10-20 15:13 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-10 20:21 - 2015-10-20 15:13 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-10 20:21 - 2015-10-20 15:13 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-10 20:21 - 2015-09-29 13:24 - 00155480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2015-11-10 20:21 - 2015-09-07 17:22 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-11-10 20:21 - 2015-09-07 16:54 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-11-10 20:21 - 2015-09-07 16:30 - 01091584 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-11-10 20:21 - 2015-09-04 20:24 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2015-11-10 20:21 - 2015-08-20 21:45 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-11-10 20:21 - 2015-08-20 18:48 - 01096704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-11-10 20:21 - 2014-11-05 02:41 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2015-11-10 20:21 - 2014-11-05 02:18 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2015-11-10 20:20 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-10 20:20 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-10 20:20 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-10 20:20 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-10 20:20 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-10 20:20 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-10 20:20 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-10 20:20 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-10 20:20 - 2015-10-30 23:39 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-11-10 20:20 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-10 20:20 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-10 20:20 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-10 20:20 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-10 20:20 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-10 20:20 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-10 20:20 - 2015-10-30 23:14 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-11-10 20:20 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-10 20:20 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-10 20:20 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-10 20:20 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-10 20:20 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-10 20:20 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-10 20:20 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-10 20:20 - 2015-10-08 17:08 - 01083904 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-11-10 20:20 - 2015-08-10 19:15 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-11-10 20:20 - 2015-08-10 19:06 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-11-10 20:20 - 2015-08-10 18:49 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-11-10 20:20 - 2015-08-10 17:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-11-10 20:20 - 2015-08-10 17:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-11-10 20:20 - 2014-11-10 19:06 - 00136512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2015-11-10 20:19 - 2015-10-17 15:19 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-03 14:44 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-11-03 14:44 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2021-10-21 14:36 - 2014-02-26 14:58 - 00000852 _____ C:\Windows\system32\Drivers\RTKHDRC.dat
2021-10-04 08:34 - 2014-02-26 14:58 - 00000712 _____ C:\Windows\system32\Drivers\RTMICEQ0.dat
2015-12-03 22:15 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
2015-12-03 22:14 - 2014-03-30 16:55 - 00000000 ____D C:\Users\Cornelia
2015-12-03 22:11 - 2014-03-30 16:55 - 00000000 ____D C:\Users\Cornelia\AppData\Local\SweetLabs App Platform
2015-12-03 22:10 - 2014-03-30 22:45 - 00000000 ____D C:\Users\Cornelia\AppData\Roaming\Skype
2015-12-03 22:07 - 2014-02-26 23:18 - 00765582 _____ C:\Windows\system32\perfh007.dat
2015-12-03 22:07 - 2014-02-26 23:18 - 00159366 _____ C:\Windows\system32\perfc007.dat
2015-12-03 22:07 - 2013-11-27 10:55 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-03 22:07 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2015-12-03 22:02 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-03 22:02 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-12-03 22:01 - 2014-05-03 14:04 - 00000000 ____D C:\ProgramData\AVAST Software
2015-12-03 22:01 - 2013-08-22 14:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-12-03 21:51 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2015-12-03 18:18 - 2014-04-23 09:13 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-03 11:18 - 2014-04-09 11:31 - 00000000 ____D C:\Users\Cornelia\Documents\Expat
2015-12-03 10:28 - 2014-04-09 11:27 - 00000000 ____D C:\Users\Cornelia\Documents\Berliner Sparkasse
2015-12-03 08:54 - 2014-03-30 17:06 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-590815698-3921352140-1693951138-1001
2015-12-03 08:43 - 2014-04-15 12:02 - 02343936 ___SH C:\Users\Cornelia\Desktop\Thumbs.db
2015-12-03 08:37 - 2015-04-08 17:35 - 00000000 ____D C:\Users\Cornelia\AppData\Roaming\vlc
2015-12-03 07:49 - 2014-03-31 09:58 - 00002455 _____ C:\Users\Cornelia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-12-03 07:49 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2015-12-02 07:26 - 2015-11-01 13:23 - 00003292 _____ C:\Windows\System32\Tasks\SweetLabs App Platform
2015-12-01 21:11 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-01 07:37 - 2015-04-08 17:36 - 00000000 ____D C:\Users\Cornelia\AppData\Roaming\dvdcss
2015-12-01 07:33 - 2013-08-22 15:44 - 00362760 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-30 23:10 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData
2015-11-30 15:43 - 2014-03-31 11:17 - 00000000 ____D C:\Users\Cornelia\AppData\Local\CrashDumps
2015-11-30 15:13 - 2014-03-30 23:09 - 00000000 ____D C:\Windows\system32\MRT
2015-11-30 15:08 - 2014-03-30 23:09 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-27 07:43 - 2014-03-30 21:07 - 00000000 __RDO C:\Users\Cornelia\SkyDrive
2015-11-25 21:51 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\ELAMBKUP
2015-11-23 22:21 - 2014-04-09 11:31 - 00000000 ____D C:\Users\Cornelia\Documents\Rezepte
2015-11-22 13:22 - 2014-03-30 22:44 - 00000000 ____D C:\ProgramData\Skype
2015-11-19 17:02 - 2014-06-09 11:34 - 00003846 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1396198070
2015-11-19 17:02 - 2014-03-30 17:47 - 00001027 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-11-19 17:02 - 2014-03-30 17:47 - 00000000 ____D C:\Program Files (x86)\Opera
2015-11-18 21:54 - 2015-02-16 21:57 - 00000000 ____D C:\Program Files\PDFCreator
2015-11-18 21:21 - 2014-03-31 13:05 - 00000000 ___DC C:\Users\Cornelia\AppData\Local\MigWiz
2015-11-18 21:21 - 2013-11-27 10:48 - 00000000 ____D C:\Windows\Panther
2015-11-18 21:21 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\ModemLogs
2015-11-17 22:09 - 2015-09-23 14:57 - 00000000 ____D C:\Users\Cornelia\Documents\Wohnung Moränenweg
2015-11-17 11:19 - 2014-04-07 14:55 - 00000000 ____D C:\Users\Cornelia\AppData\Local\Adobe
2015-11-17 10:59 - 2014-12-24 12:24 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-17 10:58 - 2014-04-09 12:00 - 00000000 ____D C:\ProgramData\Adobe
2015-11-16 19:48 - 2014-04-08 18:33 - 00000000 ____D C:\Users\Cornelia\AppData\Local\ElevatedDiagnostics
2015-11-16 08:56 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF
2015-11-13 20:44 - 2014-07-01 20:58 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-13 19:49 - 2014-07-01 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-11-13 19:49 - 2014-07-01 20:57 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-11-11 08:18 - 2015-08-12 19:18 - 19387592 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-11-11 08:18 - 2014-04-23 09:13 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-05 18:42 - 2014-04-08 18:45 - 00000000 ____D C:\Users\Cornelia\Documents\My Documents
2015-11-05 15:39 - 2014-04-09 11:31 - 00000000 ____D C:\Users\Cornelia\Documents\James
2015-11-04 11:43 - 2014-02-26 14:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-03 01:23 - 2015-10-18 10:26 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-03 01:23 - 2015-04-17 17:24 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-12-01 23:25 - 2015-12-01 23:25 - 0429555 _____ () C:\ProgramData\1449008489.bdinstall.bin
2014-05-09 18:01 - 2014-05-09 18:01 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-02-26 14:58 - 2014-02-26 14:58 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Einige Dateien in TEMP:
====================
C:\Users\Cornelia\AppData\Local\Temp\octDE5D.tmp.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-11-30 21:29

==================== Ende von FRST.txt ============================
         
Addition

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:01-12-2015
durchgeführt von Conny (2015-12-03 22:17:39)
Gestartet von C:\Users\Cornelia\Desktop
Windows 8.1 (X64) (2014-03-30 15:55:05)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-590815698-3921352140-1693951138-500 - Administrator - Disabled)
Conny (S-1-5-21-590815698-3921352140-1693951138-1001 - Administrator - Enabled) => C:\Users\Cornelia
Gast (S-1-5-21-590815698-3921352140-1693951138-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-590815698-3921352140-1693951138-1003 - Limited - Enabled)
Peter (S-1-5-21-590815698-3921352140-1693951138-1007 - Administrator - Enabled) => C:\Users\Peter.CONNY

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.08.2003 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2000 - Acer Incorporated)
Acer Games (HKU\S-1-5-21-590815698-3921352140-1693951138-1001\...\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf) (Version: 1.1.9.43466 - Pokki)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Acer Incorporated)
Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.04.3002.6 - Acer Incorporated)
Acer Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.04.3003.1 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.04.3004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8100 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.00.3000 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8101 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.09.2004.0 - Acer Incorporated)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.20.1143 - Bitdefender)
Bitdefender Total Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.23.1252 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3424.57 - CyberLink Corp.)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.73 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Host App Service (HKU\S-1-5-21-590815698-3921352140-1693951138-1001\...\SweetLabs_AP) (Version: 0.269.7.822 - Pokki)
HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät (HKLM\...\{DF37555F-0259-43DA-B60C-47106FA14AA3}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Hilfe (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3349 - Intel Corporation)
Intel(R) Technology Access (HKLM-x32\...\{fb74531f-28c3-4dca-9849-e6b8faa85afe}) (Version: 1.5.0.1021 - Intel Corporation)
Intel(R) Technology Access Software Asset Manager (x32 Version: 1.0.1562 - Intel Corporation) Hidden
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
NewFreeScreensaver nfsSeaRelaxHD (HKLM-x32\...\nfsSeaRelaxHD New Free Screensaver_is1) (Version:  - )
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Opera Stable 33.0.1990.115 (HKLM-x32\...\Opera 33.0.1990.115) (Version: 33.0.1990.115 - Opera Software)
paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
PBZ SmartCard Management 6.2 (HKLM-x32\...\{EAF87E76-821E-436C-BAEA-2E94643AA803}) (Version: 6.2.0 - PBZ)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.2 - pdfforge)
Pokki Start Menu (HKU\S-1-5-21-590815698-3921352140-1693951138-1001\...\SweetLabs_Start_Menu) (Version: 0.269.7.822 - Pokki)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.27041 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
SafeNet Authentication Client 8.1 SP1 (HKLM\...\{4DFE8ACE-8652-4CCE-A2C1-DB23C7D4F4AA}) (Version: 8.1.245.0 - SafeNet, Inc.)
Skype™ 7.14 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.14.106 - Skype Technologies S.A.)
Spielkanäle (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 9.2.0.11 - WildTangent, Inc.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.13 - Synaptics Incorporated)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Web Companion (HKLM-x32\...\{73e4bf63-e33c-45d5-9acd-61011ba4ad81}) (Version: 2.0.1025.2130 - Lavasoft)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

30-11-2015 15:02:50 Windows Update
01-12-2015 22:56:51 avast! antivirus system restore point

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 14:25 - 2015-12-03 22:02 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {000354D8-681D-42E4-970F-8526B3BE6E7C} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {092FEDC8-8C7C-4B89-9DA1-A6CD95FFE40D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-11-30] (Microsoft Corporation)
Task: {39F97378-9FE6-4A41-98E6-3F062E2ECBA8} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {425B1458-6395-449C-8673-AF8C48696DB6} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d => C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-04-18] ()
Task: {44B79A56-904C-4524-A6C7-30DFFB9C3D7D} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe
Task: {48B2D672-9068-46AC-8790-A91434549624} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d-Logon => C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-04-18] ()
Task: {5899C149-28CA-4B51-872A-C5B1412535F8} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2015-07-23] (Acer Incorporated)
Task: {7C58F57C-7679-437C-ABD3-D9BFB626757C} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-07-05] (Acer Incorporated)
Task: {7CE8A77D-97AE-471D-A332-14532F8AC347} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-08-02] (Acer Incorporate)
Task: {8C6C8794-AFBC-440C-B6EF-D46BDD014EEE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {94A19C42-56DC-4AB9-9190-4DA5BC99FC2D} - System32\Tasks\Opera scheduled Autoupdate 1396198070 => C:\Program Files (x86)\Opera\launcher.exe [2015-11-16] (Opera Software)
Task: {A1C89A10-32AE-4322-8D2E-66C04F9062AD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {A4EC454B-7942-4E64-A26F-85DB07594CFB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-01] (Google Inc.)
Task: {A73F06C8-164C-4174-9379-FAC4C2A21DBB} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [2014-02-13] (Acer Incorporated)
Task: {AD963088-DAF4-45C4-9D88-A15805D83939} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-09-12] (Acer Incorporated)
Task: {B900CCE6-AC3E-4B32-9C64-4648C5B5A88D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {C460DAD5-AF0F-4C37-B857-4A1672108E1E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {CE4E985C-2A0B-4D7F-8427-3143897146F1} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {D4CECF44-C766-4F37-822D-4500E312CA73} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2013-08-02] (Acer Incorporate)
Task: {DF12B372-0D16-4504-8E1F-486A04341A0A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-01] (Google Inc.)
Task: {DF16AAF6-E44A-4DFF-BC64-B516A8CAC0BD} - System32\Tasks\SweetLabs App Platform => C:\Users\Cornelia\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2015-11-23] (Pokki)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-12-01 23:24 - 2013-09-03 13:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\bdmetrics.dll
2015-12-03 21:42 - 2015-12-03 21:43 - 00876888 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_01250_002\ashttpbr.mdl
2015-12-03 21:42 - 2015-12-03 21:42 - 00742976 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_01250_002\ashttpdsp.mdl
2015-12-03 21:42 - 2015-12-03 21:43 - 02803536 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_01250_002\ashttpph.mdl
2015-12-03 21:42 - 2015-12-03 21:43 - 01415584 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_01250_002\ashttprbl.mdl
2015-07-07 10:44 - 2015-07-07 10:44 - 00088064 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\libglog.dll
2015-07-07 12:41 - 2015-07-07 12:41 - 01793280 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\cpprest120_1_4.dll
2015-07-07 12:41 - 2015-07-07 12:41 - 00354560 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\JsonCpp.dll
2015-08-08 13:55 - 2015-08-08 13:55 - 00013312 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2015-08-08 13:55 - 2015-08-08 13:55 - 00005632 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2015-08-08 13:55 - 2015-08-08 13:55 - 00028160 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2013-09-07 01:48 - 2013-09-07 01:48 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 01:45 - 2013-09-07 01:45 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 01:52 - 2013-09-07 01:52 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2015-10-19 21:00 - 2015-10-19 21:00 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-12-03 22:12 - 2015-12-03 22:12 - 00050477 _____ () C:\Users\Cornelia\Desktop\Defogger.exe
2014-02-26 15:24 - 2013-07-30 18:11 - 00088648 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2015-12-01 21:37 - 2015-11-24 09:00 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\libglesv2.dll
2015-12-01 21:37 - 2015-11-24 09:00 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\libegl.dll
2015-12-01 21:37 - 2015-11-24 09:00 - 16496456 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\PepperFlash\pepflashplayer.dll
2015-04-28 21:15 - 2015-04-28 21:15 - 00569856 _____ () C:\Users\Cornelia\AppData\Local\SweetLabs App Platform\Engine\ppGoogleNaClPluginChrome.dll
2015-04-28 21:15 - 2015-04-28 21:15 - 01400846 _____ () C:\Users\Cornelia\AppData\Local\SweetLabs App Platform\Engine\avcodec-54.dll
2015-04-28 21:15 - 2015-04-28 21:15 - 00151054 _____ () C:\Users\Cornelia\AppData\Local\SweetLabs App Platform\Engine\avutil-51.dll
2015-04-28 21:15 - 2015-04-28 21:15 - 00222734 _____ () C:\Users\Cornelia\AppData\Local\SweetLabs App Platform\Engine\avformat-54.dll
2015-08-08 11:53 - 2015-08-08 11:53 - 00014176 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2015-07-23 15:08 - 2015-07-23 15:08 - 00012128 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2015-07-23 14:56 - 2015-07-23 14:56 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Cornelia\Desktop\Defogger.exe:BDU
AlternateDataStreams: C:\Users\Cornelia\Desktop\FRST64.exe:BDU

