Thanks to all the people who donated and ensured the continued development of this software! If you want to donate and keep this software alive, please have a look at the About-Tab. Thanks in advance! USEC Radix V1, 0, 0, 10 [2009/11/28] at your service. ---- Check started at 2.4.2010 18:6:32 ---- Running on: Microsoft Windows NT 5.1 Build 2600 Service Pack 2 Number of Processors: 2, Active Processor Mask: 00000003 Processor: Intel Level 15 Revision 0407 Allocation granularity: 00010000, Page granularity: 00001000 Application space: 00010000-7FFEFFFF [X] Filter common false alarms. 18:6:32 - Performing check: "Hidden files": This check can take some time depending on your harddisk size. You can interrupt it with the ESC key. 18:9:27 - Performing check: "Alternate Data Streams": This check can take some time depending on your harddisk size. You can interrupt it with the ESC key. [*] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8FF81EB0:$DATA [*] C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Bilder\Beispielbilder\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Musik\Beispielmusik\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko:zylomtest:$DATA [*] C:\Dokumente und Einstellungen\Marko:zylomtr{000HQ7FF-AD7A-3FG3-VK8A-25GG67KOIVUV}:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\100MSDCF\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\abc\page\ausfluege\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\abc\page\lol\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\abc\page\party\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\abc\page\sonstige\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\abc\page\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\abc\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\KRIMSKRAMS\Neuer Ordner\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\KRIMSKRAMS\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\KRIMSKRAMS\UPLOAD\Downloads\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\KRIMSKRAMS\UPLOAD\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\LLORET\BERLIN\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\LLORET\IGALO\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\LLORET\paradise\blank_data\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\LLORET\paradise\menderes_data\afr_data\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\LLORET\paradise\menderes_data\b_click_data\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\LLORET\paradise\menderes_data\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\LLORET\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\MORUK\chatroulette\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\MORUK\dosen\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\MORUK\fotoschop\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\MORUK\PICDUMP\briefkästen\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\MORUK\PICDUMP\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\MORUK\PICDUMP\werbung\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\MORUK\POSTET\3d postet\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\MORUK\POSTET\bier gepostet\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\MORUK\POSTET\don gepostet\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\MORUK\POSTET\fuss postet\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\MORUK\POSTET\sandra postet\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\MORUK\POSTET\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\MORUK\POSTET\tiere\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\MORUK\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\MORUK\twister\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\MORUK\zwerge\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\MUSIK\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\SCHULE LAAAN\GER\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\SCHULE LAAAN\Neuer Ordner\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\SCHULE LAAAN\PORTFOLIO\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\SCHULE LAAAN\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Desktop\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Eigene Dateien\bierpott\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Eigene Dateien\DVDVideoSoft\FreeVideoToJPGConverter\48c9aae0b30c7 (05-11-2009 20-21-02)\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Eigene Dateien\DVDVideoSoft\FreeVideoToJPGConverter\GeileSchnuppe_-_sonntagsmorgen_-_330531 (05-11-2009 13-14-55)\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Eigene Dateien\DVDVideoSoft\FreeVideoToJPGConverter\Nina (22) (04-11-2009 16-31-56)\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Eigene Dateien\Eigene Bilder\2010-01-27\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Eigene Dateien\Eigene Bilder\2010-02-10\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Eigene Dateien\Eigene Bilder\2010-02-11\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Eigene Dateien\Eigene Bilder\2010-02-23\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Eigene Dateien\Eigene Bilder\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Eigene Dateien\Eigene Videos\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Eigene Dateien\Meine empfangenen Dateien\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Eigene Dateien\msn\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Eigene Dateien\Thumbs.db:encryptable:$DATA [*] C:\Dokumente und Einstellungen\Marko\Eigene Dateien\Verlauf\August 2009\Images\Thumbs.db:encryptable:$DATA [-] Error scanning file C:\pagefile.sys: 0x05::0x06: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. [*] C:\Programme\Ascaron Entertainment\Sacred 2 - Fallen Angel\system\Thumbs.db:encryptable:$DATA [*] C:\Programme\Ascaron Entertainment\Sacred 2 - Fallen Angel\Thumbs.db:encryptable:$DATA [*] C:\Programme\Click-2U\Pcsx2\compat_list\Thumbs.db:encryptable:$DATA 62 streams found. 18:10:59 - Performing check: "Hidden Registry entries": --------------------[HKEY_LOCAL_MACHINE\HARDWARE ]------------------- WARNING: Dumping the registry can take quite some time! Be assured that the app doesn't hang while dumping! Dumping...OK. Scanning...DONE. ------------------------------------------------------------------------------- --------------------[HKEY_LOCAL_MACHINE\SAM ]------------------- WARNING: Dumping the registry can take quite some time! Be assured that the app doesn't hang while dumping! Dumping...OK. Scanning...[-] Unable to open key: HKEY_LOCAL_MACHINE\SAM\SAM: Zugriff verweigert DONE. ------------------------------------------------------------------------------- --------------------[HKEY_LOCAL_MACHINE\SECURITY ]------------------- WARNING: Dumping the registry can take quite some time! Be assured that the app doesn't hang while dumping! Dumping...OK. Scanning...[-] Unable to open key: HKEY_LOCAL_MACHINE\SECURITY: Zugriff verweigert DONE. ------------------------------------------------------------------------------- --------------------[HKEY_LOCAL_MACHINE\SOFTWARE ]------------------- WARNING: Dumping the registry can take quite some time! Be assured that the app doesn't hang while dumping! Dumping...OK. Scanning...[-] Unable to open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Remote Desktop\Pending Help Session: Zugriff verweigert DONE. ------------------------------------------------------------------------------- --------------------[HKEY_LOCAL_MACHINE\SYSTEM ]------------------- WARNING: Dumping the registry can take quite some time! Be assured that the app doesn't hang while dumping! Dumping...OK. Scanning...[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{59F44B03-CCD2-460B-ACD8-53CBF375D174}\Properties: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MRxDAV\EncryptedDirectories: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{59F44B03-CCD2-460B-ACD8-53CBF375D174}\Properties: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MRxDAV\EncryptedDirectories: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{59F44B03-CCD2-460B-ACD8-53CBF375D174}\Properties: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MRxDAV\EncryptedDirectories: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg: Zugriff verweigert DONE. ------------------------------------------------------------------------------- --------------------[HKEY_USERS\.DEFAULT ]------------------- WARNING: Dumping the registry can take quite some time! Be assured that the app doesn't hang while dumping! Dumping...OK. Scanning...DONE. ------------------------------------------------------------------------------- --------------------[HKEY_USERS\S-1-5-19 ]------------------- WARNING: Dumping the registry can take quite some time! Be assured that the app doesn't hang while dumping! Dumping...OK. Scanning...DONE. ------------------------------------------------------------------------------- --------------------[HKEY_USERS\S-1-5-19_Classes ]------------------- WARNING: Dumping the registry can take quite some time! Be assured that the app doesn't hang while dumping! Dumping...OK. Scanning...DONE. ------------------------------------------------------------------------------- --------------------[HKEY_USERS\S-1-5-20 ]------------------- WARNING: Dumping the registry can take quite some time! Be assured that the app doesn't hang while dumping! Dumping...OK. Scanning...DONE. ------------------------------------------------------------------------------- --------------------[HKEY_USERS\S-1-5-20_Classes ]------------------- WARNING: Dumping the registry can take quite some time! Be assured that the app doesn't hang while dumping! Dumping...OK. Scanning...DONE. ------------------------------------------------------------------------------- --------------------[HKEY_USERS\S-1-5-21-1292428093-1532298954-1801674531-1003]------------------- WARNING: Dumping the registry can take quite some time! Be assured that the app doesn't hang while dumping! Dumping...OK. Scanning...[-] Unable to open key: HKEY_USERS\S-1-5-21-1292428093-1532298954-1801674531-1003\Software\Microsoft\Protected Storage System Provider\S-1-5-21-1292428093-1532298954-1801674531-1003: Zugriff verweigert [-] Unable to open key: HKEY_USERS\S-1-5-21-1292428093-1532298954-1801674531-1003\Software\SecuROM\License information: Das System kann die angegebene Datei nicht finden. DONE. ------------------------------------------------------------------------------- --------------------[HKEY_USERS\S-1-5-21-1292428093-1532298954-1801674531-1003_Classes]------------------- WARNING: Dumping the registry can take quite some time! Be assured that the app doesn't hang while dumping! Dumping...OK. Scanning...DONE. ------------------------------------------------------------------------------- --------------------[HKEY_USERS\S-1-5-18 ]------------------- WARNING: Dumping the registry can take quite some time! Be assured that the app doesn't hang while dumping! Dumping...OK. Scanning...DONE. ------------------------------------------------------------------------------- 18:15:36 - Performing check: "Hidden processes": (01) PID: 0 [00000000] (Idle) (53) PID: 4 [8A740830] (System) (191) PID: 160 [8A2F99E0] (svchost.exe) (175) PID: 244 [8A4FB450] (svchost.exe) (171) PID: 672 [89369030] (radixgui.exe) (191) PID: 732 [8A4829C8] (alg.exe) (175) PID: 780 [8A448DA0] (wmiprvse.exe) (07) PID: 792 [8A58D5C8] (smss.exe) (191) PID: 848 [8A2571D0] (csrss.exe) (191) PID: 872 [8A2CA5C0] (winlogon.exe) (191) PID: 916 [8A2CC758] (services.exe) (191) PID: 928 [8A2CCBC8] (lsass.exe) (191) PID: 1124 [8A53F908] (nvsvc32.exe) (191) PID: 1148 [8A1C1950] (svchost.exe) (191) PID: 1212 [8A2F9330] (svchost.exe) (191) PID: 1252 [8A6CF988] (svchost.exe) (191) PID: 1320 [8A54F030] (svchost.exe) (175) PID: 1328 [89DB7B18] (wuauclt.exe) (191) PID: 1400 [8A350548] (svchost.exe) (175) PID: 1488 [8A456C58] (spoolsv.exe) (175) PID: 1552 [8A19EDA0] (sched.exe) (175) PID: 1592 [8A49D030] (svchost.exe) (191) PID: 1660 [8A295650] (avguard.exe) (191) PID: 1672 [8A2868B8] (mDNSResponder.exe) (191) PID: 1712 [8A541D78] (openvpnas.exe) (191) PID: 1780 [8A44F240] (hsssrv.exe) (191) PID: 1796 [8A337420] (hsswd.exe) (191) PID: 1816 [8A219540] (IGDCTRL.EXE) (191) PID: 1836 [8A272590] (jqs.exe) (175) PID: 1952 [8A26E6A0] (RegistryWriter.exe) (191) PID: 2592 [898FCBC8] (RaUI.exe) (191) PID: 3332 [8A48ABC0] (avgnt.exe) (175) PID: 3356 [89DEBBC0] (jusched.exe) (191) PID: 3372 [89DEF6E8] (msnmsgr.exe) (191) PID: 3648 [89D72DA0] (openvpntray.exe) (191) PID: 3772 [898E2830] (explorer.exe) (47) PID: 3908 [8928E310] (wscntfy.exe) 18:15:38 - Performing check: "Selftest": Doing a short selftest... -> Checking IAT PID 672 - E:\mp3player\radix_installer\radixgui.