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-590815698-3921352140-1693951138-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-590815698-3921352140-1693951138-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-590815698-3921352140-1693951138-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img12.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist deaktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FBEC0E58-C1EB-4196-83AA-1C7013633EEC}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{F0F35B2B-F260-4202-A013-672749ECB444}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{A66AC066-D442-4DEF-AC54-FC00CA747300}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{37A99701-B951-450C-BE47-728E41053292}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{D52F4367-C071-4FA1-A572-0760DB0EAE18}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{F320A829-BEA4-45F7-B54C-594EFB7514C7}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{43EA4C06-D7FB-4F18-B145-36832C04B2FC}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{27507459-D37E-4D30-8802-CA7D9BB36729}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{4D651157-E48B-403E-89C3-AB3CEF37098B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{12EAEA36-B1BE-4455-8C34-9D2344BD8A32}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{6502D807-C53B-42D4-946A-A4424858BA42}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{4EC42949-6277-4BEC-B1DD-941F8490E069}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{DBD29A9D-C4AE-4CC9-9324-4135480C65EA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{E087BDCB-580B-47FD-880C-A47FE803972A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{79C4AC4A-E026-46B8-909D-2C1DCFF73DBE}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{BD02F274-9EE8-489C-B860-B4679469B3DE}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{F87FED47-D893-4E5C-8183-B6E06006E088}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{B4841C2A-136C-4A4F-A532-A889F1E8313D}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{449EFD74-17B6-4800-B727-193F6AED31E3}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{FDD08E55-9E95-4483-8E30-1E4A5F88E100}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{B37C96AE-C5B0-4675-915D-378CA9275302}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{F93C8C9D-44CB-423A-88E6-D2948BDF6450}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{7CFA700D-81F6-454D-9116-E3CB89D51B7E}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{AFAEAC97-9576-4BE1-AEC4-A745738A089D}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{53CA943A-ED85-45F5-80B4-45B385FF523A}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{F3634214-07E2-46ED-8E1E-6C28998B278A}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{5E91B23A-94A9-463A-86F5-F862666F60F7}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{8D080874-A71F-4309-BCA8-364EAA2C13C9}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{06C82BDD-3C71-41F7-9232-1EB89CD1E442}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{BCA7535A-4A0A-47EB-B63B-2E1B36FD95F3}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{FB10B9E5-3234-4141-9209-701476C39851}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{2CB656D8-F2EB-45A2-A69D-AD6E9E39B628}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{16FA097A-F15D-4F53-BAAC-085EAC522117}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{20957CE1-C231-4544-A5D0-840DE1D101B9}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{E86DC869-766D-4D90-90E5-28BC8709D335}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{B37CC600-2483-43E1-B3AE-0CEFD5E6A51D}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{6B0111BC-0D0B-4444-A14B-BC59F2D85F35}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{C51FED40-E2F3-4AA4-9EDE-F104D5E8AC04}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{CCDF8A9B-5D5D-4D93-B869-399170E55E9B}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\DMCDaemon.exe
FirewallRules: [{F065F5BB-B5B8-4851-8105-D8C484F0BC6A}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\DMCDaemon.exe
FirewallRules: [{95E46B4C-959A-46EA-A2C5-130C672E116F}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\WindowsUpnp.exe
FirewallRules: [{C8C1A1D9-419F-43A4-BBB1-96224DAA0098}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\WindowsUpnp.exe
FirewallRules: [{3D1353D4-E1EE-43E7-B668-2F97E6AA478F}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\DMCDaemon.exe
FirewallRules: [{69885C77-CAC8-4CC6-9390-E272C74519CB}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\DMCDaemon.exe
FirewallRules: [{27F755E4-936B-4EC0-9F97-80E455360BB2}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\WindowsUpnp.exe
FirewallRules: [{6C79BD31-4260-4FDC-B17F-E866FC4A5681}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\WindowsUpnp.exe
FirewallRules: [{9C6FC49D-6031-4205-82F9-F560C18FF625}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{1AC85084-390F-467B-8FDA-39AE513263F8}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{C8CC9124-EE8C-449B-92BF-D51B44F7EDB6}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{242D7BE0-F503-4172-AFC5-9BFC361EA5AB}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{3AE7C5F9-B9FF-45C2-9BE9-ADE0A7279A21}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\DMCDaemon.exe
FirewallRules: [{962B1CC2-67F2-4BCA-9BB3-3743380722C2}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\DMCDaemon.exe
FirewallRules: [{6B9D29C7-7443-45F8-AD78-D6D49F4B4223}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\WindowsUpnpMV.exe
FirewallRules: [{17CD120F-8731-4214-8EE4-E4103D823454}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\WindowsUpnpMV.exe
FirewallRules: [{4A16E38A-48E1-4636-BC5A-3B7113EBF054}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\DMCDaemon.exe
FirewallRules: [{FDB14E47-6DA6-484D-9E1E-93F947878142}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\DMCDaemon.exe
FirewallRules: [{308B3D6E-34CE-4250-AC54-451CFCF23C6B}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\WindowsUpnpMV.exe
FirewallRules: [{558E0527-9FB0-460A-8591-AFD48FB9AA91}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\WindowsUpnpMV.exe
FirewallRules: [{FA418B6E-EB06-4D0B-B882-2AF8B013C29E}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{ABD5EE83-A90A-4A2A-B5A6-23F55A779181}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{310B72C4-A99D-4A64-B8AF-44D60BCB3E4E}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{850A3673-AA18-43D4-BFC2-74236B7C52A0}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{E9BE0A97-196E-4A12-A2CB-82700C427CBC}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{1C8A52C2-E6E5-4CD2-A3F5-1F8C092782D8}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{BF8D65D3-BABF-43D0-8027-54F672BB10A7}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{F98FAF46-DA90-491E-B21E-43B2EF63900B}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{492C1E20-69EC-495A-96F9-08DDA73F2418}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{5B5E016F-23FE-4573-A135-45CF8352D069}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{88119EF5-4DFB-4EEA-990D-4043E4B12469}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe
FirewallRules: [{098F44E0-F6CD-4FF9-A83A-CDC898960ABE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{269AC954-8472-4E96-AA3C-FE428D11183A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E6937708-EDB7-436E-A9D3-D0ECD5102257}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CC773917-2B11-4995-BDE5-48CE48DD0463}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4E6DB0F6-BF0D-42A5-A750-39B25418D3ED}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3F131ADC-BB9C-4DD0-AFF5-F7AC8285F682}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{8A3A2E15-5FF2-4DE4-BA44-1CE7C533B0DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{33EF2EE3-E321-4E48-BE7F-F289CF4BA1DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{B281696B-732D-4D02-9B94-16E94E3649EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{622488AC-2982-4E64-B8EA-6EF135AAB505}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{A7BEC236-B4A0-4928-B1B6-12CAA7364B4E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{539D9E88-329D-433B-BE02-9EF974DD4F6C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
FirewallRules: [{0C74ACD4-D81E-417E-8D82-AD72782E800A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
FirewallRules: [{B9D98537-3EE3-49AE-BBF2-54BDA318B724}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
FirewallRules: [{086F6A61-C536-471A-AB43-6086CC6B9802}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
FirewallRules: [{3B2E0EE2-CB64-45AB-8CED-E1B4FD9FAD68}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia II\pc\mafia2.exe
FirewallRules: [{1192520A-7EFF-4F5A-9CD4-3D0BCF8D0848}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia II\pc\mafia2.exe
FirewallRules: [{0A8EC7CB-53F3-480F-9A7D-C60A30C3D6EF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{757959A0-9C7E-4721-8496-7A8CC39F3115}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D7A63E62-52EB-4EC5-956B-767E9967D38F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (11/30/2015 10:11:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: updater.exe, Version: 2.0.8100.0, Zeitstempel: 0x51da5d04
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18007, Zeitstempel: 0x55c4c341
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000000871c
ID des fehlerhaften Prozesses: 0x1348
Startzeit der fehlerhaften Anwendung: 0xupdater.exe0
Pfad der fehlerhaften Anwendung: updater.exe1
Pfad des fehlerhaften Moduls: updater.exe2
Berichtskennung: updater.exe3
Vollständiger Name des fehlerhaften Pakets: updater.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: updater.exe5

Error: (11/30/2015 10:11:04 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: updater.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
   bei System.Xml.XmlTextReaderImpl.ThrowWithoutLineInfo(System.String)
   bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
   bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
   bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
   bei System.Xml.XmlDocument.Load(System.String)
   bei updater.Report.AddFPToResult(updater.Result)
   bei updater.UpgradeItem.DiagnosticDownloadEvent(NotifyMgrArgs)
   bei updater.DownloadMgr.DownloadFile(System.String, System.String)
   bei updater.DownloadMgr.Worker(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (11/30/2015 03:43:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: updater.exe, Version: 2.0.8100.0, Zeitstempel: 0x51da5d04
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18007, Zeitstempel: 0x55c4c341
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000000871c
ID des fehlerhaften Prozesses: 0x1f50
Startzeit der fehlerhaften Anwendung: 0xupdater.exe0
Pfad der fehlerhaften Anwendung: updater.exe1
Pfad des fehlerhaften Moduls: updater.exe2
Berichtskennung: updater.exe3
Vollständiger Name des fehlerhaften Pakets: updater.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: updater.exe5

Error: (11/30/2015 03:43:08 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: updater.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
   bei System.Xml.XmlTextReaderImpl.ThrowWithoutLineInfo(System.String)
   bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
   bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
   bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
   bei System.Xml.XmlDocument.Load(System.String)
   bei updater.Report.AddFPToResult(updater.Result)
   bei updater.UpgradeItem.DiagnosticDownloadEvent(NotifyMgrArgs)
   bei updater.DownloadMgr.DownloadFile(System.String, System.String)
   bei updater.DownloadMgr.Worker(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (11/30/2015 02:43:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: updater.exe, Version: 2.0.8100.0, Zeitstempel: 0x51da5d04
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18007, Zeitstempel: 0x55c4c341
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000000871c
ID des fehlerhaften Prozesses: 0x1db8
Startzeit der fehlerhaften Anwendung: 0xupdater.exe0
Pfad der fehlerhaften Anwendung: updater.exe1
Pfad des fehlerhaften Moduls: updater.exe2
Berichtskennung: updater.exe3
Vollständiger Name des fehlerhaften Pakets: updater.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: updater.exe5

Error: (11/30/2015 02:43:14 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: updater.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Xml.XmlException
Stapel:
   bei System.Xml.XmlTextReaderImpl.Throw(System.Exception)
   bei System.Xml.XmlTextReaderImpl.ParseDocumentContent()
   bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
   bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
   bei System.Xml.XmlDocument.Load(System.String)
   bei updater.Report.AddFPToResult(updater.Result)
   bei updater.UpgradeItem.DiagnosticDownloadEvent(NotifyMgrArgs)
   bei updater.DownloadMgr.DownloadFile(System.String, System.String)
   bei updater.DownloadMgr.Worker(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (11/30/2015 02:28:17 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.

Details:
	Das angegebene Objekt wurde nicht gefunden. Geben Sie den Namen eines vorhandenen Objekts an.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (11/30/2015 02:28:17 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung

Details:
	Das angegebene Objekt wurde nicht gefunden. Geben Sie den Namen eines vorhandenen Objekts an.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (11/30/2015 02:28:17 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog

Details:
	Das angegebene Objekt wurde nicht gefunden. Geben Sie den Namen eines vorhandenen Objekts an.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (11/30/2015 02:28:17 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog

Details:
	Das angegebene Objekt wurde nicht gefunden. Geben Sie den Namen eines vorhandenen Objekts an.  (HRESULT : 0x80040d06) (0x80040d06)


Systemfehler:
=============
Error: (12/03/2015 10:08:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "IE Search Set" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/03/2015 10:07:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "IE Search Set" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/03/2015 10:06:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "IE Search Set" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/03/2015 10:05:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "IE Search Set" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/03/2015 10:03:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "IE Search Set" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/03/2015 10:02:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "IE Search Set" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/03/2015 10:01:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: 
%%1062

Error: (12/03/2015 08:55:46 AM) (Source: DCOM) (EventID: 10010) (User: Conny)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (12/03/2015 08:55:16 AM) (Source: DCOM) (EventID: 10010) (User: Conny)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (12/02/2015 08:23:22 AM) (Source: DCOM) (EventID: 10010) (User: Conny)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}


CodeIntegrity:
===================================
  Date: 2015-07-31 13:23:24.749
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-31 13:23:23.085
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-31 13:23:21.591
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-31 13:23:20.247
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-31 13:23:18.803
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-31 13:23:17.448
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-31 13:23:15.569
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-31 13:23:14.191
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-31 13:23:12.864
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-31 13:23:11.423
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Pentium(R) CPU N3520 @ 2.16GHz
Prozentuale Nutzung des RAM: 29%
Installierter physikalischer RAM: 8075.34 MB
Verfügbarer physikalischer RAM: 5680.99 MB
Summe virtueller Speicher: 9355.34 MB
Verfügbarer virtueller Speicher: 6865.8 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:914.19 GB) (Free:754.29 GB) NTFS
Drive d: (DVDVOLUME) (CDROM) (Total:4.01 GB) (Free:0 GB) UDF

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1AD17C6B)

Partition: GPT.

==================== Ende von Addition.txt ============================
         
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 03.12.2015
Suchlaufzeit: 22:46
Protokolldatei: Malewarebytes.txt
Administrator: Ja

Version: 2.2.0.1024
Malware-Datenbank: v2015.12.03.05
Rootkit-Datenbank: v2015.11.26.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Conny

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 385172
Abgelaufene Zeit: 53 Min., 22 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 1
PUP.Optional.Conduit, C:\prefs.js, , [446d4759dcaf082e80e90f8e0400ee12], 

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         

Geändert von Renate1966 (03.12.2015 um 23:38 Uhr)

Alt 03.12.2015, 23:29   #2
Renate1966
 
Watch4 - Google Chrome - Windows 8.1 - Standard

Watch4 - Google Chrome - Windows 8.1



Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-12-03 22:43:41
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000029 WDC_WD10JPVX-22JC3T0 rev.01.01A01 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Cornelia\AppData\Local\Temp\fgldqpog.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe[624] C:\Windows\system32\KERNEL32.DLL!UnhandledExceptionFilter + 1                                                                                                                     00007ffe1a2b0cf1 11 bytes [B8, 30, 08, 9A, 13, 69, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot                                                                                                                                                 00007ffe1a1edb10 12 bytes [48, B8, C9, 34, 4A, 64, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\KERNEL32.DLL!Process32NextW                                                                                                                                                           00007ffe1a1ee1f0 12 bytes [48, B8, 89, B4, 4A, 64, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\KERNEL32.DLL!SetFileCompletionNotificationModes                                                                                                                                       00007ffe1a1efc50 14 bytes {JMP QWORD [RIP+0x0]}
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1                                                                                                                                                      00007ffe1a2834b1 2 bytes [B8, 89]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 4                                                                                                                                                      00007ffe1a2834b4 8 bytes [4B, 64, 00, 00, 00, 00, 50, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1                                                                                                                                                          00007ffe1a2aaba1 8 bytes [B8, 09, C6, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10                                                                                                                                                         00007ffe1a2aabaa 2 bytes [50, C3]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1                                                                                                                                                00007ffe1a2aaca1 11 bytes [B8, 49, CB, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\KERNELBASE.dll!CloseHandle                                                                                                                                                            00007ffe199014c0 12 bytes [48, B8, 49, 4D, 4A, 64, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                                                                        00007ffe199021d1 11 bytes [B8, 49, A8, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\KERNELBASE.dll!GetProcAddress                                                                                                                                                         00007ffe199042a0 12 bytes [48, B8, 09, AA, 4A, 64, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1                                                                                                                                                    00007ffe19905f71 11 bytes [B8, 49, D2, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                                                                           00007ffe19906a50 12 bytes [48, B8, 89, 4B, 4A, 64, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                                                                         00007ffe199085f1 11 bytes [B8, C9, 49, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1                                                                                                                                                     00007ffe19908901 11 bytes [B8, 89, A6, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\KERNELBASE.dll!FindClose + 1                                                                                                                                                          00007ffe19908dc1 11 bytes [B8, 89, 01, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                                                                     00007ffe19909331 11 bytes [B8, C9, A4, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1                                                                                                                                                      00007ffe1990b861 11 bytes [B8, C9, FF, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW                                                                                                                                                 00007ffe1990f400 12 bytes [48, B8, 89, 28, 4A, 64, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1                                                                                                                                              00007ffe1991a7b1 11 bytes [B8, 09, CD, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW                                                                                                                                                       00007ffe1991fce0 12 bytes [48, B8, 09, FE, 4A, 64, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1                                                                                                                                                 00007ffe19936d51 11 bytes [B8, 89, 3D, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1                                                                                                                                                        00007ffe199595f1 8 bytes [B8, C9, C7, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10                                                                                                                                                       00007ffe199595fa 2 bytes [50, C3]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                                                                                   00007ffe1997a7e1 11 bytes [B8, 89, C2, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\KERNELBASE.dll!CreateThread                                                                                                                                                           00007ffe1997abf0 12 bytes [48, B8, C9, 3B, 4A, 64, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1                                                                                                                                                  00007ffe199cf7e1 11 bytes [B8, 49, 70, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1                                                                                                                                                  00007ffe199cf861 11 bytes [B8, 09, 72, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA                                                                                                                                                           00007ffe199d0310 12 bytes [48, B8, C9, 73, 4A, 64, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW                                                                                                                                                           00007ffe199d0540 12 bytes [48, B8, 89, 75, 4A, 64, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread                                                                                                                                                     00007ffe199e0c50 12 bytes [48, B8, C9, 1F, 4A, 64, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                                                                    00007ffe1c0a47a1 11 bytes [B8, 09, 5D, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                                                              00007ffe1c0a4d10 12 bytes [48, B8, C9, 50, 4A, 64, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                                                              00007ffe1c0aa830 12 bytes [48, B8, 09, 4F, 4A, 64, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                                                                        00007ffe1c0aae11 11 bytes [B8, 09, 56, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                                                                     00007ffe1c0aed61 11 bytes [B8, 49, 54, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1                                                                                                                                                  00007ffe1c0c4021 11 bytes [B8, 49, 5B, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                                                                         00007ffe1c0ca1a1 11 bytes [B8, C9, 57, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1                                                                                                                                                  00007ffe1c0cde41 11 bytes [B8, 89, 59, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                                                                     00007ffe1c0dddf1 11 bytes [B8, 89, 52, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                                                                                00007ffe1a8c1be0 12 bytes [48, B8, C9, 9D, 4A, 64, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                                                                                   00007ffe1a8c2571 11 bytes [B8, 89, 0F, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                                                                                00007ffe1a8c2d61 11 bytes [B8, 89, 9F, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                                                                                00007ffe1a8c2ff1 11 bytes [B8, 49, 11, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\WS2_32.dll!WSASocketW                                                                                                                                                                 00007ffe1a8c3880 12 bytes [48, B8, 09, 9C, 4A, 64, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                                                                                 00007ffe1a8c3bd1 11 bytes [B8, 49, 0A, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                                                                               00007ffe1a8c4230 12 bytes [48, B8, 09, 80, 4A, 64, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\WS2_32.dll!connect                                                                                                                                                                    00007ffe1a8c5730 12 bytes [48, B8, 49, 62, 4A, 64, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW                                                                                                                                                             00007ffe1a8c87e0 12 bytes [48, B8, C9, 81, 4A, 64, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                                                                                   00007ffe1a8d42d1 11 bytes [B8, 49, 9A, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                                                                             00007ffe1a8d6fe1 11 bytes [B8, C9, 0D, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\WS2_32.dll!gethostbyname + 1                                                                                                                                                          00007ffe1a8e54b1 11 bytes [B8, 89, 83, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\WINHTTP.dll!WinHttpCloseHandle + 1                                                                                                                                                    00007ffe13179bd1 11 bytes [B8, C9, 96, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\WINHTTP.dll!WinHttpOpenRequest                                                                                                                                                        00007ffe1318f2d0 12 bytes [48, B8, 09, 95, 4A, 64, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\WINHTTP.dll!WinHttpConnect + 1                                                                                                                                                        00007ffe13190441 11 bytes [B8, 89, 98, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\USER32.dll!ShowWindow                                                                                                                                                                 00007ffe1a3111b0 6 bytes [48, B8, C9, 88, 4A, 64]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\USER32.dll!ShowWindow + 8                                                                                                                                                             00007ffe1a3111b8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx                                                                                                                                                        00007ffe1a311210 6 bytes [48, B8, 89, 7C, 4A, 64]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8                                                                                                                                                    00007ffe1a311218 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\USER32.dll!SetWindowPlacement                                                                                                                                                         00007ffe1a3113d0 6 bytes [48, B8, 89, 16, 4B, 64]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\USER32.dll!SetWindowPlacement + 8                                                                                                                                                     00007ffe1a3113d8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\USER32.dll!GetMessageW                                                                                                                                                                00007ffe1a312670 12 bytes [48, B8, 09, 6B, 4A, 64, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\USER32.dll!PeekMessageW + 1                                                                                                                                                           00007ffe1a312991 11 bytes [B8, 89, 6E, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\USER32.dll!CallNextHookEx                                                                                                                                                             00007ffe1a312ef0 12 bytes [48, B8, C9, 7A, 4A, 64, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\USER32.dll!PostMessageW + 1                                                                                                                                                           00007ffe1a3133f1 11 bytes [B8, C9, 29, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\USER32.dll!GetMessageA + 1                                                                                                                                                            00007ffe1a316191 11 bytes [B8, 49, 69, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1                                                                                                                                                      00007ffe1a316391 4 bytes [B8, 09, 1E, 4A]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 6                                                                                                                                                      00007ffe1a316396 2 bytes [00, 00]
.text    ...                                                                                                                                                                                                                                             * 2
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\USER32.dll!CreateWindowExW                                                                                                                                                            00007ffe1a316d90 7 bytes [48, B8, 49, 85, 4A, 64, 00]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\USER32.dll!CreateWindowExW + 10                                                                                                                                                       00007ffe1a316d9a 2 bytes [50, C3]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\USER32.dll!CreateWindowExA                                                                                                                                                            00007ffe1a31ab30 7 bytes [48, B8, 09, 87, 4A, 64, 00]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\USER32.dll!CreateWindowExA + 10                                                                                                                                                       00007ffe1a31ab3a 2 bytes [50, C3]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\USER32.dll!SetWindowTextW + 1                                                                                                                                                         00007ffe1a31ce31 11 bytes [B8, 49, 93, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\USER32.dll!PeekMessageA + 1                                                                                                                                                           00007ffe1a31db41 11 bytes [B8, C9, 6C, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1                                                                                                                                                00007ffe1a31dec1 11 bytes [B8, 49, 3B, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\USER32.dll!FindWindowW + 1                                                                                                                                                            00007ffe1a320e61 4 bytes [B8, 49, AF, 4A]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\USER32.dll!FindWindowW + 6                                                                                                                                                            00007ffe1a320e66 2 bytes [00, 00]
.text    ...                                                                                                                                                                                                                                             * 2
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\USER32.dll!SetWinEventHook                                                                                                                                                            00007ffe1a327100 12 bytes [48, B8, 09, 3A, 4A, 64, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1                                                                                                                                          00007ffe1a333ab1 11 bytes [B8, 89, 8A, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\USER32.dll!PostMessageA + 1                                                                                                                                                           00007ffe1a335921 11 bytes [B8, 09, 28, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\USER32.dll!FindWindowExW + 1                                                                                                                                                          00007ffe1a337161 11 bytes [B8, 09, B1, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\USER32.dll!FindWindowExA + 1                                                                                                                                                          00007ffe1a337691 5 bytes [B8, 89, AD, 4A, 64]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\USER32.dll!FindWindowExA + 9                                                                                                                                                          00007ffe1a337699 3 bytes [00, 50, C3]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1                                                                                                                                             00007ffe1a3477a1 11 bytes [B8, 49, 8C, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1                                                                                                                                                      00007ffe1a370f61 8 bytes [B8, 49, 1C, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10                                                                                                                                                     00007ffe1a370f6a 2 bytes [50, C3]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\USER32.dll!MessageBoxExA + 1                                                                                                                                                          00007ffe1a397d01 11 bytes [B8, 09, 8E, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\USER32.dll!MessageBoxExW + 1                                                                                                                                                          00007ffe1a397d31 11 bytes [B8, C9, 8F, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\USER32.dll!SetWindowTextA + 1                                                                                                                                                         00007ffe1a3a1021 11 bytes [B8, 89, 91, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\USER32.dll!FindWindowA + 1                                                                                                                                                            00007ffe1a3a1471 11 bytes [B8, C9, AB, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1                                                                                                                                                 00007ffe1c1b14a1 5 bytes [B8, 09, 05, 4B, 64]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 7                                                                                                                                                 00007ffe1c1b14a7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1                                                                                                                                                      00007ffe1c1b2041 5 bytes [B8, 09, 1A, 4B, 64]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 7                                                                                                                                                      00007ffe1c1b2047 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 1                                                                                                                                                        00007ffe1c1b2061 5 bytes [B8, 49, 1F, 4B, 64]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 7                                                                                                                                                        00007ffe1c1b2067 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1                                                                                                                                                    00007ffe1c1b2071 5 bytes [B8, 89, 1D, 4B, 64]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 7                                                                                                                                                    00007ffe1c1b2077 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1                                                                                                                                                       00007ffe1c1b2091 5 bytes [B8, 09, 21, 4B, 64]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 7                                                                                                                                                       00007ffe1c1b2097 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1                                                                                                                                                       00007ffe1c1b20a1 5 bytes [B8, C9, 1B, 4B, 64]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 7                                                                                                                                                       00007ffe1c1b20a7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1                                                                                                                                                 00007ffe1c1b2201 5 bytes [B8, 49, 03, 4B, 64]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 7                                                                                                                                                 00007ffe1c1b2207 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 1                                                                                                                                                          00007ffe1c1e0fc1 5 bytes [B8, C9, 06, 4B, 64]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 7                                                                                                                                                          00007ffe1c1e0fc7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1                                                                                                                                                         00007ffe1c1e0fd1 5 bytes [B8, 89, 08, 4B, 64]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 7                                                                                                                                                         00007ffe1c1e0fd7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                                                                                                                           00007ffe1c20dd20 12 bytes [48, B8, C9, 65, 4A, 64, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                                                                                                                           00007ffe1c20ddb0 12 bytes [48, B8, 89, 67, 4A, 64, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\DNSAPI.dll!DnsQueryEx                                                                                                                                                                 00007ffe18b34420 12 bytes [48, B8, C9, C0, 4A, 64, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\DNSAPI.dll!DnsQuery_UTF8                                                                                                                                                              00007ffe18b53cd0 12 bytes [48, B8, 09, BF, 4A, 64, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\DNSAPI.dll!DnsQuery_W                                                                                                                                                                 00007ffe18b54350 12 bytes [48, B8, 49, BD, 4A, 64, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\DNSAPI.dll!DnsQuery_A                                                                                                                                                                 00007ffe18b8fd90 12 bytes [48, B8, 89, BB, 4A, 64, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1                                                                                                                                                     00007ffe1ac0ae61 11 bytes [B8, 49, 7E, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileW                                                                                                                                                    00007ffe0ff54460 12 bytes [48, B8, 89, 60, 4A, 64, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\urlmon.dll!URLDownloadToFileW + 1                                                                                                                                                     00007ffe0ff7ede1 11 bytes [B8, C9, 5E, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileA                                                                                                                                                    00007ffe10001170 12 bytes [48, B8, C9, F1, 4A, 64, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\urlmon.dll!URLDownloadToFileA                                                                                                                                                         00007ffe100012f0 12 bytes [48, B8, 09, F0, 4A, 64, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\WININET.dll!InternetCloseHandle + 1                                                                                                                                                   00007ffe138ab1c1 11 bytes [B8, 89, FA, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\WININET.dll!HttpOpenRequestW + 1                                                                                                                                                      00007ffe138ac6d1 11 bytes [B8, 49, E7, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\WININET.dll!InternetConnectW + 1                                                                                                                                                      00007ffe138b29b1 11 bytes [B8, C9, E3, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\WININET.dll!HttpSendRequestW + 1                                                                                                                                                      00007ffe138b3ba1 11 bytes [B8, C9, EA, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\WININET.dll!InternetReadFile + 1                                                                                                                                                      00007ffe138b4c81 11 bytes [B8, C9, D5, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\WININET.dll!InternetOpenW + 1                                                                                                                                                         00007ffe138eddc1 11 bytes [B8, 49, D9, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\WININET.dll!InternetOpenA                                                                                                                                                             00007ffe138edf60 12 bytes [48, B8, 89, D7, 4A, 64, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\WININET.dll!HttpSendRequestExW + 1                                                                                                                                                    00007ffe138fc461 11 bytes [B8, 49, EE, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\WININET.dll!InternetWriteFile + 1                                                                                                                                                     00007ffe138fc921 11 bytes [B8, 09, D4, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\WININET.dll!HttpSendRequestA + 1                                                                                                                                                      00007ffe1393f691 11 bytes [B8, 09, E9, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\WININET.dll!InternetConnectA + 1                                                                                                                                                      00007ffe1399e9b1 11 bytes [B8, 09, E2, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\WININET.dll!InternetOpenUrlA + 1                                                                                                                                                      00007ffe1399eda1 11 bytes [B8, 09, DB, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\WININET.dll!InternetOpenUrlW + 1                                                                                                                                                      00007ffe1399fa51 11 bytes [B8, C9, DC, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\WININET.dll!FtpGetFileA                                                                                                                                                               00007ffe139b0360 12 bytes [48, B8, 89, F3, 4A, 64, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\WININET.dll!FtpOpenFileA + 1                                                                                                                                                          00007ffe139b0811 11 bytes [B8, 89, DE, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\WININET.dll!FtpPutFileA                                                                                                                                                               00007ffe139b08f0 12 bytes [48, B8, 09, F7, 4A, 64, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\WININET.dll!FtpGetFileW + 1                                                                                                                                                           00007ffe139b4261 11 bytes [B8, 49, F5, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\WININET.dll!FtpOpenFileW + 1                                                                                                                                                          00007ffe139b4371 11 bytes [B8, 49, E0, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\WININET.dll!FtpPutFileW + 1                                                                                                                                                           00007ffe139b4571 11 bytes [B8, C9, F8, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\WININET.dll!HttpSendRequestExA + 1                                                                                                                                                    00007ffe139c8751 11 bytes [B8, 89, EC, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\dashost.exe[2180] C:\Windows\system32\WININET.dll!HttpOpenRequestA + 1                                                                                                                                                      00007ffe139cb221 11 bytes [B8, 89, E5, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe[3620] C:\Windows\system32\KERNEL32.DLL!UnhandledExceptionFilter + 1                                                                                                                 00007ffe1a2b0cf1 11 bytes [B8, 30, 08, EC, 69, A3, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot                                                                                                                                           00007ffe1a1edb10 12 bytes [48, B8, C9, 34, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\KERNEL32.DLL!Process32NextW                                                                                                                                                     00007ffe1a1ee1f0 12 bytes [48, B8, 89, B4, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1                                                                                                                                                00007ffe1a2834b1 11 bytes [B8, C9, 22, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1                                                                                                                                                    00007ffe1a2aaba1 8 bytes [B8, 09, C6, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10                                                                                                                                                   00007ffe1a2aabaa 2 bytes [50, C3]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1                                                                                                                                          00007ffe1a2aaca1 11 bytes [B8, 49, CB, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\KERNELBASE.dll!CloseHandle                                                                                                                                                      00007ffe199014c0 12 bytes [48, B8, 49, 4D, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                                                                  00007ffe199021d1 11 bytes [B8, 49, A8, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\KERNELBASE.dll!GetProcAddress                                                                                                                                                   00007ffe199042a0 12 bytes [48, B8, 09, AA, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1                                                                                                                                              00007ffe19905f71 11 bytes [B8, 89, D0, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                                                                     00007ffe19906a50 12 bytes [48, B8, 89, 4B, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                                                                   00007ffe199085f1 11 bytes [B8, C9, 49, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1                                                                                                                                               00007ffe19908901 11 bytes [B8, 89, A6, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\KERNELBASE.dll!FindClose + 1                                                                                                                                                    00007ffe19908dc1 11 bytes [B8, C9, FF, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                                                               00007ffe19909331 11 bytes [B8, C9, A4, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1                                                                                                                                                00007ffe1990b861 11 bytes [B8, 09, FE, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW                                                                                                                                           00007ffe1990f400 12 bytes [48, B8, 89, 28, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1                                                                                                                                        00007ffe1991a7b1 11 bytes [B8, 09, CD, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW                                                                                                                                                 00007ffe1991fce0 12 bytes [48, B8, 49, FC, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1                                                                                                                                           00007ffe19936d51 11 bytes [B8, 89, 3D, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1                                                                                                                                                  00007ffe199595f1 8 bytes [B8, C9, C7, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10                                                                                                                                                 00007ffe199595fa 2 bytes [50, C3]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                                                                             00007ffe1997a7e1 11 bytes [B8, 89, C2, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\KERNELBASE.dll!CreateThread                                                                                                                                                     00007ffe1997abf0 12 bytes [48, B8, C9, 3B, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1                                                                                                                                            00007ffe199cf7e1 11 bytes [B8, 49, 70, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1                                                                                                                                            00007ffe199cf861 11 bytes [B8, 09, 72, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA                                                                                                                                                     00007ffe199d0310 12 bytes [48, B8, C9, 73, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW                                                                                                                                                     00007ffe199d0540 12 bytes [48, B8, 89, 75, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread                                                                                                                                               00007ffe199e0c50 12 bytes [48, B8, C9, 1F, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                                                                          00007ffe1a8c1be0 12 bytes [48, B8, C9, 9D, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                                                                             00007ffe1a8c2571 11 bytes [B8, C9, 0D, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                                                                          00007ffe1a8c2d61 11 bytes [B8, 89, 9F, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                                                                          00007ffe1a8c2ff1 11 bytes [B8, 89, 0F, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\WS2_32.dll!WSASocketW                                                                                                                                                           00007ffe1a8c3880 12 bytes [48, B8, 09, 9C, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                                                                           00007ffe1a8c3bd1 11 bytes [B8, 89, 08, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                                                                         00007ffe1a8c4230 12 bytes [48, B8, 09, 80, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\WS2_32.dll!connect                                                                                                                                                              00007ffe1a8c5730 12 bytes [48, B8, 49, 62, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW                                                                                                                                                       00007ffe1a8c87e0 12 bytes [48, B8, C9, 81, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                                                                             00007ffe1a8d42d1 11 bytes [B8, 49, 9A, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                                                                       00007ffe1a8d6fe1 11 bytes [B8, 09, 0C, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\system32\WS2_32.dll!gethostbyname + 1                                                                                                                                                    00007ffe1a8e54b1 11 bytes [B8, 89, 83, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                                                              00007ffe1c0a47a1 11 bytes [B8, 09, 5D, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                                                        00007ffe1c0a4d10 12 bytes [48, B8, C9, 50, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                                                        00007ffe1c0aa830 12 bytes [48, B8, 09, 4F, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                                                                  00007ffe1c0aae11 11 bytes [B8, 09, 56, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                                                               00007ffe1c0aed61 11 bytes [B8, 49, 54, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1                                                                                                                                            00007ffe1c0c4021 11 bytes [B8, 49, 5B, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                                                                   00007ffe1c0ca1a1 11 bytes [B8, C9, 57, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1                                                                                                                                            00007ffe1c0cde41 11 bytes [B8, 89, 59, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                                                               00007ffe1c0dddf1 11 bytes [B8, 89, 52, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\advapi32.dll!CryptAcquireContextW + 1                                                                                                                                           00007ffe1c1b14a1 5 bytes [B8, 49, 03, 4B, 64]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\advapi32.dll!CryptAcquireContextW + 7                                                                                                                                           00007ffe1c1b14a7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\advapi32.dll!CryptCreateHash + 1                                                                                                                                                00007ffe1c1b2041 5 bytes [B8, 49, 18, 4B, 64]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\advapi32.dll!CryptCreateHash + 7                                                                                                                                                00007ffe1c1b2047 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\advapi32.dll!CryptHashData + 1                                                                                                                                                  00007ffe1c1b2061 5 bytes [B8, 89, 1D, 4B, 64]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\advapi32.dll!CryptHashData + 7                                                                                                                                                  00007ffe1c1b2067 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\advapi32.dll!CryptGetHashParam + 1                                                                                                                                              00007ffe1c1b2071 5 bytes [B8, C9, 1B, 4B, 64]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\advapi32.dll!CryptGetHashParam + 7                                                                                                                                              00007ffe1c1b2077 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\advapi32.dll!CryptImportKey + 1                                                                                                                                                 00007ffe1c1b2091 5 bytes [B8, 49, 1F, 4B, 64]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\advapi32.dll!CryptImportKey + 7                                                                                                                                                 00007ffe1c1b2097 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\advapi32.dll!CryptExportKey + 1                                                                                                                                                 00007ffe1c1b20a1 5 bytes [B8, 09, 1A, 4B, 64]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\advapi32.dll!CryptExportKey + 7                                                                                                                                                 00007ffe1c1b20a7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\advapi32.dll!CryptAcquireContextA + 1                                                                                                                                           00007ffe1c1b2201 5 bytes [B8, 89, 01, 4B, 64]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\advapi32.dll!CryptAcquireContextA + 7                                                                                                                                           00007ffe1c1b2207 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\advapi32.dll!CryptGenKey + 1                                                                                                                                                    00007ffe1c1e0fc1 5 bytes [B8, 09, 05, 4B, 64]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\advapi32.dll!CryptGenKey + 7                                                                                                                                                    00007ffe1c1e0fc7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\advapi32.dll!CryptEncrypt + 1                                                                                                                                                   00007ffe1c1e0fd1 5 bytes [B8, C9, 06, 4B, 64]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\advapi32.dll!CryptEncrypt + 7                                                                                                                                                   00007ffe1c1e0fd7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceA                                                                                                                                                     00007ffe1c20dd20 12 bytes [48, B8, C9, 65, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceW                                                                                                                                                     00007ffe1c20ddb0 12 bytes [48, B8, 89, 67, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\user32.dll!ShowWindow                                                                                                                                                           00007ffe1a3111b0 6 bytes [48, B8, C9, 88, 4A, 64]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\user32.dll!ShowWindow + 8                                                                                                                                                       00007ffe1a3111b8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx                                                                                                                                                  00007ffe1a311210 6 bytes [48, B8, 89, 7C, 4A, 64]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx + 8
         