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) kernel32.dll (7C800000 - 7C907000) USER32.dll (77D10000 - 77DA0000) GDI32.dll (77EF0000 - 77F38000) comdlg32.dll (76350000 - 7639A000) SHLWAPI.dll (77F40000 - 77FB6000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) msvcrt.dll (77BE0000 - 77C38000) COMCTL32.dll (5D450000 - 5D4E7000) SHELL32.dll (7E670000 - 7EE90000) ole32.dll (774B0000 - 775EC000) VERSION.dll (77BD0000 - 77BD8000) dbghelp.dll (59DD0000 - 59E71000) comctl32.dll (773A0000 - 774A2000) wintrust.dll (76BF0000 - 76C1E000) CRYPT32.dll (77A50000 - 77AE5000) MSASN1.dll (77AF0000 - 77B02000) IMAGEHLP.dll (76C50000 - 76C78000) NTMARTA.DLL (77660000 - 77681000) WLDAP32.dll (76F20000 - 76F4D000) SAMLIB.dll (71B70000 - 71B83000) uxtheme.dll (5AD70000 - 5ADA8000) Selftest complete. 18:15:40 - Performing check: "MBR": Partition Table: +----+-----+------Start------+--------End------+----------+----------+----+ | Nr | Act | Head Sect Track | Head Sect Track | Offset | Length | OS | +----+-----+-----------------+-----------------+----------+----------+----+ | 1 | Y | 001 01 0000 | 254 63 0255 | 0000003F | 0C34F28D | 07 | | 2 | N | 000 01 0255 | 254 63 0255 | 0C34F2CC | 190DE3F5 | 07 | | 3 | N | 000 00 0000 | 000 00 0000 | 00000000 | 00000000 | 00 | | 4 | N | 000 00 0000 | 000 00 0000 | 00000000 | 00000000 | 00 | +----+-----+-----------------+-----------------+----------+----------+----+ MBR seems to be OK. 18:15:40 - Performing check: "IRP hooks": 00 \Driver\KSecDD 8A6CD6C0 KSecDD.sys 01 \Driver\NDIS 8A6B6960 NDIS.sys 02 \Driver\Beep 8A236218 Beep.SYS 03 \Driver\Raspti 8A62F040 raspti.sys 04 \Driver\Mouclass 8A5F34F8 mouclass.sys 05 \Driver\taphss 8A51C1B0 taphss.sys 06 \Driver\IntcAzAudAddService 8A4235D8 RtkHDAud.sys 07 \Driver\Fips 8A23BA18 Fips.SYS 08 \Driver\avgio 8A256AC8 avgio.sys 09 \Driver\Kbdclass 8A54D5D8 kbdclass.sys 10 \Driver\vkquwexg 8A6CAA18 Combo-Fix.sys 11 \Driver\NDProxy 8A41FF38 NDProxy.SYS 12 \Driver\VgaSave 8A2C0838 vga.sys 13 \Driver\wdmaud 8A60BB58 wdmaud.sys 14 \Driver\uagp35 8A764DB0 uagp35.sys 15 \Driver\MountMgr 8A7088A8 MountMgr.sys 16 \Driver\Ptilink 8A526F38 ptilink.sys 17 \Driver\{B154377D-700F-42cc-9474-23858FBDF4BD} 8A4A2B78 000.fcl 18 \Driver\isapnp 8A71FA28 isapnp.sys 19 \Driver\dmload 8A6DF040 dmload.sys 20 \Driver\atapi 8A6DE988 atapi.sys 20 >\Driver\ACPIi 8A720458 ACPI.sys 21 >\Driver\Diski 8A75AD48 disk.sys 22 >\Driver\PartMgr 8A6C3CA0 PartMgr.sys 24 \Driver\dmio 8A6DFE08 dmio.sys 25 \Driver\PSched 8A54A4E8 psched.sys 26 \Driver\RasAcd 8A239040 rasacd.sys 27 \Driver\IpNat 8A603040 ipnat.sys 28 \Driver\SDTHelper 8924EA28 sdthlpr.sys 29 \Driver\usbuhci 8A58F4C0 usbuhci.sys 29 >\Driver\usbhubi 8A2A1F38 usbhub.sys 31 \Driver\ManyCam 8A54A7E0 ManyCam.sys 32 \Driver\audstub 8A5B5040 audstub.sys 33 \Driver\mouhid 8A252270 mouhid.sys 33 >\Driver\Mouclass 8A5F34F8 mouclass.sys 34 \Driver\Win32k 8A270328 win32k.sys 35 \Driver\rdpdr 8A50F7B8 rdpdr.sys 36 \Driver\swenum 8A5348C8 swenum.sys 36 >\Driver\kmixer 898F49D8 kmixer.sys 30 \Driver\usbhub 8A2A1F38 usbhub.sys 30 >\Driver\hidusb 8A46C890 hidusb.sys 39 \Driver\RasPppoe 8A54F8C8 raspppoe.sys 40 \Driver\Update 8A5026C8 update.sys 41 \Driver\RDPCDD 8A301040 RDPCDD.sys 42 \Driver\usbccgp 8A46D558 usbccgp.sys 42 >\Driver\hidusbp 8A46C890 hidusb.sys 43 \Driver\HTTP 8A269B10 HTTP.sys 44 \Driver\sysaudio 8A2F0E80 sysaudio.sys 45 \Driver\Ftdisk 8A7085E8 ftdisk.sys 45 >\Driver\VolSnap 8A6DECA8 VolSnap.sys 47 \Driver\TermDD 8A5AE040 termdd.sys 47 >\Driver\Mouclass 8A5F34F8 mouclass.sys 48 \Driver\Fdc 8A55B260 fdc.sys 48 >\Driver\Flpydisk 8A606040 flpydisk.sys 50 \Driver\Rasl2tp 8A53DCE8 rasl2tp.sys 51 \Driver\videX32 8A6C3B98 videX32.sys --[HOOKED]-- This might be a false positive, as I was unable to check. * Majorfunction 0F (IRP_MJ_INTERNAL_DEVICE_CONTROL) hooked at B832C4F2 by C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS ------------------------------------------------------------------------------- Information for module PCIIDEX.SYS: ------------------------------------------------------------------------------- Index: 9 Base address: B8328000 Size: 00007000 Flags: 0D004000 Load count: 3 Imagename: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS Name: Microsoft® Windows® Operating System Version: 5.1.2600.2180 Company: Microsoft Corporation File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Description: PCI IDE Bus Driver Extension Possible path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS Signed: YES * Majorfunction 16 (IRP_MJ_POWER) hooked at B8328692 by C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS ------------------------------------------------------------------------------- Information for module PCIIDEX.SYS: ------------------------------------------------------------------------------- Index: 9 Base address: B8328000 Size: 00007000 Flags: 0D004000 Load count: 3 Imagename: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS Name: Microsoft® Windows® Operating System Version: 5.1.2600.2180 Company: Microsoft Corporation File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Description: PCI IDE Bus Driver Extension Possible path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS Signed: YES * Majorfunction 17 (IRP_MJ_SYSTEM_CONTROL) hooked at B832C46E by C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS ------------------------------------------------------------------------------- Information for module PCIIDEX.SYS: ------------------------------------------------------------------------------- Index: 9 Base address: B8328000 Size: 00007000 Flags: 0D004000 Load count: 3 Imagename: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS Name: Microsoft® Windows® Operating System Version: 5.1.2600.2180 Company: Microsoft Corporation File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Description: PCI IDE Bus Driver Extension Possible path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS Signed: YES * The DriverUnload function points to another module than the start routine. * Unload routine is at B832C6DC by C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS ------------------------------------------------------------------------------- Information for module PCIIDEX.SYS: ------------------------------------------------------------------------------- Index: 9 Base address: B8328000 Size: 00007000 Flags: 0D004000 Load count: 3 Imagename: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS Name: Microsoft® Windows® Operating System Version: 5.1.2600.2180 Company: Microsoft Corporation File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Description: PCI IDE Bus Driver Extension Possible path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS Signed: YES 51 >\Driver\ACPIX32 8A720458 ACPI.sys 21 >\Driver\atapi32 8A6DE988 atapi.sys 52 \Driver\ACPI_HAL 8A75D978 hal.dll 52 >\Driver\ACPI_HAL 8A720458 ACPI.sys 53 \Driver\WMIxWDM 8A75D3B0 ntkrnlpa.exe 54 \Driver\serenum 8A58D460 serenum.sys 55 \Driver\PptpMiniport 8A597468 raspptp.sys 56 \Driver\adfs 8A516B50 adfs.SYS 56 >\FileSystem\FltMgr 8A6CF280 fltMgr.sys 58 \Driver\Secdrv 8A6D7D60 secdrv.sys 59 \Driver\catchme 899377D0 catchme.sys 60 \Driver\NetBT 8A237040 netbt.sys 61 \Driver\PCIIde 8A708AB8 pciide.sys 62 \Driver\mssmbios 8A4F7228 mssmbios.sys 37 \Driver\kmixer 898F49D8 kmixer.sys 63 \Driver\ViaIde 8A7089B0 viaide.sys --[HOOKED]-- This might be a false positive, as I was unable to check. * Majorfunction 0F (IRP_MJ_INTERNAL_DEVICE_CONTROL) hooked at B832C4F2 by C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS ------------------------------------------------------------------------------- Information for module PCIIDEX.SYS: ------------------------------------------------------------------------------- Index: 9 Base address: B8328000 Size: 00007000 Flags: 0D004000 Load count: 3 Imagename: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS Name: Microsoft® Windows® Operating System Version: 5.1.2600.2180 Company: Microsoft Corporation File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Description: PCI IDE Bus Driver Extension Possible path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS Signed: YES * Majorfunction 16 (IRP_MJ_POWER) hooked at B8328692 by C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS ------------------------------------------------------------------------------- Information for module PCIIDEX.SYS: ------------------------------------------------------------------------------- Index: 9 Base address: B8328000 Size: 00007000 Flags: 0D004000 Load count: 3 Imagename: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS Name: Microsoft® Windows® Operating System Version: 5.1.2600.2180 Company: Microsoft Corporation File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Description: PCI IDE Bus Driver Extension Possible path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS Signed: YES * Majorfunction 17 (IRP_MJ_SYSTEM_CONTROL) hooked at B832C46E by C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS ------------------------------------------------------------------------------- Information for module PCIIDEX.SYS: ------------------------------------------------------------------------------- Index: 9 Base address: B8328000 Size: 00007000 Flags: 0D004000 Load count: 3 Imagename: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS Name: Microsoft® Windows® Operating System Version: 5.1.2600.2180 Company: Microsoft Corporation File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Description: PCI IDE Bus Driver Extension Possible path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS Signed: YES * The DriverUnload function points to another module than the start routine. * Unload routine is at B832C6DC by C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS ------------------------------------------------------------------------------- Information for module PCIIDEX.SYS: ------------------------------------------------------------------------------- Index: 9 Base address: B8328000 Size: 00007000 Flags: 0D004000 Load count: 3 Imagename: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS Name: Microsoft® Windows® Operating System Version: 5.1.2600.2180 Company: Microsoft Corporation File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) Description: PCI IDE Bus Driver Extension Possible path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS Signed: YES 64 \Driver\xfilt 8A6CD8D0 xfilt.sys 65 \Driver\mnmdd 8A20C040 mnmdd.SYS 66 \Driver\Tcpip 8A707CA0 tcpip.sys 67 \Driver\Wanarp 8A2574F8 wanarp.sys 68 \Driver\kbdhid 8A53E8D0 kbdhid.sys 68 >\Driver\Kbdclass 8A54D5D8 kbdclass.sys 46 \Driver\VolSnap 8A6DECA8 VolSnap.sys 69 \Driver\nv 8A592040 nv4_mini.sys 70 \Driver\intelppm 8A60E748 intelppm.sys 71 \Driver\AegisP 8A316040 AegisP.sys 72 \Driver\usbehci 8A56F0A0 usbehci.sys 72 >\Driver\usbhubi 8A2A1F38 usbhub.sys 73 \Driver\Null 8A225240 Null.SYS 74 \Driver\lirsgt 8A42D4E8 lirsgt.sys 22 \Driver\Disk 8A75AD48 disk.sys 75 \Driver\PCI 8A741C90 pci.sys 75 >\Driver\ACPI 8A720458 ACPI.sys 21 >\Driver\HDAudBus 8A58C888 HDAudBus.sys 77 \Driver\IPSec 8A607040 ipsec.sys 23 \Driver\PartMgr 8A6C3CA0 PartMgr.sys 78 \Driver\FETND5BV 8A58E5C0 fetnd5bv.sys 79 \Driver\NdisWan 8A53B5D8 ndiswan.sys 80 \Driver\NdisTapi 8A53C568 ndistapi.sys 81 \Driver\Serial 8A597A98 serial.sys 81 >\Driver\serenum 8A58D460 serenum.sys 76 \Driver\HDAudBus 8A58C888 HDAudBus.sys 76 >\Driver\IntcAzAudAddService 8A4235D8 RtkHDAud.sys 82 \Driver\Gpc 8A5495E8 msgpc.sys 21 \Driver\ACPI 8A720458 ACPI.sys 21 >\Driver\Disk 8A75AD48 disk.sys 22 >\Driver\PartMgr 8A6C3CA0 PartMgr.sys 83 \Driver\PnpManager 8A7633A8 ntkrnlpa.exe 49 \Driver\Flpydisk 8A606040 flpydisk.sys 84 \Driver\AFD 8A20E040 afd.sys 85 \Driver\atksgt 8A291040 atksgt.sys 38 \Driver\hidusb 8A46C890 hidusb.sys 86 \Driver\PROCEXP113 898DE220 PROCEXP113.SYS 87 \Driver\PxHelp20 8A6CD7C8 PxHelp20.sys 88 \Driver\ssmdrv 8A257040 ssmdrv.sys 89 \Driver\avipbb 8A254838 avipbb.sys 90 \FileSystem\Ntfs 8A6CD490 Ntfs.sys 90 >\FileSystem\srfs 8A6CEF38 sr.sys 91 >\FileSystem\FltMgr 8A6CF280 fltMgr.sys 92 \FileSystem\NetBIOS 8A6D1948 netbios.sys 91 \FileSystem\sr 8A6CEF38 sr.sys 91 >\FileSystem\FltMgr 8A6CF280 fltMgr.sys 93 \FileSystem\Rdbss 8A5FDF38 rdbss.sys 94 \FileSystem\avgntflt 8A1964D8 avgntflt.sys 95 \FileSystem\Lbd 8A6CED08 Lbd.sys 96 \FileSystem\Msfs 8A608040 Msfs.SYS 97 \FileSystem\MRxSmb 8A23CF38 mrxsmb.sys 98 \FileSystem\Srv 8A2AED68 srv.sys 99 \FileSystem\Mup 8A6CA040 Mup.sys 100 \FileSystem\RAW 8A721458 ntkrnlpa.exe 101 \FileSystem\Npfs 8A24D040 Npfs.SYS 102 \FileSystem\Fs_Rec 8A216170 Fs_Rec.SYS 57 \FileSystem\FltMgr 8A6CF280 fltMgr.sys 103 \FileSystem\MRxDAV 8A2554E0 