__________________


Alt 03.12.2015, 23:30   #3
Renate1966
 
Watch4 - Google Chrome - Windows 8.1 - Standard

Watch4 - Google Chrome - Windows 8.1



Code:
ATTFilter
                                                                                                                                             00007ffe1a311218 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\user32.dll!SetWindowPlacement                                                                                                                                                   00007ffe1a3113d0 6 bytes [48, B8, C9, 14, 4B, 64]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\user32.dll!SetWindowPlacement + 8                                                                                                                                               00007ffe1a3113d8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\user32.dll!GetMessageW                                                                                                                                                          00007ffe1a312670 12 bytes [48, B8, 09, 6B, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\user32.dll!PeekMessageW + 1                                                                                                                                                     00007ffe1a312991 11 bytes [B8, 89, 6E, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\user32.dll!CallNextHookEx                                                                                                                                                       00007ffe1a312ef0 12 bytes [48, B8, C9, 7A, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\user32.dll!PostMessageW + 1                                                                                                                                                     00007ffe1a3133f1 11 bytes [B8, 09, 28, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\user32.dll!GetMessageA + 1                                                                                                                                                      00007ffe1a316191 11 bytes [B8, 49, 69, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW + 1                                                                                                                                                00007ffe1a316391 4 bytes [B8, 09, 1E, 4A]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW + 6                                                                                                                                                00007ffe1a316396 2 bytes [00, 00]
.text    ...                                                                                                                                                                                                                                             * 2
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW                                                                                                                                                      00007ffe1a316d90 7 bytes [48, B8, 49, 85, 4A, 64, 00]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 10                                                                                                                                                 00007ffe1a316d9a 2 bytes [50, C3]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA                                                                                                                                                      00007ffe1a31ab30 7 bytes [48, B8, 09, 87, 4A, 64, 00]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 10                                                                                                                                                 00007ffe1a31ab3a 2 bytes [50, C3]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\user32.dll!SetWindowTextW + 1                                                                                                                                                   00007ffe1a31ce31 11 bytes [B8, 49, 93, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\user32.dll!PeekMessageA + 1                                                                                                                                                     00007ffe1a31db41 11 bytes [B8, C9, 6C, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\user32.dll!UserClientDllInitialize + 1                                                                                                                                          00007ffe1a31dec1 11 bytes [B8, 89, 39, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\user32.dll!FindWindowW + 1                                                                                                                                                      00007ffe1a320e61 4 bytes [B8, 49, AF, 4A]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\user32.dll!FindWindowW + 6                                                                                                                                                      00007ffe1a320e66 2 bytes [00, 00]
.text    ...                                                                                                                                                                                                                                             * 2
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\user32.dll!SetWinEventHook                                                                                                                                                      00007ffe1a327100 12 bytes [48, B8, 09, 3A, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\user32.dll!CreateDialogIndirectParamAorW + 1                                                                                                                                    00007ffe1a333ab1 11 bytes [B8, 89, 8A, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\user32.dll!PostMessageA + 1                                                                                                                                                     00007ffe1a335921 11 bytes [B8, 49, 26, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\user32.dll!FindWindowExW + 1                                                                                                                                                    00007ffe1a337161 11 bytes [B8, 09, B1, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\user32.dll!FindWindowExA + 1                                                                                                                                                    00007ffe1a337691 5 bytes [B8, 89, AD, 4A, 64]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\user32.dll!FindWindowExA + 9                                                                                                                                                    00007ffe1a337699 3 bytes [00, 50, C3]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\user32.dll!DialogBoxIndirectParamAorW + 1                                                                                                                                       00007ffe1a3477a1 11 bytes [B8, 49, 8C, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 1                                                                                                                                                00007ffe1a370f61 8 bytes [B8, 49, 1C, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 10                                                                                                                                               00007ffe1a370f6a 2 bytes [50, C3]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\user32.dll!MessageBoxExA + 1                                                                                                                                                    00007ffe1a397d01 11 bytes [B8, 09, 8E, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\user32.dll!MessageBoxExW + 1                                                                                                                                                    00007ffe1a397d31 11 bytes [B8, C9, 8F, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\user32.dll!SetWindowTextA + 1                                                                                                                                                   00007ffe1a3a1021 11 bytes [B8, 89, 91, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\wmiprvse.exe[1396] C:\Windows\SYSTEM32\user32.dll!FindWindowA + 1                                                                                                                                                      00007ffe1a3a1471 11 bytes [B8, C9, AB, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot                                                                                                                                              00007ffe1a1edb10 12 bytes [48, B8, C9, 34, 4A, 64, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\KERNEL32.DLL!Process32NextW                                                                                                                                                        00007ffe1a1ee1f0 12 bytes [48, B8, 89, B4, 4A, 64, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1                                                                                                                                                   00007ffe1a2834b1 2 bytes [B8, 89]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 4                                                                                                                                                   00007ffe1a2834b4 8 bytes [4B, 64, 00, 00, 00, 00, 50, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1                                                                                                                                                       00007ffe1a2aaba1 8 bytes [B8, 09, C6, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10                                                                                                                                                      00007ffe1a2aabaa 2 bytes [50, C3]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1                                                                                                                                             00007ffe1a2aaca1 11 bytes [B8, 49, CB, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\KERNELBASE.dll!CloseHandle                                                                                                                                                         00007ffe199014c0 12 bytes [48, B8, 49, 4D, 4A, 64, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                                                                     00007ffe199021d1 11 bytes [B8, 49, A8, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\KERNELBASE.dll!GetProcAddress                                                                                                                                                      00007ffe199042a0 12 bytes [48, B8, 09, AA, 4A, 64, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1                                                                                                                                                 00007ffe19905f71 11 bytes [B8, 49, D2, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                                                                        00007ffe19906a50 12 bytes [48, B8, 89, 4B, 4A, 64, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                                                                      00007ffe199085f1 11 bytes [B8, C9, 49, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1                                                                                                                                                  00007ffe19908901 11 bytes [B8, 89, A6, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\KERNELBASE.dll!FindClose + 1                                                                                                                                                       00007ffe19908dc1 11 bytes [B8, 89, 01, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                                                                  00007ffe19909331 11 bytes [B8, C9, A4, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1                                                                                                                                                   00007ffe1990b861 11 bytes [B8, C9, FF, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW                                                                                                                                              00007ffe1990f400 12 bytes [48, B8, 89, 28, 4A, 64, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1                                                                                                                                           00007ffe1991a7b1 11 bytes [B8, 09, CD, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW                                                                                                                                                    00007ffe1991fce0 12 bytes [48, B8, 09, FE, 4A, 64, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1                                                                                                                                              00007ffe19936d51 11 bytes [B8, 89, 3D, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1                                                                                                                                                     00007ffe199595f1 8 bytes [B8, C9, C7, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10                                                                                                                                                    00007ffe199595fa 2 bytes [50, C3]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                                                                                00007ffe1997a7e1 11 bytes [B8, 89, C2, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\KERNELBASE.dll!CreateThread                                                                                                                                                        00007ffe1997abf0 12 bytes [48, B8, C9, 3B, 4A, 64, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1                                                                                                                                               00007ffe199cf7e1 11 bytes [B8, 49, 70, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1                                                                                                                                               00007ffe199cf861 11 bytes [B8, 09, 72, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA                                                                                                                                                        00007ffe199d0310 12 bytes [48, B8, C9, 73, 4A, 64, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW                                                                                                                                                        00007ffe199d0540 12 bytes [48, B8, 89, 75, 4A, 64, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread                                                                                                                                                  00007ffe199e0c50 12 bytes [48, B8, C9, 1F, 4A, 64, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                                                                 00007ffe1c0a47a1 11 bytes [B8, 09, 5D, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                                                           00007ffe1c0a4d10 12 bytes [48, B8, C9, 50, 4A, 64, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                                                           00007ffe1c0aa830 12 bytes [48, B8, 09, 4F, 4A, 64, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                                                                     00007ffe1c0aae11 11 bytes [B8, 09, 56, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                                                                  00007ffe1c0aed61 11 bytes [B8, 49, 54, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1                                                                                                                                               00007ffe1c0c4021 11 bytes [B8, 49, 5B, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                                                                      00007ffe1c0ca1a1 11 bytes [B8, C9, 57, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1                                                                                                                                               00007ffe1c0cde41 11 bytes [B8, 89, 59, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                                                                  00007ffe1c0dddf1 11 bytes [B8, 89, 52, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\user32.dll!ShowWindow                                                                                                                                                              00007ffe1a3111b0 6 bytes [48, B8, C9, 88, 4A, 64]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\user32.dll!ShowWindow + 8                                                                                                                                                          00007ffe1a3111b8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx                                                                                                                                                     00007ffe1a311210 6 bytes [48, B8, 89, 7C, 4A, 64]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx + 8                                                                                                                                                 00007ffe1a311218 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\user32.dll!SetWindowPlacement                                                                                                                                                      00007ffe1a3113d0 6 bytes [48, B8, 89, 16, 4B, 64]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\user32.dll!SetWindowPlacement + 8                                                                                                                                                  00007ffe1a3113d8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\user32.dll!GetMessageW                                                                                                                                                             00007ffe1a312670 12 bytes [48, B8, 09, 6B, 4A, 64, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\user32.dll!PeekMessageW + 1                                                                                                                                                        00007ffe1a312991 11 bytes [B8, 89, 6E, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\user32.dll!CallNextHookEx                                                                                                                                                          00007ffe1a312ef0 12 bytes [48, B8, C9, 7A, 4A, 64, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\user32.dll!PostMessageW + 1                                                                                                                                                        00007ffe1a3133f1 11 bytes [B8, C9, 29, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\user32.dll!GetMessageA + 1                                                                                                                                                         00007ffe1a316191 11 bytes [B8, 49, 69, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW + 1                                                                                                                                                   00007ffe1a316391 4 bytes [B8, 09, 1E, 4A]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW + 6                                                                                                                                                   00007ffe1a316396 2 bytes [00, 00]
.text    ...                                                                                                                                                                                                                                             * 2
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW                                                                                                                                                         00007ffe1a316d90 7 bytes [48, B8, 49, 85, 4A, 64, 00]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 10                                                                                                                                                    00007ffe1a316d9a 2 bytes [50, C3]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA                                                                                                                                                         00007ffe1a31ab30 7 bytes [48, B8, 09, 87, 4A, 64, 00]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 10                                                                                                                                                    00007ffe1a31ab3a 2 bytes [50, C3]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\user32.dll!SetWindowTextW + 1                                                                                                                                                      00007ffe1a31ce31 11 bytes [B8, 49, 93, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\user32.dll!PeekMessageA + 1                                                                                                                                                        00007ffe1a31db41 11 bytes [B8, C9, 6C, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\user32.dll!UserClientDllInitialize + 1                                                                                                                                             00007ffe1a31dec1 11 bytes [B8, C9, 37, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\user32.dll!FindWindowW + 1                                                                                                                                                         00007ffe1a320e61 4 bytes [B8, 49, AF, 4A]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\user32.dll!FindWindowW + 6                                                                                                                                                         00007ffe1a320e66 2 bytes [00, 00]
.text    ...                                                                                                                                                                                                                                             * 2
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\user32.dll!SetWinEventHook                                                                                                                                                         00007ffe1a327100 12 bytes [48, B8, 09, 3A, 4A, 64, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\user32.dll!CreateDialogIndirectParamAorW + 1                                                                                                                                       00007ffe1a333ab1 11 bytes [B8, 89, 8A, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\user32.dll!PostMessageA + 1                                                                                                                                                        00007ffe1a335921 11 bytes [B8, 09, 28, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\user32.dll!FindWindowExW + 1                                                                                                                                                       00007ffe1a337161 11 bytes [B8, 09, B1, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\user32.dll!FindWindowExA + 1                                                                                                                                                       00007ffe1a337691 5 bytes [B8, 89, AD, 4A, 64]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\user32.dll!FindWindowExA + 9                                                                                                                                                       00007ffe1a337699 3 bytes [00, 50, C3]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\user32.dll!DialogBoxIndirectParamAorW + 1                                                                                                                                          00007ffe1a3477a1 11 bytes [B8, 49, 8C, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 1                                                                                                                                                   00007ffe1a370f61 8 bytes [B8, 49, 1C, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 10                                                                                                                                                  00007ffe1a370f6a 2 bytes [50, C3]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\user32.dll!MessageBoxExA + 1                                                                                                                                                       00007ffe1a397d01 11 bytes [B8, 09, 8E, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\user32.dll!MessageBoxExW + 1                                                                                                                                                       00007ffe1a397d31 11 bytes [B8, C9, 8F, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\user32.dll!SetWindowTextA + 1                                                                                                                                                      00007ffe1a3a1021 11 bytes [B8, 89, 91, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\SYSTEM32\user32.dll!FindWindowA + 1                                                                                                                                                         00007ffe1a3a1471 11 bytes [B8, C9, AB, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 465                                                                                                                                                   00007ffe19a84101 11 bytes [B8, 89, 39, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\GDI32.dll!NamedEscape + 1                                                                                                                                                          00007ffe19b44bc1 11 bytes [B8, 49, 18, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\wininet.dll!InternetCloseHandle + 1                                                                                                                                                00007ffe138ab1c1 11 bytes [B8, 89, FA, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\wininet.dll!HttpOpenRequestW + 1                                                                                                                                                   00007ffe138ac6d1 11 bytes [B8, 49, E7, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\wininet.dll!InternetConnectW + 1                                                                                                                                                   00007ffe138b29b1 11 bytes [B8, C9, E3, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\wininet.dll!HttpSendRequestW + 1                                                                                                                                                   00007ffe138b3ba1 11 bytes [B8, C9, EA, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\wininet.dll!InternetReadFile + 1                                                                                                                                                   00007ffe138b4c81 11 bytes [B8, C9, D5, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\wininet.dll!InternetOpenW + 1                                                                                                                                                      00007ffe138eddc1 11 bytes [B8, 49, D9, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\wininet.dll!InternetOpenA                                                                                                                                                          00007ffe138edf60 12 bytes [48, B8, 89, D7, 4A, 64, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\wininet.dll!HttpSendRequestExW + 1                                                                                                                                                 00007ffe138fc461 11 bytes [B8, 49, EE, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\wininet.dll!InternetWriteFile + 1                                                                                                                                                  00007ffe138fc921 11 bytes [B8, 09, D4, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\wininet.dll!HttpSendRequestA + 1                                                                                                                                                   00007ffe1393f691 11 bytes [B8, 09, E9, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\wininet.dll!InternetConnectA + 1                                                                                                                                                   00007ffe1399e9b1 11 bytes [B8, 09, E2, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\wininet.dll!InternetOpenUrlA + 1                                                                                                                                                   00007ffe1399eda1 11 bytes [B8, 09, DB, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\wininet.dll!InternetOpenUrlW + 1                                                                                                                                                   00007ffe1399fa51 11 bytes [B8, C9, DC, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\wininet.dll!FtpGetFileA                                                                                                                                                            00007ffe139b0360 12 bytes [48, B8, 89, F3, 4A, 64, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\wininet.dll!FtpOpenFileA + 1                                                                                                                                                       00007ffe139b0811 11 bytes [B8, 89, DE, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\wininet.dll!FtpPutFileA                                                                                                                                                            00007ffe139b08f0 12 bytes [48, B8, 09, F7, 4A, 64, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\wininet.dll!FtpGetFileW + 1                                                                                                                                                        00007ffe139b4261 11 bytes [B8, 49, F5, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\wininet.dll!FtpOpenFileW + 1                                                                                                                                                       00007ffe139b4371 11 bytes [B8, 49, E0, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\wininet.dll!FtpPutFileW + 1                                                                                                                                                        00007ffe139b4571 11 bytes [B8, C9, F8, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\wininet.dll!HttpSendRequestExA + 1                                                                                                                                                 00007ffe139c8751 11 bytes [B8, 89, EC, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\wininet.dll!HttpOpenRequestA + 1                                                                                                                                                   00007ffe139cb221 11 bytes [B8, 89, E5, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1                                                                                                                                                  00007ffe1ac0ae61 11 bytes [B8, 49, 7E, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1                                                                                                                                              00007ffe1c1b14a1 5 bytes [B8, 09, 05, 4B, 64]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 7                                                                                                                                              00007ffe1c1b14a7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1                                                                                                                                                   00007ffe1c1b2041 5 bytes [B8, 09, 1A, 4B, 64]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 7                                                                                                                                                   00007ffe1c1b2047 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 1                                                                                                                                                     00007ffe1c1b2061 5 bytes [B8, 49, 1F, 4B, 64]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 7                                                                                                                                                     00007ffe1c1b2067 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1                                                                                                                                                 00007ffe1c1b2071 5 bytes [B8, 89, 1D, 4B, 64]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 7                                                                                                                                                 00007ffe1c1b2077 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1                                                                                                                                                    00007ffe1c1b2091 5 bytes [B8, 09, 21, 4B, 64]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 7                                                                                                                                                    00007ffe1c1b2097 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1                                                                                                                                                    00007ffe1c1b20a1 5 bytes [B8, C9, 1B, 4B, 64]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 7                                                                                                                                                    00007ffe1c1b20a7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1                                                                                                                                              00007ffe1c1b2201 5 bytes [B8, 49, 03, 4B, 64]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 7                                                                                                                                              00007ffe1c1b2207 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 1                                                                                                                                                       00007ffe1c1e0fc1 5 bytes [B8, C9, 06, 4B, 64]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 7                                                                                                                                                       00007ffe1c1e0fc7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1                                                                                                                                                      00007ffe1c1e0fd1 5 bytes [B8, 89, 08, 4B, 64]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 7                                                                                                                                                      00007ffe1c1e0fd7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                                                                                                                        00007ffe1c20dd20 12 bytes [48, B8, C9, 65, 4A, 64, 00, ...]
.text    C:\Windows\system32\taskhostex.exe[4216] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                                                                                                                        00007ffe1c20ddb0 12 bytes [48, B8, 89, 67, 4A, 64, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot                                                                                                                                                         00007ffe1a1edb10 12 bytes [48, B8, C9, 34, 4A, 64, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1                                                                                                                                                              00007ffe1a2834b1 11 bytes [B8, 89, BB, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1                                                                                                                                                                  00007ffe1a2aaba1 8 bytes [B8, 89, 60, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10                                                                                                                                                                 00007ffe1a2aabaa 2 bytes [50, C3]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1                                                                                                                                                        00007ffe1a2aaca1 11 bytes [B8, C9, 65, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\KERNELBASE.dll!GetProcAddress                                                                                                                                                                 00007ffe199042a0 12 bytes [48, B8, 89, 6E, 4A, 64, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1                                                                                                                                                            00007ffe19905f71 11 bytes [B8, C9, 6C, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1                                                                                                                                                             00007ffe19908901 11 bytes [B8, 89, AD, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\KERNELBASE.dll!FindClose + 1                                                                                                                                                                  00007ffe19908dc1 11 bytes [B8, 49, A1, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1                                                                                                                                                              00007ffe1990b861 11 bytes [B8, 89, 9F, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW                                                                                                                                                         00007ffe1990f400 12 bytes [48, B8, 89, 28, 4A, 64, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1                                                                                                                                                      00007ffe1991a7b1 11 bytes [B8, 89, 67, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW                                                                                                                                                               00007ffe1991fce0 12 bytes [48, B8, C9, 9D, 4A, 64, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1                                                                                                                                                         00007ffe19936d51 11 bytes [B8, 89, 3D, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1                                                                                                                                                                00007ffe199595f1 8 bytes [B8, 49, 62, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10                                                                                                                                                               00007ffe199595fa 2 bytes [50, C3]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                                                                                           00007ffe1997a7e1 11 bytes [B8, 09, 5D, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\KERNELBASE.dll!CreateThread                                                                                                                                                                   00007ffe1997abf0 12 bytes [48, B8, C9, 3B, 4A, 64, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread                                                                                                                                                             00007ffe199e0c50 12 bytes [48, B8, C9, 1F, 4A, 64, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\SYSTEM32\advapi32.dll!CryptAcquireContextW + 1                                                                                                                                                         00007ffe1c1b14a1 5 bytes [B8, C9, A4, 4A, 64]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\SYSTEM32\advapi32.dll!CryptAcquireContextW + 7                                                                                                                                                         00007ffe1c1b14a7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\SYSTEM32\advapi32.dll!CryptCreateHash + 1                                                                                                                                                              00007ffe1c1b2041 5 bytes [B8, 09, B1, 4A, 64]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\SYSTEM32\advapi32.dll!CryptCreateHash + 7                                                                                                                                                              00007ffe1c1b2047 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\SYSTEM32\advapi32.dll!CryptHashData + 1                                                                                                                                                                00007ffe1c1b2061 5 bytes [B8, 49, B6, 4A, 64]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\SYSTEM32\advapi32.dll!CryptHashData + 7                                                                                                                                                                00007ffe1c1b2067 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\SYSTEM32\advapi32.dll!CryptGetHashParam + 1                                                                                                                                                            00007ffe1c1b2071 5 bytes [B8, 89, B4, 4A, 64]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\SYSTEM32\advapi32.dll!CryptGetHashParam + 7                                                                                                                                                            00007ffe1c1b2077 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\SYSTEM32\advapi32.dll!CryptImportKey + 1                                                                                                                                                               00007ffe1c1b2091 5 bytes [B8, 09, B8, 4A, 64]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\SYSTEM32\advapi32.dll!CryptImportKey + 7                                                                                                                                                               00007ffe1c1b2097 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\SYSTEM32\advapi32.dll!CryptExportKey + 1                                                                                                                                                               00007ffe1c1b20a1 5 bytes [B8, C9, B2, 4A, 64]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\SYSTEM32\advapi32.dll!CryptExportKey + 7                                                                                                                                                               00007ffe1c1b20a7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\SYSTEM32\advapi32.dll!CryptAcquireContextA + 1                                                                                                                                                         00007ffe1c1b2201 5 bytes [B8, 09, A3, 4A, 64]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\SYSTEM32\advapi32.dll!CryptAcquireContextA + 7                                                                                                                                                         00007ffe1c1b2207 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\SYSTEM32\advapi32.dll!CryptGenKey + 1                                                                                                                                                                  00007ffe1c1e0fc1 5 bytes [B8, 89, A6, 4A, 64]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\SYSTEM32\advapi32.dll!CryptGenKey + 7                                                                                                                                                                  00007ffe1c1e0fc7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\SYSTEM32\advapi32.dll!CryptEncrypt + 1                                                                                                                                                                 00007ffe1c1e0fd1 5 bytes [B8, 49, A8, 4A, 64]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\SYSTEM32\advapi32.dll!CryptEncrypt + 7                                                                                                                                                                 00007ffe1c1e0fd7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceA                                                                                                                                                                   00007ffe1c20dd20 12 bytes [48, B8, 89, 52, 4A, 64, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceW                                                                                                                                                                   00007ffe1c20ddb0 12 bytes [48, B8, 49, 54, 4A, 64, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\USER32.dll!GetMessageW                                                                                                                                                                        00007ffe1a312670 12 bytes [48, B8, C9, C0, 4A, 64, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\USER32.dll!PostMessageW + 1                                                                                                                                                                   00007ffe1a3133f1 11 bytes [B8, 49, C4, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\USER32.dll!GetMessageA + 1                                                                                                                                                                    00007ffe1a316191 11 bytes [B8, 09, BF, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1                                                                                                                                                              00007ffe1a316391 4 bytes [B8, 09, 1E, 4A]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 6                                                                                                                                                              00007ffe1a316396 2 bytes [00, 00]
.text    ...                                                                                                                                                                                                                                             * 2
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1                                                                                                                                                        00007ffe1a31dec1 11 bytes [B8, 89, D0, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\USER32.dll!SetWinEventHook                                                                                                                                                                    00007ffe1a327100 12 bytes [48, B8, 09, 3A, 4A, 64, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\USER32.dll!PostMessageA + 1                                                                                                                                                                   00007ffe1a335921 11 bytes [B8, 89, C2, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1                                                                                                                                                              00007ffe1a370f61 8 bytes [B8, 49, 1C, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10                                                                                                                                                             00007ffe1a370f6a 2 bytes [50, C3]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 465                                                                                                                                                              00007ffe19a84101 11 bytes [B8, 49, D2, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\GDI32.dll!NamedEscape + 1                                                                                                                                                                     00007ffe19b44bc1 11 bytes [B8, 49, AF, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                                                                            00007ffe1c0a47a1 11 bytes [B8, 49, 4D, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                                                                      00007ffe1c0a4d10 12 bytes [48, B8, 09, 41, 4A, 64, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                                                                      00007ffe1c0aa830 12 bytes [48, B8, 49, 3F, 4A, 64, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                                                                                00007ffe1c0aae11 11 bytes [B8, 49, 46, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                                                                             00007ffe1c0aed61 11 bytes [B8, 89, 44, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1                                                                                                                                                          00007ffe1c0c4021 11 bytes [B8, 89, 4B, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                                                                                 00007ffe1c0ca1a1 11 bytes [B8, 09, 48, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1                                                                                                                                                          00007ffe1c0cde41 11 bytes [B8, C9, 49, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                                                                             00007ffe1c0dddf1 11 bytes [B8, C9, 42, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileW                                                                                                                                                            00007ffe0ff54460 12 bytes [48, B8, 89, 91, 4A, 64, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\urlmon.dll!URLDownloadToFileW + 1                                                                                                                                                             00007ffe0ff7ede1 11 bytes [B8, 09, 8E, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileA                                                                                                                                                            00007ffe10001170 12 bytes [48, B8, C9, 8F, 4A, 64, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\urlmon.dll!URLDownloadToFileA                                                                                                                                                                 00007ffe100012f0 12 bytes [48, B8, 49, 8C, 4A, 64, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\WININET.dll!InternetCloseHandle + 1
         