mrxdav.sys 103 >\FileSystem\FltMgr 8A6CF280 fltMgr.sys 28 \Driver\SDTHelper 8932B9E0 sdthlpr.sys 104 \FileSystem\Fastfat 8A763D00 Fastfat.SYS 104 >\FileSystem\FltMgrt 8A6CF280 fltMgr.sys 18:16:19 - Performing check: "Patched modules": Module information: Idx Base Size Module Service Pre Sig Patched 000 804D7000 0020C000 ntkrnlpa.exe YES YES 001 806E3000 00020D00 hal.dll YES YES 002 B85A8000 00002000 KDCOM.DLL YES YES 003 B84B8000 00003000 BOOTVID.dll YES YES 004 B7F78000 0002F000 ACPI.sys ACPI YES YES 005 B85AA000 00002000 WMILIB.SYS YES YES 006 B7F67000 00011000 pci.sys PCI YES YES 007 B80A8000 00009000 isapnp.sys isapnp YES YES 008 B8670000 00001000 pciide.sys PCIIde YES YES 009 B8328000 00007000 PCIIDEX.SYS YES YES 010 B85AC000 00002000 viaide.sys ViaIde YES YES 011 B80B8000 0000B000 MountMgr.sys MountMgr YES YES 012 B7F48000 0001F000 ftdisk.sys Ftdisk YES YES 013 B85AE000 00002000 dmload.sys dmload YES YES 014 B7F22000 00026000 dmio.sys dmio YES YES 015 B8330000 00005000 PartMgr.sys PartMgr YES YES 016 B8338000 00008000 videX32.sys videX32 YES YES 017 B80C8000 0000E000 VolSnap.sys VolSnap YES YES 018 B7F0A000 00018000 atapi.sys atapi YES YES 019 B80D8000 00009000 disk.sys Disk YES YES 020 B80E8000 0000D000 CLASSPNP.SYS YES YES 021 B7EEB000 0001F000 fltMgr.sys FltMgr YES YES 022 B7ED9000 00012000 sr.sys sr YES YES 023 B80F8000 0000F000 Lbd.sys Lbd YES YES 024 B8108000 00009000 xfilt.sys xfilt YES YES 025 B8118000 0000A000 PxHelp20.sys PxHelp20 YES YES 026 B7EC2000 00017000 KSecDD.sys KSecDD YES YES 027 B7E35000 0008D000 Ntfs.sys Ntfs YES YES 028 B7E08000 0002D000 NDIS.sys NDIS YES YES 029 B8128000 0000F000 Combo-Fix.sys NO NO 030 B8138000 0000B000 uagp35.sys uagp35 YES YES 031 B7DED000 0001B000 Mup.sys Mup YES YES 032 B7948000 0000A000 intelppm.sys intelppm YES YES 033 B6CD2000 009C4000 nv4_mini.sys nv YES YES 034 B6CBE000 00014000 VIDEOPRT.SYS YES YES 035 B8420000 00005000 usbuhci.sys usbuhci YES YES 036 B6C9B000 00023000 USBPORT.SYS YES YES 037 B8428000 00007000 usbehci.sys usbehci YES YES 038 B8430000 00007000 fdc.sys Fdc YES YES 039 B8438000 00007000 kbdclass.sys Kbdclass YES YES 040 B8440000 00006000 mouclass.sys Mouclass YES YES 041 B6C8A000 00011000 serial.sys Serial YES YES 042 B7DC5000 00004000 serenum.sys serenum YES YES 043 B7928000 0000B000 fetnd5bv.sys FETND5BV YES YES 044 B6C65000 00025000 HDAudBus.sys HDAudBus YES YES 045 B8448000 00006000 ManyCam.sys ManyCam YES YES 046 B7918000 0000C000 STREAM.SYS YES YES 047 B6C42000 00023000 ks.sys YES YES 048 B8735000 00001000 audstub.sys audstub YES YES 049 B7908000 0000D000 rasl2tp.sys Rasl2tp YES YES 050 B7DC1000 00003000 ndistapi.sys NdisTapi YES YES 051 B6C2B000 00017000 ndiswan.sys NdisWan YES YES 052 B78F8000 0000B000 raspppoe.sys RasPppoe YES YES 053 B78E8000 0000C000 raspptp.sys PptpMiniport YES YES 054 B8450000 00005000 TDI.SYS YES YES 055 B6C1A000 00011000 psched.sys PSched YES YES 056 B78D8000 00009000 msgpc.sys Gpc YES YES 057 B8458000 00005000 ptilink.sys Ptilink YES YES 058 B8460000 00005000 raspti.sys Raspti YES YES 059 B8468000 00007000 taphss.sys taphss YES YES 060 B6BE9000 00031000 rdpdr.sys rdpdr YES YES 061 B78C8000 0000A000 termdd.sys TermDD YES YES 062 B85D2000 00002000 swenum.sys swenum YES YES 063 B6BB5000 00034000 update.sys Update YES YES 064 B7DA5000 00004000 mssmbios.sys mssmbios YES YES 065 B63E9000 005D5000 RtkHDAud.sys IntcAzAudAddService YES YES 066 B63C7000 00022000 portcls.sys YES YES 067 B81A8000 0000F000 drmk.sys YES YES 068 B81B8000 0000A000 NDProxy.SYS NDProxy YES YES 069 B81D8000 0000F000 usbhub.sys usbhub YES YES 070 B85D8000 00002000 USBD.SYS YES YES 071 B8470000 00005000 flpydisk.sys Flpydisk YES YES 072 B85DA000 00002000 Fs_Rec.SYS Fs_Rec YES YES 073 B8738000 00001000 Null.SYS Null YES YES 074 B85DC000 00002000 Beep.SYS Beep YES YES 075 B8480000 00007000 HIDPARSE.SYS YES YES 076 B8488000 00006000 vga.sys VgaSave YES YES 077 B85DE000 00002000 mnmdd.SYS mnmdd YES YES 078 B85E0000 00002000 RDPCDD.sys RDPCDD YES YES 079 B8490000 00005000 Msfs.SYS Msfs YES YES 080 B8498000 00008000 Npfs.SYS Npfs YES YES 081 B8580000 00003000 rasacd.sys RasAcd YES YES 082 B4244000 00013000 ipsec.sys IPSec YES YES 083 B41EC000 00058000 tcpip.sys Tcpip YES YES 084 B41C4000 00028000 netbt.sys NetBT YES YES 085 B41A3000 00021000 ipnat.sys IpNat YES YES 086 B4181000 00022000 afd.sys AFD YES YES 087 B8208000 00009000 netbios.sys NetBIOS YES YES 088 B84A0000 00006000 ssmdrv.sys ssmdrv YES YES 089 B408D000 0002C000 rdbss.sys Rdbss YES YES 090 B401E000 0006F000 mrxsmb.sys MRxSmb YES YES 091 B8228000 00009000 wanarp.sys Wanarp YES YES 092 B8248000 00009000 Fips.SYS Fips YES YES 093 B4002000 0001C000 avipbb.sys avipbb YES YES 094 B85E4000 00002000 avgio.sys avgio YES YES 095 B8348000 00008000 usbccgp.sys usbccgp YES YES 096 B7DC9000 00003000 hidusb.sys hidusb YES YES 097 B8258000 00009000 HIDCLASS.SYS YES YES 098 B63C3000 00003000 mouhid.sys mouhid YES YES 099 B63BF000 00004000 kbdhid.sys kbdhid YES YES 100 B3FC2000 00018000 dump_atapi.sys NO NO 101 B85E8000 00002000 dump_WMILIB.SYS NO NO 102 BF800000 001C4000 win32k.sys YES YES 103 B63A7000 00003000 Dxapi.sys YES YES 104 B8378000 00005000 watchdog.sys YES YES 105 BD000000 00012000 dxg.sys YES YES 106 B8671000 00001000 dxgthk.sys YES YES 107 BD012000 005FE000 nv4_disp.dll YES YES 108 BFFA0000 00046000 ATMFD.DLL YES YES 109 B3E4E000 00014000 avgntflt.sys avgntflt YES YES 110 B8388000 00005000 AegisP.sys AegisP YES NO 111 B3C19000 0002D000 mrxdav.sys MRxDAV YES YES 112 B3B18000 00011000 adfs.SYS adfs YES YES 113 B3AD5000 00043000 atksgt.sys atksgt YES YES 114 B83C8000 00005000 lirsgt.sys lirsgt YES YES 115 B3916000 00057000 srv.sys Srv YES YES 116 B38C6000 00028000 secdrv.sys Secdrv YES NO 117 B37D2000 0002C000 000.fcl {B154377D-700F-42cc-9474-23858FBDF4BD} YES YES 118 B33A9000 00041000 HTTP.sys HTTP YES YES 119 B336C000 00015000 wdmaud.sys wdmaud YES YES 120 B3DF6000 0000F000 sysaudio.sys sysaudio YES YES 121 B378A000 00008000 catchme.sys catchme NO NO 122 B85F6000 00002000 PROCEXP113.SYS NO NO 123 B2416000 0002A000 kmixer.sys kmixer YES YES 124 B3ECE000 00004000 sdthlpr.sys SDTHelper YES NO 125 B23F3000 00023000 Fastfat.SYS Fastfat YES YES 126 7C910000 000B9000 ntdll.dll YES YES Number of Module Table entries patched = 0 18:16:45 - Performing check: "SDT hooks": Found KiServiceTable @ 8055B6E0 0 ZwAcceptConnectPort 805A3104 1 ZwAccessCheck 805EF38C 2 ZwAccessCheckAndAuditAlarm 805F2BDA 3 ZwAccessCheckByType 805EF3BE 4 ZwAccessCheckByTypeAndAuditAlarm 805F2C14 5 ZwAccessCheckByTypeResultList 805EF3F4 6 ZwAccessCheckByTypeResultListAndAuditAlarm 805F2C58 7 ZwAccessCheckByTypeResultListAndAuditAlarmByHandle 805F2C9C 8 ZwAddAtom 80613BC8 9 ZwAddBootEntry 8061490A 10 ZwAdjustGroupsToken 805EA73C 11 ZwAdjustPrivilegesToken 805EA394 12 ZwAlertResumeThread 805D33D0 13 ZwAlertThread 805D3380 14 ZwAllocateLocallyUniqueId 806141EE 15 ZwAllocateUserPhysicalPages 805B49F8 16 ZwAllocateUuids 8061380A 17 ZwAllocateVirtualMemory 805A758E 18 ZwAreMappedFilesTheSame 805AF00C 19 ZwAssignProcessToJobObject 805D4E94 20 ZwCallbackReturn 80500DD4 21 ZwCancelDeviceWakeupRequest 806148FC 22 ZwCancelIoFile 80575974 23 ZwCancelTimer 80537E4E 24 ZwClearEvent 8060CE12 25 ZwClose 805BAF72 26 ZwCloseObjectAuditAlarm 805F3114 27 ZwCompactKeys 80621D04 28 ZwCompareTokens 805F7628 29 ZwCompleteConnectPort 805A37F2 30 ZwCompressKey 80621F58 31 ZwConnectPort 805A30A4 32 ZwContinue 80544104 33 ZwCreateDebugObject 8063FF3E 34 ZwCreateDirectoryObject 805BCE26 35 ZwCreateEvent 8060CE62 36 ZwCreateEventPair 80615180 37 ZwCreateFile 80577ED2 38 ZwCreateIoCompletion 80576764 39 ZwCreateJobObject 805D3E58 40 ZwCreateJobSet 805D3B90 41 ZwCreateKey --[HOOKED]-- B87447BE probably by C:\WINDOWS\system32\DRIVERS\avipbb.sys ------------------------------------------------------------------------------- Information for module avipbb.sys: ------------------------------------------------------------------------------- Index: 93 Base address: B4002000 Size: 0001C000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\system32\DRIVERS\avipbb.sys Name: (null) Version: 9.00.00.00 Company: Avira GmbH File Version: 1.0.2.86 Description: Avira Driver for RootKit Detection Possible path: C:\WINDOWS\system32\DRIVERS\avipbb.sys Signed: YES 42 ZwCreateMailslotFile 80577FE0 43 ZwCreateMutant 80615578 44 ZwCreateNamedPipeFile 80577F0C 45 ZwCreatePagingFile 805AA4C2 46 ZwCreatePort 805A3BC0 47 ZwCreateProcess 805CFAE2 48 ZwCreateProcessEx 805CFA2C 49 ZwCreateProfile 80615998 50 ZwCreateSection 805A9E9C 51 ZwCreateSemaphore 80612F28 52 ZwCreateSymbolicLinkObject 805C36A6 53 ZwCreateThread --[HOOKED]-- B87447B4 probably by C:\WINDOWS\system32\DRIVERS\avipbb.sys ------------------------------------------------------------------------------- Information for module avipbb.sys: ------------------------------------------------------------------------------- Index: 93 Base address: B4002000 Size: 0001C000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\system32\DRIVERS\avipbb.sys Name: (null) Version: 9.00.00.00 Company: Avira GmbH File Version: 1.0.2.86 Description: Avira Driver for RootKit Detection Possible path: C:\WINDOWS\system32\DRIVERS\avipbb.sys Signed: YES 54 ZwCreateTimer 80614E48 55 ZwCreateToken 805F79D0 56 ZwCreateWaitablePort 805A3BE4 57 ZwDebugActiveProcess 8064101A 58 ZwDebugContinue 8064116A 59 ZwDelayExecution 8061484C 60 ZwDeleteAtom 8061407E 61 ZwDeleteBootEntry 806148FC 62 ZwDeleteFile 80575ABA 63 ZwDeleteKey --[HOOKED]-- B87447C3 probably by C:\WINDOWS\system32\DRIVERS\avipbb.sys ------------------------------------------------------------------------------- Information for module avipbb.sys: ------------------------------------------------------------------------------- Index: 93 Base address: B4002000 Size: 0001C000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\system32\DRIVERS\avipbb.sys Name: (null) Version: 9.00.00.00 Company: Avira GmbH File Version: 1.0.2.86 Description: Avira Driver for RootKit Detection Possible path: C:\WINDOWS\system32\DRIVERS\avipbb.sys Signed: YES 64 ZwDeleteObjectAuditAlarm 805F3220 65 ZwDeleteValueKey --[HOOKED]-- B87447CD probably by C:\WINDOWS\system32\DRIVERS\avipbb.sys ------------------------------------------------------------------------------- Information for module avipbb.sys: ------------------------------------------------------------------------------- Index: 93 Base address: B4002000 Size: 0001C000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\system32\DRIVERS\avipbb.sys Name: (null) Version: 9.00.00.00 Company: Avira GmbH File Version: 1.0.2.86 Description: Avira Driver for RootKit Detection Possible path: C:\WINDOWS\system32\DRIVERS\avipbb.sys Signed: YES 66 ZwDeviceIoControlFile 80578098 67 ZwDisplayString 80610EA6 68 ZwDuplicateObject 805BC94E 69 ZwDuplicateToken 805EB5DA 70 ZwEnumerateBootEntries 8061490A 71 ZwEnumerateKey 80622974 72 ZwEnumerateSystemEnvironmentValuesEx 806148EE 73 ZwEnumerateValueKey 80622BDE 74 ZwExtendSection 805B2718 75 ZwFilterToken 805EB786 76 ZwFindAtom 80613E32 77 ZwFlushBuffersFile 80575B86 78 ZwFlushInstructionCache 805B528C 79 ZwFlushKey 80622E48 80 ZwFlushVirtualMemory 805AB1D6 81 ZwFlushWriteBuffer 805B522E 82 ZwFreeUserPhysicalPages 805B4D9A 83 ZwFreeVirtualMemory 805B19F4 84 ZwFsControlFile 805780CC 85 ZwGetContextThread 805CFDF4 86 ZwGetDevicePowerState 805C6FC6 87 ZwGetPlugPlayEvent 80597E7E 88 ZwGetWriteWatch 80520498 89 ZwImpersonateAnonymousToken 805F731C 90 ZwImpersonateClientOfPort 805A3C4E 91 ZwImpersonateThread 805D6054 92 ZwInitializeRegistry 8062010C 93 ZwInitiatePowerAction 805C6DAC 94 ZwIsProcessInJob 805D3A54 95 ZwIsSystemResumeAutomatic 805C6FB2 96 ZwListenPort 805A3E5A 97 ZwLoadDriver 80582EAE 98 ZwLoadKey --[HOOKED]-- B87447D2 probably by C:\WINDOWS\system32\DRIVERS\avipbb.sys ------------------------------------------------------------------------------- Information for module avipbb.sys: ------------------------------------------------------------------------------- Index: 93 Base address: B4002000 Size: 0001C000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\system32\DRIVERS\avipbb.sys Name: (null) Version: 9.00.00.00 Company: Avira GmbH File Version: 1.0.2.86 Description: Avira Driver for RootKit Detection Possible path: C:\WINDOWS\system32\DRIVERS\avipbb.sys Signed: YES 99 ZwLoadKey2 80623AAE 100 ZwLockFile 80578100 101 ZwLockProductActivationKeys 80611498 102 ZwLockRegistryKey 80622004 103 ZwLockVirtualMemory 805B5394 104 ZwMakePermanentObject 805BCC1C 105 ZwMakeTemporaryObject 805BB016 106 ZwMapUserPhysicalPages 805B3E58 107 ZwMapUserPhysicalPagesScatter 805B43A8 108 ZwMapViewOfSection 805B0A7C 109 ZwModifyBootEntry 806148FC 110 ZwNotifyChangeDirectoryFile 80578D18 111 ZwNotifyChangeKey 80623E2E 