__________________

Alt 03.12.2015, 23:32   #4
Renate1966
 
Watch4 - Google Chrome - Windows 8.1 - Standard

Watch4 - Google Chrome - Windows 8.1



Code:
ATTFilter
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\WININET.dll!HttpOpenRequestW + 1                                                                                                                                                              00007ffe138ac6d1 11 bytes [B8, 89, 83, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\WININET.dll!InternetConnectW + 1                                                                                                                                                              00007ffe138b29b1 11 bytes [B8, 09, 80, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\WININET.dll!HttpSendRequestW + 1                                                                                                                                                              00007ffe138b3ba1 11 bytes [B8, 09, 87, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\WININET.dll!InternetReadFile + 1                                                                                                                                                              00007ffe138b4c81 11 bytes [B8, 09, 72, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\WININET.dll!InternetOpenW + 1                                                                                                                                                                 00007ffe138eddc1 11 bytes [B8, 89, 75, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\WININET.dll!InternetOpenA                                                                                                                                                                     00007ffe138edf60 12 bytes [48, B8, C9, 73, 4A, 64, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\WININET.dll!HttpSendRequestExW + 1                                                                                                                                                            00007ffe138fc461 11 bytes [B8, 89, 8A, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\WININET.dll!InternetWriteFile + 1                                                                                                                                                             00007ffe138fc921 11 bytes [B8, 49, 70, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\WININET.dll!HttpSendRequestA + 1                                                                                                                                                              00007ffe1393f691 11 bytes [B8, 49, 85, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\WININET.dll!InternetConnectA + 1                                                                                                                                                              00007ffe1399e9b1 11 bytes [B8, 49, 7E, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\WININET.dll!InternetOpenUrlA + 1                                                                                                                                                              00007ffe1399eda1 11 bytes [B8, 49, 77, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\WININET.dll!InternetOpenUrlW + 1                                                                                                                                                              00007ffe1399fa51 11 bytes [B8, 09, 79, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\WININET.dll!FtpGetFileA                                                                                                                                                                       00007ffe139b0360 12 bytes [48, B8, 49, 93, 4A, 64, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\WININET.dll!FtpOpenFileA + 1                                                                                                                                                                  00007ffe139b0811 11 bytes [B8, C9, 7A, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\WININET.dll!FtpPutFileA                                                                                                                                                                       00007ffe139b08f0 12 bytes [48, B8, C9, 96, 4A, 64, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\WININET.dll!FtpGetFileW + 1                                                                                                                                                                   00007ffe139b4261 11 bytes [B8, 09, 95, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\WININET.dll!FtpOpenFileW + 1                                                                                                                                                                  00007ffe139b4371 11 bytes [B8, 89, 7C, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\WININET.dll!FtpPutFileW + 1                                                                                                                                                                   00007ffe139b4571 11 bytes [B8, 89, 98, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\WININET.dll!HttpSendRequestExA + 1                                                                                                                                                            00007ffe139c8751 11 bytes [B8, C9, 88, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\WININET.dll!HttpOpenRequestA + 1                                                                                                                                                              00007ffe139cb221 11 bytes [B8, C9, 81, 4A, 64, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[1796] C:\Windows\system32\WS2_32.dll!connect                                                                                                                                                                            00007ffe1a8c5730 12 bytes [48, B8, 09, 4F, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot                                                                                                                           00007ffe1a1edb10 12 bytes [48, B8, C9, 34, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\KERNEL32.DLL!Process32NextW                                                                                                                                     00007ffe1a1ee1f0 12 bytes [48, B8, 89, B4, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1                                                                                                                                00007ffe1a2834b1 2 bytes [B8, 89]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 4                                                                                                                                00007ffe1a2834b4 8 bytes [4B, 64, 00, 00, 00, 00, 50, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1                                                                                                                                    00007ffe1a2aaba1 8 bytes [B8, 09, C6, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10                                                                                                                                   00007ffe1a2aabaa 2 bytes [50, C3]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1                                                                                                                          00007ffe1a2aaca1 11 bytes [B8, 49, CB, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\KERNELBASE.dll!CloseHandle                                                                                                                                      00007ffe199014c0 12 bytes [48, B8, 49, 4D, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                                                  00007ffe199021d1 11 bytes [B8, 49, A8, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\KERNELBASE.dll!GetProcAddress                                                                                                                                   00007ffe199042a0 12 bytes [48, B8, 09, AA, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1                                                                                                                              00007ffe19905f71 11 bytes [B8, 49, D2, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                                                     00007ffe19906a50 12 bytes [48, B8, 89, 4B, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                                                   00007ffe199085f1 11 bytes [B8, C9, 49, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1                                                                                                                               00007ffe19908901 11 bytes [B8, 89, A6, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\KERNELBASE.dll!FindClose + 1                                                                                                                                    00007ffe19908dc1 11 bytes [B8, 89, 01, 4B, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                                               00007ffe19909331 11 bytes [B8, C9, A4, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1                                                                                                                                00007ffe1990b861 11 bytes [B8, C9, FF, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW                                                                                                                           00007ffe1990f400 12 bytes [48, B8, 89, 28, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1                                                                                                                        00007ffe1991a7b1 11 bytes [B8, 09, CD, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW                                                                                                                                 00007ffe1991fce0 12 bytes [48, B8, 09, FE, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1                                                                                                                           00007ffe19936d51 11 bytes [B8, 89, 3D, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1                                                                                                                                  00007ffe199595f1 8 bytes [B8, C9, C7, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10                                                                                                                                 00007ffe199595fa 2 bytes [50, C3]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                                                             00007ffe1997a7e1 11 bytes [B8, 89, C2, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\KERNELBASE.dll!CreateThread                                                                                                                                     00007ffe1997abf0 12 bytes [48, B8, C9, 3B, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1                                                                                                                            00007ffe199cf7e1 11 bytes [B8, 49, 70, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1                                                                                                                            00007ffe199cf861 11 bytes [B8, 09, 72, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA                                                                                                                                     00007ffe199d0310 12 bytes [48, B8, C9, 73, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW                                                                                                                                     00007ffe199d0540 12 bytes [48, B8, 89, 75, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread                                                                                                                               00007ffe199e0c50 12 bytes [48, B8, C9, 1F, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\USER32.dll!ShowWindow                                                                                                                                           00007ffe1a3111b0 6 bytes [48, B8, C9, 88, 4A, 64]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\USER32.dll!ShowWindow + 8                                                                                                                                       00007ffe1a3111b8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx                                                                                                                                  00007ffe1a311210 6 bytes [48, B8, 89, 7C, 4A, 64]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8                                                                                                                              00007ffe1a311218 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\USER32.dll!SetWindowPlacement                                                                                                                                   00007ffe1a3113d0 6 bytes [48, B8, 89, 16, 4B, 64]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\USER32.dll!SetWindowPlacement + 8                                                                                                                               00007ffe1a3113d8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\USER32.dll!GetMessageW                                                                                                                                          00007ffe1a312670 12 bytes [48, B8, 09, 6B, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\USER32.dll!PeekMessageW + 1                                                                                                                                     00007ffe1a312991 11 bytes [B8, 89, 6E, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\USER32.dll!CallNextHookEx                                                                                                                                       00007ffe1a312ef0 12 bytes [48, B8, C9, 7A, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\USER32.dll!PostMessageW + 1                                                                                                                                     00007ffe1a3133f1 11 bytes [B8, C9, 29, 4B, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\USER32.dll!GetMessageA + 1                                                                                                                                      00007ffe1a316191 11 bytes [B8, 49, 69, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1                                                                                                                                00007ffe1a316391 4 bytes [B8, 09, 1E, 4A]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 6                                                                                                                                00007ffe1a316396 2 bytes [00, 00]
.text    ...                                                                                                                                                                                                                                             * 2
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\USER32.dll!CreateWindowExW                                                                                                                                      00007ffe1a316d90 7 bytes [48, B8, 49, 85, 4A, 64, 00]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\USER32.dll!CreateWindowExW + 10                                                                                                                                 00007ffe1a316d9a 2 bytes [50, C3]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\USER32.dll!CreateWindowExA                                                                                                                                      00007ffe1a31ab30 7 bytes [48, B8, 09, 87, 4A, 64, 00]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\USER32.dll!CreateWindowExA + 10                                                                                                                                 00007ffe1a31ab3a 2 bytes [50, C3]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\USER32.dll!SetWindowTextW + 1                                                                                                                                   00007ffe1a31ce31 11 bytes [B8, 49, 93, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\USER32.dll!PeekMessageA + 1                                                                                                                                     00007ffe1a31db41 11 bytes [B8, C9, 6C, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1                                                                                                                          00007ffe1a31dec1 11 bytes [B8, 09, 36, 4B, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\USER32.dll!FindWindowW + 1                                                                                                                                      00007ffe1a320e61 4 bytes [B8, 49, AF, 4A]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\USER32.dll!FindWindowW + 6                                                                                                                                      00007ffe1a320e66 2 bytes [00, 00]
.text    ...                                                                                                                                                                                                                                             * 2
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\USER32.dll!SetWinEventHook                                                                                                                                      00007ffe1a327100 12 bytes [48, B8, 09, 3A, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1                                                                                                                    00007ffe1a333ab1 11 bytes [B8, 89, 8A, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\USER32.dll!PostMessageA + 1                                                                                                                                     00007ffe1a335921 11 bytes [B8, 09, 28, 4B, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\USER32.dll!FindWindowExW + 1                                                                                                                                    00007ffe1a337161 11 bytes [B8, 09, B1, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\USER32.dll!FindWindowExA + 1                                                                                                                                    00007ffe1a337691 5 bytes [B8, 89, AD, 4A, 64]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\USER32.dll!FindWindowExA + 9                                                                                                                                    00007ffe1a337699 3 bytes [00, 50, C3]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1                                                                                                                       00007ffe1a3477a1 11 bytes [B8, 49, 8C, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1                                                                                                                                00007ffe1a370f61 8 bytes [B8, 49, 1C, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10                                                                                                                               00007ffe1a370f6a 2 bytes [50, C3]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\USER32.dll!MessageBoxExA + 1                                                                                                                                    00007ffe1a397d01 11 bytes [B8, 09, 8E, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\USER32.dll!MessageBoxExW + 1                                                                                                                                    00007ffe1a397d31 11 bytes [B8, C9, 8F, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\USER32.dll!SetWindowTextA + 1                                                                                                                                   00007ffe1a3a1021 11 bytes [B8, 89, 91, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\USER32.dll!FindWindowA + 1                                                                                                                                      00007ffe1a3a1471 11 bytes [B8, C9, AB, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1                                                                                                                           00007ffe1c1b14a1 5 bytes [B8, 09, 05, 4B, 64]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 7                                                                                                                           00007ffe1c1b14a7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1                                                                                                                                00007ffe1c1b2041 5 bytes [B8, 09, 1A, 4B, 64]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 7                                                                                                                                00007ffe1c1b2047 5 bytes [00, 00, 00, 50, C3]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 1                                                                                                                                  00007ffe1c1b2061 5 bytes [B8, 49, 1F, 4B, 64]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 7                                                                                                                                  00007ffe1c1b2067 5 bytes [00, 00, 00, 50, C3]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1                                                                                                                              00007ffe1c1b2071 5 bytes [B8, 89, 1D, 4B, 64]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 7                                                                                                                              00007ffe1c1b2077 5 bytes [00, 00, 00, 50, C3]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1                                                                                                                                 00007ffe1c1b2091 5 bytes [B8, 09, 21, 4B, 64]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 7                                                                                                                                 00007ffe1c1b2097 5 bytes [00, 00, 00, 50, C3]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1                                                                                                                                 00007ffe1c1b20a1 5 bytes [B8, C9, 1B, 4B, 64]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 7                                                                                                                                 00007ffe1c1b20a7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1                                                                                                                           00007ffe1c1b2201 5 bytes [B8, 49, 03, 4B, 64]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 7                                                                                                                           00007ffe1c1b2207 5 bytes [00, 00, 00, 50, C3]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 1                                                                                                                                    00007ffe1c1e0fc1 5 bytes [B8, C9, 06, 4B, 64]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 7                                                                                                                                    00007ffe1c1e0fc7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1                                                                                                                                   00007ffe1c1e0fd1 5 bytes [B8, 89, 08, 4B, 64]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 7                                                                                                                                   00007ffe1c1e0fd7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                                                                                                     00007ffe1c20dd20 12 bytes [48, B8, C9, 65, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                                                                                                     00007ffe1c20ddb0 12 bytes [48, B8, 89, 67, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 465                                                                                                                                00007ffe19a84101 11 bytes [B8, 89, 39, 4B, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\GDI32.dll!NamedEscape + 1                                                                                                                                       00007ffe19b44bc1 11 bytes [B8, 49, 18, 4B, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                                              00007ffe1c0a47a1 11 bytes [B8, 09, 5D, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                                        00007ffe1c0a4d10 12 bytes [48, B8, C9, 50, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                                        00007ffe1c0aa830 12 bytes [48, B8, 09, 4F, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                                                  00007ffe1c0aae11 11 bytes [B8, 09, 56, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                                               00007ffe1c0aed61 11 bytes [B8, 49, 54, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1                                                                                                                            00007ffe1c0c4021 11 bytes [B8, 49, 5B, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                                                   00007ffe1c0ca1a1 11 bytes [B8, C9, 57, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1                                                                                                                            00007ffe1c0cde41 11 bytes [B8, 89, 59, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                                               00007ffe1c0dddf1 11 bytes [B8, 89, 52, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                                                          00007ffe1a8c1be0 12 bytes [48, B8, C9, 9D, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                                                             00007ffe1a8c2571 11 bytes [B8, 89, 0F, 4B, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                                                          00007ffe1a8c2d61 11 bytes [B8, 89, 9F, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                                                          00007ffe1a8c2ff1 11 bytes [B8, 49, 11, 4B, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\WS2_32.dll!WSASocketW                                                                                                                                           00007ffe1a8c3880 12 bytes [48, B8, 09, 9C, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                                                           00007ffe1a8c3bd1 11 bytes [B8, 49, 0A, 4B, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                                                         00007ffe1a8c4230 12 bytes [48, B8, 09, 80, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\WS2_32.dll!connect                                                                                                                                              00007ffe1a8c5730 12 bytes [48, B8, 49, 62, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW                                                                                                                                       00007ffe1a8c87e0 12 bytes [48, B8, C9, 81, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                                                             00007ffe1a8d42d1 11 bytes [B8, 49, 9A, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                                                       00007ffe1a8d6fe1 11 bytes [B8, C9, 0D, 4B, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\WS2_32.dll!gethostbyname + 1                                                                                                                                    00007ffe1a8e54b1 11 bytes [B8, 89, 83, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[5240] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1                                                                                                                               00007ffe1ac0ae61 11 bytes [B8, 49, 7E, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot                                                                                                                                           00007ffe1a1edb10 12 bytes [48, B8, C9, 34, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\KERNEL32.DLL!Process32NextW                                                                                                                                                     00007ffe1a1ee1f0 12 bytes [48, B8, 89, B4, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1                                                                                                                                                00007ffe1a2834b1 2 bytes [B8, 89]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 4                                                                                                                                                00007ffe1a2834b4 8 bytes [4B, 64, 00, 00, 00, 00, 50, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1                                                                                                                                                    00007ffe1a2aaba1 8 bytes [B8, 09, C6, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10                                                                                                                                                   00007ffe1a2aabaa 2 bytes [50, C3]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1                                                                                                                                          00007ffe1a2aaca1 11 bytes [B8, 49, CB, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\KERNELBASE.dll!CloseHandle                                                                                                                                                      00007ffe199014c0 12 bytes [48, B8, 49, 4D, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                                                                  00007ffe199021d1 11 bytes [B8, 49, A8, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\KERNELBASE.dll!GetProcAddress                                                                                                                                                   00007ffe199042a0 12 bytes [48, B8, 09, AA, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1                                                                                                                                              00007ffe19905f71 11 bytes [B8, 49, D2, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                                                                     00007ffe19906a50 12 bytes [48, B8, 89, 4B, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                                                                   00007ffe199085f1 11 bytes [B8, C9, 49, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1                                                                                                                                               00007ffe19908901 11 bytes [B8, 89, A6, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\KERNELBASE.dll!FindClose + 1                                                                                                                                                    00007ffe19908dc1 11 bytes [B8, 89, 01, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                                                               00007ffe19909331 11 bytes [B8, C9, A4, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1                                                                                                                                                00007ffe1990b861 11 bytes [B8, C9, FF, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW                                                                                                                                           00007ffe1990f400 12 bytes [48, B8, 89, 28, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1                                                                                                                                        00007ffe1991a7b1 11 bytes [B8, 09, CD, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW                                                                                                                                                 00007ffe1991fce0 12 bytes [48, B8, 09, FE, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1                                                                                                                                           00007ffe19936d51 11 bytes [B8, 89, 3D, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1                                                                                                                                                  00007ffe199595f1 8 bytes [B8, C9, C7, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10                                                                                                                                                 00007ffe199595fa 2 bytes [50, C3]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                                                                             00007ffe1997a7e1 11 bytes [B8, 89, C2, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\KERNELBASE.dll!CreateThread                                                                                                                                                     00007ffe1997abf0 12 bytes [48, B8, C9, 3B, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1                                                                                                                                            00007ffe199cf7e1 11 bytes [B8, 49, 70, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1                                                                                                                                            00007ffe199cf861 11 bytes [B8, 09, 72, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA                                                                                                                                                     00007ffe199d0310 12 bytes [48, B8, C9, 73, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW                                                                                                                                                     00007ffe199d0540 12 bytes [48, B8, 89, 75, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread                                                                                                                                               00007ffe199e0c50 12 bytes [48, B8, C9, 