112 ZwNotifyChangeMultipleKeys 80622F4A 113 ZwOpenDirectoryObject 805BCEF8 114 ZwOpenEvent 8060CF62 115 ZwOpenEventPair 80615258 116 ZwOpenFile 80578FD0 117 ZwOpenIoCompletion 8057683C 118 ZwOpenJobObject 805D3FDE 119 ZwOpenKey 806234CA 120 ZwOpenMutant 80615650 121 ZwOpenObjectAuditAlarm 805F2CE2 122 ZwOpenProcess --[HOOKED]-- B87447A0 probably by C:\WINDOWS\system32\DRIVERS\avipbb.sys ------------------------------------------------------------------------------- Information for module avipbb.sys: ------------------------------------------------------------------------------- Index: 93 Base address: B4002000 Size: 0001C000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\system32\DRIVERS\avipbb.sys Name: (null) Version: 9.00.00.00 Company: Avira GmbH File Version: 1.0.2.86 Description: Avira Driver for RootKit Detection Possible path: C:\WINDOWS\system32\DRIVERS\avipbb.sys Signed: YES 123 ZwOpenProcessToken 805EBFD2 124 ZwOpenProcessTokenEx 805EBBD8 125 ZwOpenSection 805A8EC0 126 ZwOpenSemaphore 80613022 127 ZwOpenSymbolicLinkObject 805C388C 128 ZwOpenThread --[HOOKED]-- B87447A5 probably by C:\WINDOWS\system32\DRIVERS\avipbb.sys ------------------------------------------------------------------------------- Information for module avipbb.sys: ------------------------------------------------------------------------------- Index: 93 Base address: B4002000 Size: 0001C000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\system32\DRIVERS\avipbb.sys Name: (null) Version: 9.00.00.00 Company: Avira GmbH File Version: 1.0.2.86 Description: Avira Driver for RootKit Detection Possible path: C:\WINDOWS\system32\DRIVERS\avipbb.sys Signed: YES 129 ZwOpenThreadToken 805EBFF0 130 ZwOpenThreadTokenEx 805EBD48 131 ZwOpenTimer 80614F6A 132 ZwPlugPlayControl 8064320C 133 ZwPowerInformation 805C7DFA 134 ZwPrivilegeCheck 805F63CE 135 ZwPrivilegeObjectAuditAlarm 805F1FF4 136 ZwPrivilegedServiceAuditAlarm 805F21E0 137 ZwProtectVirtualMemory 805B6E60 138 ZwPulseEvent 8060D01A 139 ZwQueryAttributesFile 80575D64 140 ZwQueryBootEntryOrder 8061490A 141 ZwQueryBootOptions 8061490A 142 ZwQueryDebugFilterState 8053EE36 143 ZwQueryDefaultLocale 8060EBEC 144 ZwQueryDefaultUILanguage 8060F84C 145 ZwQueryDirectoryFile 80578CB2 146 ZwQueryDirectoryObject 805BCF98 147 ZwQueryEaFile 80579000 148 ZwQueryEvent 8060D0E2 149 ZwQueryFullAttributesFile 80575E9C 150 ZwQueryInformationAtom 806140A6 151 ZwQueryInformationFile 8057986C 152 ZwQueryInformationJobObject 805D44B0 153 ZwQueryInformationPort 805A3EB8 154 ZwQueryInformationProcess 805CB860 155 ZwQueryInformationThread 805CA48E 156 ZwQueryInformationToken 805EC0D0 157 ZwQueryInstallUILanguage 8060EFEA 158 ZwQueryIntervalProfile 80615E1A 159 ZwQueryIoCompletion 805768E4 160 ZwQueryKey 806237EE 161 ZwQueryMultipleValueKey 80621302 162 ZwQueryMutant 806156F8 163 ZwQueryObject 805C2DC6 164 ZwQueryOpenSubKeys 80621968 165 ZwQueryPerformanceCounter 80615EA8 166 ZwQueryQuotaInformationFile 8057A604 167 ZwQuerySection 805B7022 168 ZwQuerySecurityObject 805BEA84 169 ZwQuerySemaphore 806130DA 170 ZwQuerySymbolicLinkObject 805C392C 171 ZwQuerySystemEnvironmentValue 80614926 172 ZwQuerySystemEnvironmentValueEx 806148E0 173 ZwQuerySystemInformation 8060F8CC 174 ZwQuerySystemTime 80611072 175 ZwQueryTimer 80615022 176 ZwQueryTimerResolution 80611104 177 ZwQueryValueKey 806201EE 178 ZwQueryVirtualMemory 805B76B0 179 ZwQueryVolumeInformationFile 8057AAEE 180 ZwQueueApcThread 805CFB40 181 ZwRaiseException 8054414C 182 ZwRaiseHardError 80612D4C 183 ZwReadFile 8057B28E 184 ZwReadFileScatter 8057B7F8 185 ZwReadRequestData 805A4940 186 ZwReadVirtualMemory 805B2D04 187 ZwRegisterThreadTerminatePort 805D0FEA 188 ZwReleaseMutant 80615830 189 ZwReleaseSemaphore 8061320A 190 ZwRemoveIoCompletion 80576BDC 191 ZwRemoveProcessDebug 806410EA 192 ZwRenameKey 80621B5A 193 ZwReplaceKey --[HOOKED]-- B87447DC probably by C:\WINDOWS\system32\DRIVERS\avipbb.sys ------------------------------------------------------------------------------- Information for module avipbb.sys: ------------------------------------------------------------------------------- Index: 93 Base address: B4002000 Size: 0001C000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\system32\DRIVERS\avipbb.sys Name: (null) Version: 9.00.00.00 Company: Avira GmbH File Version: 1.0.2.86 Description: Avira Driver for RootKit Detection Possible path: C:\WINDOWS\system32\DRIVERS\avipbb.sys Signed: YES 194 ZwReplyPort 805A3FC0 195 ZwReplyWaitReceivePort 805A4F88 196 ZwReplyWaitReceivePortEx 805A4990 197 ZwReplyWaitReplyPort 805A42AA 198 ZwRequestDeviceWakeup 805C6F44 199 ZwRequestPort 805A151E 200 ZwRequestWaitReplyPort 805A184A 201 ZwRequestWakeupLatency 805C6D52 202 ZwResetEvent 8060D1F4 203 ZwResetWriteWatch 80520980 204 ZwRestoreKey --[HOOKED]-- B87447D7 probably by C:\WINDOWS\system32\DRIVERS\avipbb.sys ------------------------------------------------------------------------------- Information for module avipbb.sys: ------------------------------------------------------------------------------- Index: 93 Base address: B4002000 Size: 0001C000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\system32\DRIVERS\avipbb.sys Name: (null) Version: 9.00.00.00 Company: Avira GmbH File Version: 1.0.2.86 Description: Avira Driver for RootKit Detection Possible path: C:\WINDOWS\system32\DRIVERS\avipbb.sys Signed: YES 205 ZwResumeProcess 805D332A 206 ZwResumeThread 805D320C 207 ZwSaveKey 806205DE 208 ZwSaveKeyEx 8062066E 209 ZwSaveMergedKeys 8062073A 210 ZwSecureConnectPort 805A2838 211 ZwSetBootEntryOrder 8061490A 212 ZwSetBootOptions 8061490A 213 ZwSetContextThread 805D0004 214 ZwSetDebugFilterState 80643DA2 215 ZwSetDefaultHardErrorPort 80612BF6 216 ZwSetDefaultLocale 8060ED3C 217 ZwSetDefaultUILanguage 8060F5AE 218 ZwSetEaFile 80579514 219 ZwSetEvent 8060D2B4 220 ZwSetEventBoostPriority 8060D37E 221 ZwSetHighEventPair 80615514 222 ZwSetHighWaitLowEventPair 80615444 223 ZwSetInformationDebugObject 80640AB4 224 ZwSetInformationFile 80579E38 225 ZwSetInformationJobObject 805D51BE 226 ZwSetInformationKey 80620ECE 227 ZwSetInformationObject 805C233C 228 ZwSetInformationProcess 805CC756 229 ZwSetInformationThread 805CA9DA 230 ZwSetInformationToken 805F874A 231 ZwSetIntervalProfile 8061597C 232 ZwSetIoCompletion 80576B7A 233 ZwSetLdtEntries 805D2156 234 ZwSetLowEventPair 806154B0 235 ZwSetLowWaitHighEventPair 