1F, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                                                              00007ffe1c0a47a1 11 bytes [B8, 09, 5D, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                                                        00007ffe1c0a4d10 12 bytes [48, B8, C9, 50, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                                                        00007ffe1c0aa830 12 bytes [48, B8, 09, 4F, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                                                                  00007ffe1c0aae11 11 bytes [B8, 09, 56, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                                                               00007ffe1c0aed61 11 bytes [B8, 49, 54, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1                                                                                                                                            00007ffe1c0c4021 11 bytes [B8, 49, 5B, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                                                                   00007ffe1c0ca1a1 11 bytes [B8, C9, 57, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1                                                                                                                                            00007ffe1c0cde41 11 bytes [B8, 89, 59, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                                                               00007ffe1c0dddf1 11 bytes [B8, 89, 52, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                                                                          00007ffe1a8c1be0 12 bytes [48, B8, C9, 9D, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                                                                             00007ffe1a8c2571 11 bytes [B8, 89, 0F, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                                                                          00007ffe1a8c2d61 11 bytes [B8, 89, 9F, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                                                                          00007ffe1a8c2ff1 11 bytes [B8, 49, 11, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\WS2_32.dll!WSASocketW                                                                                                                                                           00007ffe1a8c3880 12 bytes [48, B8, 09, 9C, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                                                                           00007ffe1a8c3bd1 11 bytes [B8, 49, 0A, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                                                                         00007ffe1a8c4230 12 bytes [48, B8, 09, 80, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\WS2_32.dll!connect                                                                                                                                                              00007ffe1a8c5730 12 bytes [48, B8, 49, 62, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW                                                                                                                                                       00007ffe1a8c87e0 12 bytes [48, B8, C9, 81, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                                                                             00007ffe1a8d42d1 11 bytes [B8, 49, 9A, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                                                                       00007ffe1a8d6fe1 11 bytes [B8, C9, 0D, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\WS2_32.dll!gethostbyname + 1                                                                                                                                                    00007ffe1a8e54b1 11 bytes [B8, 89, 83, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\user32.dll!ShowWindow                                                                                                                                                           00007ffe1a3111b0 6 bytes [48, B8, C9, 88, 4A, 64]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\user32.dll!ShowWindow + 8                                                                                                                                                       00007ffe1a3111b8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx                                                                                                                                                  00007ffe1a311210 6 bytes [48, B8, 89, 7C, 4A, 64]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx + 8                                                                                                                                              00007ffe1a311218 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\user32.dll!SetWindowPlacement                                                                                                                                                   00007ffe1a3113d0 6 bytes [48, B8, 89, 16, 4B, 64]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\user32.dll!SetWindowPlacement + 8                                                                                                                                               00007ffe1a3113d8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\user32.dll!GetMessageW                                                                                                                                                          00007ffe1a312670 12 bytes [48, B8, 09, 6B, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\user32.dll!PeekMessageW + 1                                                                                                                                                     00007ffe1a312991 11 bytes [B8, 89, 6E, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\user32.dll!CallNextHookEx                                                                                                                                                       00007ffe1a312ef0 12 bytes [48, B8, C9, 7A, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\user32.dll!PostMessageW + 1                                                                                                                                                     00007ffe1a3133f1 11 bytes [B8, C9, 29, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\user32.dll!GetMessageA + 1                                                                                                                                                      00007ffe1a316191 11 bytes [B8, 49, 69, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW + 1                                                                                                                                                00007ffe1a316391 4 bytes [B8, 09, 1E, 4A]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW + 6                                                                                                                                                00007ffe1a316396 2 bytes [00, 00]
.text    ...                                                                                                                                                                                                                                             * 2
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW                                                                                                                                                      00007ffe1a316d90 7 bytes [48, B8, 49, 85, 4A, 64, 00]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 10                                                                                                                                                 00007ffe1a316d9a 2 bytes [50, C3]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA                                                                                                                                                      00007ffe1a31ab30 7 bytes [48, B8, 09, 87, 4A, 64, 00]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 10                                                                                                                                                 00007ffe1a31ab3a 2 bytes [50, C3]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\user32.dll!SetWindowTextW + 1                                                                                                                                                   00007ffe1a31ce31 11 bytes [B8, 49, 93, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\user32.dll!PeekMessageA + 1                                                                                                                                                     00007ffe1a31db41 11 bytes [B8, C9, 6C, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\user32.dll!UserClientDllInitialize + 1                                                                                                                                          00007ffe1a31dec1 11 bytes [B8, 89, 39, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\user32.dll!FindWindowW + 1                                                                                                                                                      00007ffe1a320e61 4 bytes [B8, 49, AF, 4A]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\user32.dll!FindWindowW + 6                                                                                                                                                      00007ffe1a320e66 2 bytes [00, 00]
.text    ...                                                                                                                                                                                                                                             * 2
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\user32.dll!SetWinEventHook                                                                                                                                                      00007ffe1a327100 12 bytes [48, B8, 09, 3A, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\user32.dll!CreateDialogIndirectParamAorW + 1                                                                                                                                    00007ffe1a333ab1 11 bytes [B8, 89, 8A, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\user32.dll!PostMessageA + 1                                                                                                                                                     00007ffe1a335921 11 bytes [B8, 09, 28, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\user32.dll!FindWindowExW + 1                                                                                                                                                    00007ffe1a337161 11 bytes [B8, 09, B1, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\user32.dll!FindWindowExA + 1                                                                                                                                                    00007ffe1a337691 5 bytes [B8, 89, AD, 4A, 64]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\user32.dll!FindWindowExA + 9                                                                                                                                                    00007ffe1a337699 3 bytes [00, 50, C3]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\user32.dll!DialogBoxIndirectParamAorW + 1                                                                                                                                       00007ffe1a3477a1 11 bytes [B8, 49, 8C, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 1                                                                                                                                                00007ffe1a370f61 8 bytes [B8, 49, 1C, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 10                                                                                                                                               00007ffe1a370f6a 2 bytes [50, C3]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\user32.dll!MessageBoxExA + 1                                                                                                                                                    00007ffe1a397d01 11 bytes [B8, 09, 8E, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\user32.dll!MessageBoxExW + 1                                                                                                                                                    00007ffe1a397d31 11 bytes [B8, C9, 8F, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\user32.dll!SetWindowTextA + 1                                                                                                                                                   00007ffe1a3a1021 11 bytes [B8, 89, 91, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\SYSTEM32\user32.dll!FindWindowA + 1                                                                                                                                                      00007ffe1a3a1471 11 bytes [B8, C9, AB, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 465                                                                                                                                                00007ffe19a84101 11 bytes [B8, 49, 3B, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\GDI32.dll!NamedEscape + 1                                                                                                                                                       00007ffe19b44bc1 11 bytes [B8, 49, 18, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1                                                                                                                                           00007ffe1c1b14a1 5 bytes [B8, 09, 05, 4B, 64]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 7                                                                                                                                           00007ffe1c1b14a7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1                                                                                                                                                00007ffe1c1b2041 5 bytes [B8, 09, 1A, 4B, 64]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 7                                                                                                                                                00007ffe1c1b2047 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 1                                                                                                                                                  00007ffe1c1b2061 5 bytes [B8, 49, 1F, 4B, 64]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 7                                                                                                                                                  00007ffe1c1b2067 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1                                                                                                                                              00007ffe1c1b2071 5 bytes [B8, 89, 1D, 4B, 64]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 7                                                                                                                                              00007ffe1c1b2077 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1                                                                                                                                                 00007ffe1c1b2091 5 bytes [B8, 09, 21, 4B, 64]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 7                                                                                                                                                 00007ffe1c1b2097 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1                                                                                                                                                 00007ffe1c1b20a1 5 bytes [B8, C9, 1B, 4B, 64]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 7                                                                                                                                                 00007ffe1c1b20a7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1                                                                                                                                           00007ffe1c1b2201 5 bytes [B8, 49, 03, 4B, 64]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 7                                                                                                                                           00007ffe1c1b2207 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 1                                                                                                                                                    00007ffe1c1e0fc1 5 bytes [B8, C9, 06, 4B, 64]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 7                                                                                                                                                    00007ffe1c1e0fc7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1                                                                                                                                                   00007ffe1c1e0fd1 5 bytes [B8, 89, 08, 4B, 64]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 7                                                                                                                                                   00007ffe1c1e0fd7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                                                                                                                     00007ffe1c20dd20 12 bytes [48, B8, C9, 65, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                                                                                                                     00007ffe1c20ddb0 12 bytes [48, B8, 89, 67, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5316] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1                                                                                                                                               00007ffe1ac0ae61 11 bytes [B8, 49, 7E, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot                                                                                                                            00007ffe1a1edb10 12 bytes [48, B8, C9, 34, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\KERNEL32.DLL!Process32NextW                                                                                                                                      00007ffe1a1ee1f0 12 bytes [48, B8, 89, B4, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1                                                                                                                                 00007ffe1a2834b1 2 bytes [B8, 89]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 4                                                                                                                                 00007ffe1a2834b4 8 bytes [4B, 64, 00, 00, 00, 00, 50, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1                                                                                                                                     00007ffe1a2aaba1 8 bytes [B8, 09, C6, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10                                                                                                                                    00007ffe1a2aabaa 2 bytes [50, C3]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1                                                                                                                           00007ffe1a2aaca1 11 bytes [B8, 49, CB, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\KERNELBASE.dll!CloseHandle                                                                                                                                       00007ffe199014c0 12 bytes [48, B8, 49, 4D, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                                                   00007ffe199021d1 11 bytes [B8, 49, A8, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\KERNELBASE.dll!GetProcAddress                                                                                                                                    00007ffe199042a0 12 bytes [48, B8, 09, AA, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1                                                                                                                               00007ffe19905f71 11 bytes [B8, 49, D2, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                                                      00007ffe19906a50 12 bytes [48, B8, 89, 4B, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                                                    00007ffe199085f1 11 bytes [B8, C9, 49, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1                                                                                                                                00007ffe19908901 11 bytes [B8, 89, A6, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\KERNELBASE.dll!FindClose + 1                                                                                                                                     00007ffe19908dc1 11 bytes [B8, 89, 01, 4B, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                                                00007ffe19909331 11 bytes [B8, C9, A4, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1                                                                                                                                 00007ffe1990b861 11 bytes [B8, C9, FF, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW                                                                                                                            00007ffe1990f400 12 bytes [48, B8, 89, 28, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1                                                                                                                         00007ffe1991a7b1 11 bytes [B8, 09, CD, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW                                                                                                                                  00007ffe1991fce0 12 bytes [48, B8, 09, FE, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1                                                                                                                            00007ffe19936d51 11 bytes [B8, 89, 3D, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1                                                                                                                                   00007ffe199595f1 8 bytes [B8, C9, C7, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10                                                                                                                                  00007ffe199595fa 2 bytes [50, C3]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                                                              00007ffe1997a7e1 11 bytes [B8, 89, C2, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\KERNELBASE.dll!CreateThread                                                                                                                                      00007ffe1997abf0 12 bytes [48, B8, C9, 3B, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1                                                                                                                             00007ffe199cf7e1 11 bytes [B8, 49, 70, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1                                                                                                                             00007ffe199cf861 11 bytes [B8, 09, 72, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA                                                                                                                                      00007ffe199d0310 12 bytes [48, B8, C9, 73, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW                                                                                                                                      00007ffe199d0540 12 bytes [48, B8, 89, 75, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread                                                                                                                                00007ffe199e0c50 12 bytes [48, B8, C9, 1F, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\USER32.dll!ShowWindow                                                                                                                                            00007ffe1a3111b0 6 bytes [48, B8, C9, 88, 4A, 64]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\USER32.dll!ShowWindow + 8                                                                                                                                        00007ffe1a3111b8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx                                                                                                                                   00007ffe1a311210 6 bytes [48, B8, 89, 7C, 4A, 64]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8                                                                                                                               00007ffe1a311218 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\USER32.dll!SetWindowPlacement                                                                                                                                    00007ffe1a3113d0 6 bytes [48, B8, 89, 16, 4B, 64]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\USER32.dll!SetWindowPlacement + 8                                                                                                                                00007ffe1a3113d8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\USER32.dll!GetMessageW                                                                                                                                           00007ffe1a312670 12 bytes [48, B8, 09, 6B, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\USER32.dll!PeekMessageW + 1                                                                                                                                      00007ffe1a312991 11 bytes [B8, 89, 6E, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\USER32.dll!CallNextHookEx                                                                                                                                        00007ffe1a312ef0 12 bytes [48, B8, C9, 7A, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\USER32.dll!PostMessageW + 1                                                                                                                                      00007ffe1a3133f1 11 bytes [B8, C9, 29, 4B, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\USER32.dll!GetMessageA + 1                                                                                                                                       00007ffe1a316191 11 bytes [B8, 49, 69, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1                                                                                                                                 00007ffe1a316391 4 bytes [B8, 09, 1E, 4A]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 6                                                                                                                                 00007ffe1a316396 2 bytes [00, 00]
.text    ...                                                                                                                                                                                                                                             * 2
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\USER32.dll!CreateWindowExW                                                                                                                                       00007ffe1a316d90 7 bytes [48, B8, 49, 85, 4A, 64, 00]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\USER32.dll!CreateWindowExW + 10                                                                                                                                  00007ffe1a316d9a 2 bytes [50, C3]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\USER32.dll!CreateWindowExA                                                                                                                                       00007ffe1a31ab30 7 bytes [48, B8, 09, 87, 4A, 64, 00]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\USER32.dll!CreateWindowExA + 10                                                                                                                                  00007ffe1a31ab3a 2 bytes [50, C3]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\USER32.dll!SetWindowTextW + 1                                                                                                                                    00007ffe1a31ce31 11 bytes [B8, 49, 93, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\USER32.dll!PeekMessageA + 1                                                                                                                                      00007ffe1a31db41 11 bytes [B8, C9, 6C, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1                                                                                                                           00007ffe1a31dec1 11 bytes [B8, 09, 36, 4B, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\USER32.dll!FindWindowW + 1                                                                                                                                       00007ffe1a320e61 4 bytes [B8, 49, AF, 4A]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\USER32.dll!FindWindowW + 6                                                                                                                                       00007ffe1a320e66 2 bytes [00, 00]
.text    ...                                                                                                                                                                                                                                             * 2
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\USER32.dll!SetWinEventHook                                                                                                                                       00007ffe1a327100 12 bytes [48, B8, 09, 3A, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1                                                                                                                     00007ffe1a333ab1 11 bytes [B8, 89, 8A, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\USER32.dll!PostMessageA + 1                                                                                                                                      00007ffe1a335921 11 bytes [B8, 09, 28, 4B, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\USER32.dll!FindWindowExW + 1                                                                                                                                     00007ffe1a337161 11 bytes [B8, 09, B1, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\USER32.dll!FindWindowExA + 1                                                                                                                                     00007ffe1a337691 5 bytes [B8, 89, AD, 4A, 64]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\USER32.dll!FindWindowExA + 9                                                                                                                                     00007ffe1a337699 3 bytes [00, 50, C3]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1                                                                                                                        00007ffe1a3477a1 11 bytes [B8, 49, 8C, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1                                                                                                                                 00007ffe1a370f61 8 bytes [B8, 49, 1C, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10                                                                                                                                00007ffe1a370f6a 2 bytes [50, C3]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\USER32.dll!MessageBoxExA + 1                                                                                                                                     00007ffe1a397d01 11 bytes [B8, 09, 8E, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\USER32.dll!MessageBoxExW + 1                                                                                                                                     00007ffe1a397d31 11 bytes [B8, C9, 8F, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\USER32.dll!SetWindowTextA + 1                                                                                                                                    00007ffe1a3a1021 11 bytes [B8, 89, 91, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\USER32.dll!FindWindowA + 1                                                                                                                                       00007ffe1a3a1471 11 bytes [B8, C9, AB, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1                                                                                                                            00007ffe1c1b14a1 5 bytes [B8, 09, 05, 4B, 64]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 7                                                                                                                            00007ffe1c1b14a7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1                                                                                                                                 00007ffe1c1b2041 5 bytes [B8, 09, 1A, 4B, 64]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 7                                                                                                                                 00007ffe1c1b2047 5 bytes [00, 00, 00, 50, C3]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 1                                                                                                                                   00007ffe1c1b2061 5 bytes [B8, 49, 1F, 4B, 64]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 7                                                                                                                                   00007ffe1c1b2067 5 bytes [00, 00, 00, 50, C3]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1                                                                                                                               00007ffe1c1b2071 5 bytes [B8, 89, 1D, 4B, 64]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 7                                                                                                                               00007ffe1c1b2077 5 bytes [00, 00, 00, 50, C3]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1                                                                                                                                  00007ffe1c1b2091 5 bytes [B8, 09, 21, 4B, 64]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 7                                                                                                                                  00007ffe1c1b2097 5 bytes [00, 00, 00, 50, C3]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1                                                                                                                                  00007ffe1c1b20a1 5 bytes [B8, C9, 1B, 4B, 64]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 7                                                                                                                                  00007ffe1c1b20a7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1                                                                                                                            00007ffe1c1b2201 5 bytes [B8, 49, 03, 4B, 64]
         

Alt 03.12.2015, 23:33   #5
Renate1966
 
Watch4 - Google Chrome - Windows 8.1 - Standard

Watch4 - Google Chrome - Windows 8.1



Code:
ATTFilter
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 7                                                                                                                            00007ffe1c1b2207 5 bytes [00, 00, 00, 50, C3]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 1                                                                                                                                     00007ffe1c1e0fc1 5 bytes [B8, C9, 06, 4B, 64]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 7                                                                                                                                     00007ffe1c1e0fc7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1                                                                                                                                    00007ffe1c1e0fd1 5 bytes [B8, 89, 08, 4B, 64]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 7                                                                                                                                    00007ffe1c1e0fd7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                                                                                                      00007ffe1c20dd20 12 bytes [48, B8, C9, 65, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                                                                                                      00007ffe1c20ddb0 12 bytes [48, B8, 89, 67, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1                                                                                                                                00007ffe1ac0ae61 11 bytes [B8, 49, 7E, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                                               00007ffe1c0a47a1 11 bytes [B8, 09, 5D, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                                         00007ffe1c0a4d10 12 bytes [48, B8, C9, 50, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                                         00007ffe1c0aa830 12 bytes [48, B8, 09, 4F, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                                                   00007ffe1c0aae11 11 bytes [B8, 09, 56, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                                                00007ffe1c0aed61 11 bytes [B8, 49, 54, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1                                                                                                                             00007ffe1c0c4021 11 bytes [B8, 49, 5B, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                                                    00007ffe1c0ca1a1 11 bytes [B8, C9, 57, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1                                                                                                                             00007ffe1c0cde41 11 bytes [B8, 89, 59, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe[5436] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                                                00007ffe1c0dddf1 11 bytes [B8, 89, 52, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot                                                                                                                             00007ffe1a1edb10 12 bytes [48, B8, C9, 34, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\KERNEL32.DLL!Process32NextW                                                                                                                                       00007ffe1a1ee1f0 12 bytes [48, B8, 89, B4, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1                                                                                                                                  00007ffe1a2834b1 2 bytes [B8, 89]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 4                                                                                                                                  00007ffe1a2834b4 8 bytes [4B, 64, 00, 00, 00, 00, 50, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1                                                                                                                                      00007ffe1a2aaba1 8 bytes [B8, 09, C6, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10                                                                                                                                     00007ffe1a2aabaa 2 bytes [50, C3]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1                                                                                                                            00007ffe1a2aaca1 11 bytes [B8, 49, CB, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\KERNELBASE.dll!CloseHandle                                                                                                                                        00007ffe199014c0 12 bytes [48, B8, 49, 4D, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                                                    00007ffe199021d1 11 bytes [B8, 49, A8, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\KERNELBASE.dll!GetProcAddress                                                                                                                                     00007ffe199042a0 12 bytes [48, B8, 09, AA, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1                                                                                                                                00007ffe19905f71 11 bytes [B8, 49, D2, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                                                       00007ffe19906a50 12 bytes [48, B8, 89, 4B, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                                                     00007ffe199085f1 11 bytes [B8, C9, 49, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1                                                                                                                                 00007ffe19908901 11 bytes [B8, 89, A6, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\KERNELBASE.dll!FindClose + 1                                                                                                                                      00007ffe19908dc1 11 bytes [B8, 89, 01, 4B, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                                                 00007ffe19909331 11 bytes [B8, C9, A4, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1                                                                                                                                  00007ffe1990b861 11 bytes [B8, C9, FF, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW                                                                                                                             00007ffe1990f400 12 bytes [48, B8, 89, 28, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1                                                                                                                          00007ffe1991a7b1 11 bytes [B8, 09, CD, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW                                                                                                                                   00007ffe1991fce0 12 bytes [48, B8, 09, FE, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1                                                                                                                             00007ffe19936d51 11 bytes [B8, 89, 3D, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1                                                                                                                                    00007ffe199595f1 8 bytes [B8, C9, C7, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10                                                                                                                                   00007ffe199595fa 2 bytes [50, C3]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                                                               00007ffe1997a7e1 11 bytes [B8, 89, C2, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\KERNELBASE.dll!CreateThread                                                                                                                                       00007ffe1997abf0 12 bytes [48, B8, C9, 3B, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1                                                                                                                              00007ffe199cf7e1 11 bytes [B8, 49, 70, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1                                                                                                                              00007ffe199cf861 11 bytes [B8, 09, 72, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA                                                                                                                                       00007ffe199d0310 12 bytes [48, B8, C9, 73, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW                                                                                                                                       00007ffe199d0540 12 bytes [48, B8, 89, 75, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread                                                                                                                                 00007ffe199e0c50 12 bytes [48, B8, C9, 1F, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\USER32.dll!ShowWindow                                                                                                                                             00007ffe1a3111b0 6 bytes [48, B8, C9, 88, 4A, 64]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\USER32.dll!ShowWindow + 8                                                                                                                                         00007ffe1a3111b8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx                                                                                                                                    00007ffe1a311210 6 bytes [48, B8, 89, 7C, 4A, 64]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8                                                                                                                                00007ffe1a311218 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\USER32.dll!SetWindowPlacement                                                                                                                                     00007ffe1a3113d0 6 bytes [48, B8, 89, 16, 4B, 64]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\USER32.dll!SetWindowPlacement + 8                                                                                                                                 00007ffe1a3113d8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\USER32.dll!GetMessageW                                                                                                                                            00007ffe1a312670 12 bytes [48, B8, 09, 6B, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\USER32.dll!PeekMessageW + 1                                                                                                                                       00007ffe1a312991 11 bytes [B8, 89, 6E, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\USER32.dll!CallNextHookEx                                                                                                                                         00007ffe1a312ef0 12 bytes [48, B8, C9, 7A, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\USER32.dll!PostMessageW + 1                                                                                                                                       00007ffe1a3133f1 11 bytes [B8, C9, 29, 4B, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\USER32.dll!GetMessageA + 1                                                                                                                                        00007ffe1a316191 11 bytes [B8, 49, 69, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1                                                                                                                                  00007ffe1a316391 4 bytes [B8, 09, 1E, 4A]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 6                                                                                                                                  00007ffe1a316396 2 bytes [00, 00]
.text    ...                                                                                                                                                                                                                                             * 2
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\USER32.dll!CreateWindowExW                                                                                                                                        00007ffe1a316d90 7 bytes [48, B8, 49, 85, 4A, 64, 00]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\USER32.dll!CreateWindowExW + 10                                                                                                                                   00007ffe1a316d9a 2 bytes [50, C3]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\USER32.dll!CreateWindowExA                                                                                                                                        00007ffe1a31ab30 7 bytes [48, B8, 09, 87, 4A, 64, 00]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\USER32.dll!CreateWindowExA + 10                                                                                                                                   00007ffe1a31ab3a 2 bytes [50, C3]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\USER32.dll!SetWindowTextW + 1                                                                                                                                     00007ffe1a31ce31 11 bytes [B8, 49, 93, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\USER32.dll!PeekMessageA + 1                                                                                                                                       00007ffe1a31db41 11 bytes [B8, C9, 6C, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1                                                                                                                            00007ffe1a31dec1 11 bytes [B8, 09, 36, 4B, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\USER32.dll!FindWindowW + 1                                                                                                                                        00007ffe1a320e61 4 bytes [B8, 49, AF, 4A]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\USER32.dll!FindWindowW + 6                                                                                                                                        00007ffe1a320e66 2 bytes [00, 00]
.text    ...                                                                                                                                                                                                                                             * 2
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\USER32.dll!SetWinEventHook                                                                                                                                        00007ffe1a327100 12 bytes [48, B8, 09, 3A, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1                                                                                                                      00007ffe1a333ab1 11 bytes [B8, 89, 8A, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\USER32.dll!PostMessageA + 1                                                                                                                                       00007ffe1a335921 11 bytes [B8, 09, 28, 4B, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\USER32.dll!FindWindowExW + 1                                                                                                                                      00007ffe1a337161 11 bytes [B8, 09, B1, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\USER32.dll!FindWindowExA + 1                                                                                                                                      00007ffe1a337691 5 bytes [B8, 89, AD, 4A, 64]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\USER32.dll!FindWindowExA + 9                                                                                                                                      00007ffe1a337699 3 bytes [00, 50, C3]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1                                                                                                                         00007ffe1a3477a1 11 bytes [B8, 49, 8C, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1                                                                                                                                  00007ffe1a370f61 8 bytes [B8, 49, 1C, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10                                                                                                                                 00007ffe1a370f6a 2 bytes [50, C3]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\USER32.dll!MessageBoxExA + 1                                                                                                                                      00007ffe1a397d01 11 bytes [B8, 09, 8E, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\USER32.dll!MessageBoxExW + 1                                                                                                                                      00007ffe1a397d31 11 bytes [B8, C9, 8F, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\USER32.dll!SetWindowTextA + 1                                                                                                                                     00007ffe1a3a1021 11 bytes [B8, 89, 91, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\USER32.dll!FindWindowA + 1                                                                                                                                        00007ffe1a3a1471 11 bytes [B8, C9, AB, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1                                                                                                                             00007ffe1c1b14a1 5 bytes [B8, 09, 05, 4B, 64]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 7                                                                                                                             00007ffe1c1b14a7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1                                                                                                                                  00007ffe1c1b2041 5 bytes [B8, 09, 1A, 4B, 64]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 7                                                                                                                                  00007ffe1c1b2047 5 bytes [00, 00, 00, 50, C3]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 1                                                                                                                                    00007ffe1c1b2061 5 bytes [B8, 49, 1F, 4B, 64]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 7                                                                                                                                    00007ffe1c1b2067 5 bytes [00, 00, 00, 50, C3]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1                                                                                                                                00007ffe1c1b2071 5 bytes [B8, 89, 1D, 4B, 64]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 7                                                                                                                                00007ffe1c1b2077 5 bytes [00, 00, 00, 50, C3]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1                                                                                                                                   00007ffe1c1b2091 5 bytes [B8, 09, 21, 4B, 64]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 7                                                                                                                                   00007ffe1c1b2097 5 bytes [00, 00, 00, 50, C3]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1                                                                                                                                   00007ffe1c1b20a1 5 bytes [B8, C9, 1B, 4B, 64]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 7                                                                                                                                   00007ffe1c1b20a7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1                                                                                                                             00007ffe1c1b2201 5 bytes [B8, 49, 03, 4B, 64]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 7                                                                                                                             00007ffe1c1b2207 5 bytes [00, 00, 00, 50, C3]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 1                                                                                                                                      00007ffe1c1e0fc1 5 bytes [B8, C9, 06, 4B, 64]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 7                                                                                                                                      00007ffe1c1e0fc7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1                                                                                                                                     00007ffe1c1e0fd1 5 bytes [B8, 89, 08, 4B, 64]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 7                                                                                                                                     00007ffe1c1e0fd7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                                                                                                       00007ffe1c20dd20 12 bytes [48, B8, C9, 65, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                                                                                                       00007ffe1c20ddb0 12 bytes [48, B8, 89, 67, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 465                                                                                                                                  00007ffe19a84101 11 bytes [B8, 89, 39, 4B, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\GDI32.dll!NamedEscape + 1                                                                                                                                         00007ffe19b44bc1 11 bytes [B8, 49, 18, 4B, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                                                00007ffe1c0a47a1 11 bytes [B8, 09, 5D, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                                          00007ffe1c0a4d10 12 bytes [48, B8, C9, 50, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                                          00007ffe1c0aa830 12 bytes [48, B8, 09, 4F, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                                                    00007ffe1c0aae11 11 bytes [B8, 09, 56, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                                                 00007ffe1c0aed61 11 bytes [B8, 49, 54, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1                                                                                                                              00007ffe1c0c4021 11 bytes [B8, 49, 5B, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                                                     00007ffe1c0ca1a1 11 bytes [B8, C9, 57, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1                                                                                                                              00007ffe1c0cde41 11 bytes [B8, 89, 59, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                                                 00007ffe1c0dddf1 11 bytes [B8, 89, 52, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                                                            00007ffe1a8c1be0 12 bytes [48, B8, C9, 9D, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                                                               00007ffe1a8c2571 11 bytes [B8, 89, 0F, 4B, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                                                            00007ffe1a8c2d61 11 bytes [B8, 89, 9F, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                                                            00007ffe1a8c2ff1 11 bytes [B8, 49, 11, 4B, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\WS2_32.dll!WSASocketW                                                                                                                                             00007ffe1a8c3880 12 bytes [48, B8, 09, 9C, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                                                             00007ffe1a8c3bd1 11 bytes [B8, 49, 0A, 4B, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                                                           00007ffe1a8c4230 12 bytes [48, B8, 09, 80, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\WS2_32.dll!connect                                                                                                                                                00007ffe1a8c5730 12 bytes [48, B8, 49, 62, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW                                                                                                                                         00007ffe1a8c87e0 12 bytes [48, B8, C9, 81, 4A, 64, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                                                               00007ffe1a8d42d1 11 bytes [B8, 49, 9A, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                                                         00007ffe1a8d6fe1 11 bytes [B8, C9, 0D, 4B, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\WS2_32.dll!gethostbyname + 1                                                                                                                                      00007ffe1a8e54b1 11 bytes [B8, 89, 83, 4A, 64, 00, 00, ...]
.text    C:\Program Files\Acer\Acer Quick Access\QAEvent.exe[5492] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1                                                                                                                                 00007ffe1ac0ae61 11 bytes [B8, 49, 7E, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot                                                                                                                                           00007ffe1a1edb10 12 bytes [48, B8, C9, 34, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\KERNEL32.DLL!Process32NextW                                                                                                                                                     00007ffe1a1ee1f0 12 bytes [48, B8, 89, B4, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1                                                                                                                                                00007ffe1a2834b1 2 bytes [B8, 89]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 4                                                                                                                                                00007ffe1a2834b4 8 bytes [4B, 64, 00, 00, 00, 00, 50, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1                                                                                                                                                    00007ffe1a2aaba1 8 bytes [B8, 09, C6, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10                                                                                                                                                   00007ffe1a2aabaa 2 bytes [50, C3]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1                                                                                                                                          00007ffe1a2aaca1 11 bytes [B8, 49, CB, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\KERNELBASE.dll!CloseHandle                                                                                                                                                      00007ffe199014c0 12 bytes [48, B8, 49, 4D, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                                                                  00007ffe199021d1 11 bytes [B8, 49, A8, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\KERNELBASE.dll!GetProcAddress                                                                                                                                                   00007ffe199042a0 12 bytes [48, B8, 09, AA, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1                                                                                                                                              00007ffe19905f71 11 bytes [B8, 49, D2, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                                                                     00007ffe19906a50 12 bytes [48, B8, 89, 4B, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                                                                   00007ffe199085f1 11 bytes [B8, C9, 49, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1                                                                                                                                               00007ffe19908901 11 bytes [B8, 89, A6, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\KERNELBASE.dll!FindClose + 1                                                                                                                                                    00007ffe19908dc1 11 bytes [B8, 89, 01, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                                                               00007ffe19909331 11 bytes [B8, C9, A4, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1                                                                                                                                                00007ffe1990b861 11 bytes [B8, C9, FF, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW                                                                                                                                           00007ffe1990f400 12 bytes [48, B8, 89, 28, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1                                                                                                                                        00007ffe1991a7b1 11 bytes [B8, 09, CD, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW                                                                                                                                                 00007ffe1991fce0 12 bytes [48, B8, 09, FE, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1                                                                                                                                           00007ffe19936d51 11 bytes [B8, 89, 3D, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1                                                                                                                                                  00007ffe199595f1 8 bytes [B8, C9, C7, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10                                                                                                                                                 00007ffe199595fa 2 bytes [50, C3]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                                                                             00007ffe1997a7e1 11 bytes [B8, 89, C2, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\KERNELBASE.dll!CreateThread                                                                                                                                                     00007ffe1997abf0 12 bytes [48, B8, C9, 3B, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1                                                                                                                                            00007ffe199cf7e1 11 bytes [B8, 49, 70, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1                                                                                                                                            00007ffe199cf861 11 bytes [B8, 09, 72, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA                                                                                                                                                     00007ffe199d0310 12 bytes [48, B8, C9, 73, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW                                                                                                                                                     00007ffe199d0540 12 bytes [48, B8, 89, 75, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread                                                                                                                                               00007ffe199e0c50 12 bytes [48, B8, C9, 1F, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                                                              00007ffe1c0a47a1 11 bytes [B8, 09, 5D, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                                                        00007ffe1c0a4d10 12 bytes [48, B8, C9, 50, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                                                        00007ffe1c0aa830 12 bytes [48, B8, 09, 4F, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                                                                  00007ffe1c0aae11 11 bytes [B8, 09, 56, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                                                               00007ffe1c0aed61 11 bytes [B8, 49, 54, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1                                                                                                                                            00007ffe1c0c4021 11 bytes [B8, 49, 5B, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                                                                   00007ffe1c0ca1a1 11 bytes [B8, C9, 57, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1                                                                                                                                            00007ffe1c0cde41 11 bytes [B8, 89, 59, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                                                               00007ffe1c0dddf1 11 bytes [B8, 89, 52, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                                                                          00007ffe1a8c1be0 12 bytes [48, B8, C9, 9D, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                                                                             00007ffe1a8c2571 11 bytes [B8, 89, 0F, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                                                                          00007ffe1a8c2d61 11 bytes [B8, 89, 9F, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                                                                          00007ffe1a8c2ff1 11 bytes [B8, 49, 11, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\WS2_32.dll!WSASocketW                                                                                                                                                           00007ffe1a8c3880 12 bytes [48, B8, 09, 9C, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                                                                           00007ffe1a8c3bd1 11 bytes [B8, 49, 0A, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                                                                         00007ffe1a8c4230 12 bytes [48, B8, 09, 80, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\WS2_32.dll!connect                                                                                                                                                              00007ffe1a8c5730 12 bytes [48, B8, 49, 62, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW                                                                                                                                                       00007ffe1a8c87e0 12 bytes [48, B8, C9, 81, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                                                                             00007ffe1a8d42d1 11 bytes [B8, 49, 9A, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                                                                       00007ffe1a8d6fe1 11 bytes [B8, C9, 0D, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\WS2_32.dll!gethostbyname + 1                                                                                                                                                    00007ffe1a8e54b1 11 bytes [B8, 89, 83, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\user32.dll!ShowWindow                                                                                                                                                           00007ffe1a3111b0 6 bytes [48, B8, C9, 88, 4A, 64]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\user32.dll!ShowWindow + 8                                                                                                                                                       00007ffe1a3111b8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx                                                                                                                                                  00007ffe1a311210 6 bytes [48, B8, 89, 7C, 4A, 64]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx + 8                                                                                                                                              00007ffe1a311218 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\user32.dll!SetWindowPlacement                                                                                                                                                   00007ffe1a3113d0 6 bytes [48, B8, 89, 16, 4B, 64]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\user32.dll!SetWindowPlacement + 8                                                                                                                                               00007ffe1a3113d8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\user32.dll!GetMessageW                                                                                                                                                          00007ffe1a312670 12 bytes [48, B8, 09, 6B, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\user32.dll!PeekMessageW + 1                                                                                                                                                     00007ffe1a312991 11 bytes [B8, 89, 6E, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\user32.dll!CallNextHookEx                                                                                                                                                       00007ffe1a312ef0 12 bytes [48, B8, C9, 7A, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\user32.dll!PostMessageW + 1                                                                                                                                                     00007ffe1a3133f1 11 bytes [B8, C9, 29, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\user32.dll!GetMessageA + 1                                                                                                                                                      00007ffe1a316191 11 bytes [B8, 49, 69, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW + 1                                                                                                                                                00007ffe1a316391 4 bytes [B8, 09, 1E, 4A]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW + 6                                                                                                                                                00007ffe1a316396 2 bytes [00, 00]
.text    ...                                                                                                                                                                                                                                             * 2
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW                                                                                                                                                      00007ffe1a316d90 7 bytes [48, B8, 49, 85, 4A, 64, 00]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 10                                                                                                                                                 00007ffe1a316d9a 2 bytes [50, C3]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA                                                                                                                                                      00007ffe1a31ab30 7 bytes [48, B8, 09, 87, 4A, 64, 00]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 10                                                                                                                                                 00007ffe1a31ab3a 2 bytes [50, C3]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\user32.dll!SetWindowTextW + 1                                                                                                                                                   00007ffe1a31ce31 11 bytes [B8, 49, 93, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\user32.dll!PeekMessageA + 1                                                                                                                                                     00007ffe1a31db41 11 bytes [B8, C9, 6C, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\user32.dll!UserClientDllInitialize + 1                                                                                                                                          00007ffe1a31dec1 11 bytes [B8, 89, 39, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\user32.dll!FindWindowW + 1                                                                                                                                                      00007ffe1a320e61 4 bytes [B8, 49, AF, 4A]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\user32.dll!FindWindowW + 6                                                                                                                                                      00007ffe1a320e66 2 bytes [00, 00]
.text    ...                                                                                                                                                                                                                                             * 2
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\user32.dll!SetWinEventHook                                                                                                                                                      00007ffe1a327100 12 bytes [48, B8, 09, 3A, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\user32.dll!CreateDialogIndirectParamAorW + 1                                                                                                                                    00007ffe1a333ab1 11 bytes [B8, 89, 8A, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\user32.dll!PostMessageA + 1                                                                                                                                                     00007ffe1a335921 11 bytes [B8, 09, 28, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\user32.dll!FindWindowExW + 1                                                                                                                                                    00007ffe1a337161 11 bytes [B8, 09, B1, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\user32.dll!FindWindowExA + 1                                                                                                                                                    00007ffe1a337691 5 bytes [B8, 89, AD, 4A, 64]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\user32.dll!FindWindowExA + 9                                                                                                                                                    00007ffe1a337699 3 bytes [00, 50, C3]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\user32.dll!DialogBoxIndirectParamAorW + 1                                                                                                                                       00007ffe1a3477a1 11 bytes [B8, 49, 8C, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 1                                                                                                                                                00007ffe1a370f61 8 bytes [B8, 49, 1C, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 10                                                                                                                                               00007ffe1a370f6a 2 bytes [50, C3]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\user32.dll!MessageBoxExA + 1                                                                                                                                                    00007ffe1a397d01 11 bytes [B8, 09, 8E, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\user32.dll!MessageBoxExW + 1                                                                                                                                                    00007ffe1a397d31 11 bytes [B8, C9, 8F, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\user32.dll!SetWindowTextA + 1                                                                                                                                                   00007ffe1a3a1021 11 bytes [B8, 89, 91, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\SYSTEM32\user32.dll!FindWindowA + 1                                                                                                                                                      00007ffe1a3a1471 11 bytes [B8, C9, AB, 4A, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 465                                                                                                                                                00007ffe19a84101 11 bytes [B8, 49, 3B, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\GDI32.dll!NamedEscape + 1                                                                                                                                                       00007ffe19b44bc1 11 bytes [B8, 49, 18, 4B, 64, 00, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1                                                                                                                                           00007ffe1c1b14a1 5 bytes [B8, 09, 05, 4B, 64]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 7                                                                                                                                           00007ffe1c1b14a7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1                                                                                                                                                00007ffe1c1b2041 5 bytes [B8, 09, 1A, 4B, 64]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 7                                                                                                                                                00007ffe1c1b2047 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 1                                                                                                                                                  00007ffe1c1b2061 5 bytes [B8, 49, 1F, 4B, 64]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 7                                                                                                                                                  00007ffe1c1b2067 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1                                                                                                                                              00007ffe1c1b2071 5 bytes [B8, 89, 1D, 4B, 64]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 7                                                                                                                                              00007ffe1c1b2077 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1                                                                                                                                                 00007ffe1c1b2091 5 bytes [B8, 09, 21, 4B, 64]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 7                                                                                                                                                 00007ffe1c1b2097 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1                                                                                                                                                 00007ffe1c1b20a1 5 bytes [B8, C9, 1B, 4B, 64]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 7                                                                                                                                                 00007ffe1c1b20a7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1                                                                                                                                           00007ffe1c1b2201 5 bytes [B8, 49, 03, 4B, 64]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 7                                                                                                                                           00007ffe1c1b2207 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 1                                                                                                                                                    00007ffe1c1e0fc1 5 bytes [B8, C9, 06, 4B, 64]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 7                                                                                                                                                    00007ffe1c1e0fc7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1                                                                                                                                                   00007ffe1c1e0fd1 5 bytes [B8, 89, 08, 4B, 64]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 7                                                                                                                                                   00007ffe1c1e0fd7 5 bytes [00, 00, 00, 50, C3]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                                                                                                                     00007ffe1c20dd20 12 bytes [48, B8, C9, 65, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                                                                                                                     00007ffe1c20ddb0 12 bytes [48, B8, 89, 67, 4A, 64, 00, ...]
.text    C:\Windows\system32\wbem\unsecapp.exe[5524] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1                                                                                                                                               00007ffe1ac0ae61 11 bytes [B8, 49, 7E, 4A, 64, 00, 00, ...]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot                                                                                                            00007ffe1a1edb10 12 bytes [48, B8, C9, 34, 4A, 64, 00, ...]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\KERNEL32.DLL!Process32NextW                                                                                                                      00007ffe1a1ee1f0 12 bytes [48, B8, 89, D0, 4A, 64, 00, ...]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\KERNEL32.DLL!SetFileCompletionNotificationModes                                                                                                  00007ffe1a1efc50 14 bytes {JMP QWORD [RIP+0x0]}
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1                                                                                                                 00007ffe1a2834b1 11 bytes [B8, 89, 40, 4B, 64, 00, 00, ...]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1                                                                                                                     00007ffe1a2aaba1 8 bytes [B8, 09, E2, 4A, 64, 00, 00, ...]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10                                                                                                                    00007ffe1a2aabaa 2 bytes [50, C3]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1                                                                                                           00007ffe1a2aaca1 11 bytes [B8, 49, E7, 4A, 64, 00, 00, ...]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\KERNELBASE.dll!CloseHandle                                                                                                                       00007ffe199014c0 12 bytes [48, B8, 49, 4D, 4A, 64, 00, ...]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                                   00007ffe199021d1 11 bytes [B8, 49, C4, 4A, 64, 00, 00, ...]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\KERNELBASE.dll!GetProcAddress                                                                                                                    00007ffe199042a0 12 bytes [48, B8, 09, C6, 4A, 64, 00, ...]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1                                                                                                               00007ffe19905f71 11 bytes [B8, 49, EE, 4A, 64, 00, 00, ...]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                                      00007ffe19906a50 12 bytes [48, B8, 89, 4B, 4A, 64, 00, ...]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                                    00007ffe199085f1 11 bytes [B8, C9, 49, 4A, 64, 00, 00, ...]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1                                                                                                                00007ffe19908901 11 bytes [B8, 89, C2, 4A, 64, 00, 00, ...]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\KERNELBASE.dll!FindClose + 1                                                                                                                     00007ffe19908dc1 11 bytes [B8, 89, 1D, 4B, 64, 00, 00, ...]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                                00007ffe19909331 11 bytes [B8, C9, C0, 4A, 64, 00, 00, ...]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1                                                                                                                 00007ffe1990b861 11 bytes [B8, C9, 1B, 4B, 64, 00, 00, ...]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW                                                                                                            00007ffe1990f400 12 bytes [48, B8, 89, 28, 4A, 64, 00, ...]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1                                                                                                         00007ffe1991a7b1 11 bytes [B8, 09, E9, 4A, 64, 00, 00, ...]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW                                                                                                                  00007ffe1991fce0 12 bytes [48, B8, 09, 1A, 4B, 64, 00, ...]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1                                                                                                            00007ffe19936d51 11 bytes [B8, 89, 3D, 4A, 64, 00, 00, ...]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1                                                                                                                   00007ffe199595f1 8 bytes [B8, C9, E3, 4A, 64, 00, 00, ...]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10                                                                                                                  00007ffe199595fa 2 bytes [50, C3]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                                              00007ffe1997a7e1 11 bytes [B8, 89, DE, 4A, 64, 00, 00, ...]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\KERNELBASE.dll!CreateThread                                                                                                                      00007ffe1997abf0 12 bytes [48, B8, C9, 3B, 4A, 64, 00, ...]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1                                                                                                             00007ffe199cf7e1 11 bytes [B8, 49, 70, 4A, 64, 00, 00, ...]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1                                                                                                             00007ffe199cf861 11 bytes [B8, 09, 72, 4A, 64, 00, 00, ...]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA                                                                                                                      00007ffe199d0310 12 bytes [48, B8, C9, 73, 4A, 64, 00, ...]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW                                                                                                                      00007ffe199d0540 12 bytes [48, B8, 89, 75, 4A, 64, 00, ...]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread                                                                                                                00007ffe199e0c50 12 bytes [48, B8, C9, 1F, 4A, 64, 00, ...]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1                                                                                                                00007ffe1ac0ae61 11 bytes [B8, 49, 7E, 4A, 64, 00, 00, ...]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\USER32.dll!ShowWindow                                                                                                                            00007ffe1a3111b0 6 bytes [48, B8, C9, A4, 4A, 64]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\USER32.dll!ShowWindow + 8                                                                                                                        00007ffe1a3111b8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx                                                                                                                   00007ffe1a311210 6 bytes [48, B8, 89, 7C, 4A, 64]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8                                                                                                               00007ffe1a311218 4 bytes [00, 00, 50, C3]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\USER32.dll!SetWindowPlacement                                                                                                                    00007ffe1a3113d0 6 bytes [48, B8, 89, 32, 4B, 64]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\USER32.dll!SetWindowPlacement + 8                                                                                                                00007ffe1a3113d8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\USER32.dll!GetMessageW                                                                                                                           00007ffe1a312670 12 bytes [48, B8, 09, 6B, 4A, 64, 00, ...]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\USER32.dll!PeekMessageW + 1                                                                                                                      00007ffe1a312991 11 bytes [B8, 89, 6E, 4A, 64, 00, 00, ...]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\USER32.dll!CallNextHookEx                                                                                                                        00007ffe1a312ef0 12 bytes [48, B8, C9, 7A, 4A, 64, 00, ...]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\USER32.dll!PostMessageW + 1                                                                                                                      00007ffe1a3133f1 11 bytes [B8, C9, 45, 4B, 64, 00, 00, ...]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\USER32.dll!GetMessageA + 1                                                                                                                       00007ffe1a316191 11 bytes [B8, 49, 69, 4A, 64, 00, 00, ...]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1                                                                                                                 00007ffe1a316391 4 bytes [B8, 09, 1E, 4A]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 6                                                                                                                 00007ffe1a316396 2 bytes [00, 00]
.text    ...                                                                                                                                                                                                                                             * 2
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[5776] C:\Windows\system32\USER32.dll!CreateWindowExW                                                                                                                       00007ffe1a316d90 7 bytes [48, B8, 49, A1, 4A, 64, 00]
         


Alt 05.12.2015, 11:14   #6
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Watch4 - Google Chrome - Windows 8.1 - Standard

Watch4 - Google Chrome - Windows 8.1



Wenn Skype geschlossen ist, dann öffnet sich keine watch4.de Seite richtig?
__________________
--> Watch4 - Google Chrome - Windows 8.1

Alt 05.12.2015, 17:41   #7
Renate1966
 
Watch4 - Google Chrome - Windows 8.1 - Standard

Watch4 - Google Chrome - Windows 8.1



Vielen Dank für deine Antwort.
Das mit dem Skype muss ich jetzt erst mal beobachten. Als das Problem vor 2 Tagen auftrat, war der Rechner im Schlafmodus. Und währenddessen hat sich diese watch4 Seite mehrmals geöffnet. Ich habe den Rechner bis vor ca. einer Stunde nicht mehr benutzt bzw. hochgefahren. Soll ich Skype jetzt erst mal ausgeschalten lassen ??

Gruß
Renate

Alt 05.12.2015, 17:44   #8
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Watch4 - Google Chrome - Windows 8.1 - Standard

Watch4 - Google Chrome - Windows 8.1



Nein, musst Du nicht. Aber Skype zeigt Werbung. Mit echter Malware hat das nichts zu tun.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 05.12.2015, 18:03   #9
Renate1966
 
Watch4 - Google Chrome - Windows 8.1 - Standard

Watch4 - Google Chrome - Windows 8.1



Aber wieso öffnet sich die dann im Chrome Browser?

Alt 05.12.2015, 18:14   #10
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Watch4 - Google Chrome - Windows 8.1 - Standard

Watch4 - Google Chrome - Windows 8.1



Zitat:
(Standard-Browser: Chrome)
Weil es Dein Standard-Browser ist. Watch4.de ist ja keine "Böse-Seite".
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Antwort

Themen zu Watch4 - Google Chrome - Windows 8.1
antispyware, antivirus, avast, cpu, defender, device driver, dnsapi.dll, euro, explorer, flash player, google, installation, launch, lavasofttcpservice64.dll, mozilla, neustart, problem, prozesse, realtek, registry, scan, security, services.exe, software, svchost.exe, system, web companion, windows, winlogon.exe, wlan



Ähnliche Themen: Watch4 - Google Chrome - Windows 8.1


  1. Watch4 öffnet sich selbständig in Chrome
    Log-Analyse und Auswertung - 11.12.2015 (25)
  2. Watch4 Website öffnet sich in Google Chrome
    Plagegeister aller Art und deren Bekämpfung - 04.12.2015 (15)
  3. Windows 8.1: SM.de im Internet Explorer und watch4.de in Chrome
    Plagegeister aller Art und deren Bekämpfung - 03.12.2015 (13)
  4. Watch4.de Seite öffnet sich ohne Aufforderung (Google Chrome / Windows 10)
    Plagegeister aller Art und deren Bekämpfung - 30.11.2015 (18)
  5. Windows 10 / Google Chrome: watch4.de öffnet sich von selbst
    Plagegeister aller Art und deren Bekämpfung - 13.11.2015 (1)
  6. Windows 10: Chrome-Browser öffnet eigenständig Seite von Watch4.de
    Log-Analyse und Auswertung - 28.09.2015 (5)
  7. Windows 8: Google Chrome, Glass Bottle
    Log-Analyse und Auswertung - 21.05.2015 (24)
  8. Google Chrome - öffnet eine andere Seite beim Starten von Google Chrome (Win7)
    Plagegeister aller Art und deren Bekämpfung - 19.01.2015 (29)
  9. Windows 8 Probleme Fake Google Chrome
    Log-Analyse und Auswertung - 07.09.2014 (3)
  10. Windows 8.1: Werbe-Popups in Google Chrome und Opera
    Log-Analyse und Auswertung - 24.07.2014 (16)
  11. Windows 7: Download Protect 2.2.1 in Google Chrome
    Log-Analyse und Auswertung - 02.07.2014 (11)
  12. Windows 7 - Google Chrome - SweetPage
    Log-Analyse und Auswertung - 02.07.2014 (7)
  13. Windows Vista - search.fbdownloader in google chrome
    Log-Analyse und Auswertung - 01.06.2014 (15)
  14. Windows 7: Java/Adobe Malware bei Google Chrome
    Log-Analyse und Auswertung - 20.05.2014 (1)
  15. Windows 7, Ständige Pop-Ups in Google Chrome
    Log-Analyse und Auswertung - 26.02.2014 (11)
  16. Windows 7: Prozessorauslastung 100% bei google chrome
    Log-Analyse und Auswertung - 09.02.2014 (1)
  17. Windows 8 - CouponDropDown Virus - Google Chrome
    Plagegeister aller Art und deren Bekämpfung - 24.08.2013 (9)

Zum Thema Watch4 - Google Chrome - Windows 8.1 - Hallo, leider habe ich auch das Problem, dass sich Watch4 im Google Chrome selbständig einfach öffnet. Im Laufe des heutigen Nachmittag gleich mehrmals. Bitdefender Totalt Security 2016, welchen ich vor - Watch4 - Google Chrome - Windows 8.1...
Archiv
Du betrachtest: Watch4 - Google Chrome - Windows 8.1 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.