806153D8 236 ZwSetQuotaInformationFile 8057A5E2 237 ZwSetSecurityObject 805BE9B8 238 ZwSetSystemEnvironmentValue 80614BAA 239 ZwSetSystemEnvironmentValueEx 806148E0 240 ZwSetSystemInformation 8060DC1A 241 ZwSetSystemPowerState 80650E26 242 ZwSetSystemTime 8061237A 243 ZwSetThreadExecutionState 805C6C66 244 ZwSetTimer 80537FDE 245 ZwSetTimerResolution 8061184C 246 ZwSetUuidSeed 806136C0 247 ZwSetValueKey --[HOOKED]-- B87447C8 probably by C:\WINDOWS\system32\DRIVERS\avipbb.sys ------------------------------------------------------------------------------- Information for module avipbb.sys: ------------------------------------------------------------------------------- Index: 93 Base address: B4002000 Size: 0001C000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\system32\DRIVERS\avipbb.sys Name: (null) Version: 9.00.00.00 Company: Avira GmbH File Version: 1.0.2.86 Description: Avira Driver for RootKit Detection Possible path: C:\WINDOWS\system32\DRIVERS\avipbb.sys Signed: YES 248 ZwSetVolumeInformationFile 8057AEF8 249 ZwShutdownSystem 80610E6A 250 ZwSignalAndWaitForSingleObject 80525A60 251 ZwStartProfile 80615BC6 252 ZwStopProfile 80615D70 253 ZwSuspendProcess 805D32D4 254 ZwSuspendThread 805D3146 255 ZwSystemDebugControl 80615F94 256 ZwTerminateJobObject 805D5D52 257 ZwTerminateProcess --[HOOKED]-- B87447AF probably by C:\WINDOWS\system32\DRIVERS\avipbb.sys ------------------------------------------------------------------------------- Information for module avipbb.sys: ------------------------------------------------------------------------------- Index: 93 Base address: B4002000 Size: 0001C000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\system32\DRIVERS\avipbb.sys Name: (null) Version: 9.00.00.00 Company: Avira GmbH File Version: 1.0.2.86 Description: Avira Driver for RootKit Detection Possible path: C:\WINDOWS\system32\DRIVERS\avipbb.sys Signed: YES 258 ZwTerminateThread 805D142E 259 ZwTestAlert 805D3494 260 ZwTraceEvent 80534374 261 ZwTranslateFilePath 80614918 262 ZwUnloadDriver 80583042 263 ZwUnloadKey 80620ABC 264 ZwUnloadKeyEx 80620CAA 265 ZwUnlockFile 805784A4 266 ZwUnlockVirtualMemory 805B5922 267 ZwUnmapViewOfSection 805B188A 268 ZwVdmControl 805F9B02 269 ZwWaitForDebugEvent 8064081C 270 ZwWaitForMultipleObjects 805BF0DA 271 ZwWaitForSingleObject 805BEFF0 272 ZwWaitHighEventPair 80615374 273 ZwWaitLowEventPair 80615310 274 ZwWriteFile 8057BCF6 275 ZwWriteFileGather 8057C2DA 276 ZwWriteRequestData 805A4968 277 ZwWriteVirtualMemory 805B2E0E 278 ZwYieldExecution 80503FF4 279 ZwCreateKeyedEvent 806163EC 280 ZwOpenKeyedEvent 806164D6 281 ZwReleaseKeyedEvent 80616588 282 ZwWaitForKeyedEvent 806167E4 283 ZwQueryPortInformationProcess 805CA20E Number of Service Table entries hooked = 11 Number of Service Table entries patched = 0 18:16:50 - Performing check: "IDT hooks": IDT offset in kernel: 0x01F28F50 IDT address: 0x8003F400 (phys.: 0x0151F400) INT# SegType DPL ISR 000(00) IntG32 00 0008:80541420 001(01) IntG32 00 0008:8054159C 002(02) TaskG32 00 0058:80551896 003(03) IntG32 03 0008:805419B0 004(04) IntG32 03 0008:80541B30 005(05) IntG32 00 0008:80541C90 006(06) IntG32 00 0008:80541E04 007(07) IntG32 00 0008:8054247C 008(08) TaskG32 00 0050:80551888 009(09) IntG32 00 0008:80542880 010(0A) IntG32 00 0008:805429A0 011(0B) IntG32 00 0008:80542AE0 012(0C) IntG32 00 0008:80542D40 013(0D) IntG32 00 0008:8054302C 014(0E) IntG32 00 0008:80543740 015(0F) IntG32 00 0008:80543A78 016(10) IntG32 00 0008:80543B98 017(11) IntG32 00 0008:80543CD4 018(12) TaskG32 00 00A0:0ACA7AE8 (hooked) 019(13) IntG32 00 0008:80543E3C 020(14) IntG32 00 0008:80543A78 021(15) IntG32 00 0008:80543A78 022(16) IntG32 00 0008:80543A78 023(17) IntG32 00 0008:80543A78 024(18) IntG32 00 0008:80543A78 025(19) IntG32 00 0008:80543A78 026(1A) IntG32 00 0008:80543A78 027(1B) IntG32 00 0008:80543A78 028(1C) IntG32 00 0008:80543A78 029(1D) IntG32 00 0008:80543A78 030(1E) IntG32 00 0008:80543A78 031(1F) IntG32 00 0008:806E510C 032(20) Not present 033(21) Not present 034(22) Not present 035(23) Not present 036(24) Not present 037(25) Not present 038(26) Not present 039(27) Not present 040(28) Not present 041(29) Not present 042(2A) IntG32 03 0008:80540C4E 043(2B) IntG32 03 0008:80540D50 044(2C) IntG32 03 0008:80540F00 045(2D) IntG32 03 0008:8054188C 046(2E) IntG32 03 0008:805406D1 047(2F) IntG32 00 0008:80543A78 048(30) IntG32 00 0008:8053FD90 049(31) IntG32 00 0008:8053FD9A 050(32) IntG32 00 0008:8053FDA4 051(33) IntG32 00 0008:8053FDAE 052(34) IntG32 00 0008:8053FDB8 053(35) IntG32 00 0008:8053FDC2 054(36) IntG32 00 0008:8053FDCC 055(37) IntG32 00 0008:806E4864 056(38) IntG32 00 0008:8053FDE0 057(39) IntG32 00 0008:8053FDEA 058(3A) IntG32 00 0008:8053FDF4 059(3B) IntG32 00 0008:8053FDFE 060(3C) IntG32 00 0008:8053FE08 061(3D) IntG32 00 0008:806E5E2C 062(3E) IntG32 00 0008:8053FE1C 063(3F) IntG32 00 0008:8053FE26 064(40) IntG32 00 0008:8053FE30 065(41) IntG32 00 0008:806E5C88 066(42) IntG32 00 0008:8053FE44 067(43) IntG32 00 0008:8053FE4E 068(44) IntG32 00 0008:8053FE58 069(45) IntG32 00 0008:8053FE62 070(46) IntG32 00 0008:8053FE6C 071(47) IntG32 00 0008:8053FE76 072(48) IntG32 00 0008:8053FE80 073(49) IntG32 00 0008:8053FE8A 074(4A) IntG32 00 0008:8053FE94 075(4B) IntG32 00 0008:8053FE9E 076(4C) IntG32 00 0008:8053FEA8 077(4D) IntG32 00 0008:8053FEB2 078(4E) IntG32 00 0008:8053FEBC 079(4F) IntG32 00 0008:8053FEC6 080(50) IntG32 00 0008:806E493C 081(51) IntG32 00 0008:8053FEDA 082(52) IntG32 00 0008:8053FEE4 083(53) IntG32 00 0008:8053FEEE 084(54) IntG32 00 0008:8053FEF8 085(55) IntG32 00 0008:8053FF02 086(56) IntG32 00 0008:8053FF0C 087(57) IntG32 00 0008:8053FF16 088(58) IntG32 00 0008:8053FF20 089(59) IntG32 00 0008:8053FF2A 090(5A) IntG32 00 0008:8053FF34 091(5B) IntG32 00 0008:8053FF3E 092(5C) IntG32 00 0008:8053FF48 093(5D) IntG32 00 0008:8053FF52 094(5E) IntG32 00 0008:8053FF5C 095(5F) IntG32 00 0008:8053FF66 096(60) IntG32 00 0008:8053FF70 097(61) IntG32 00 0008:8053FF7A 098(62) IntG32 00 0008:8A6BDBEC (hooked) 099(63) IntG32 00 0008:8A6DE444 (hooked) 100(64) IntG32 00 0008:8053FF98 101(65) IntG32 00 0008:8053FFA2 102(66) IntG32 00 0008:8053FFAC 103(67) IntG32 00 0008:8053FFB6 104(68) IntG32 00 0008:8053FFC0 105(69) IntG32 00 0008:8053FFCA 106(6A) IntG32 00 0008:8053FFD4 107(6B) IntG32 00 0008:8053FFDE 108(6C) IntG32 00 0008:8053FFE8 109(6D) IntG32 00 0008:8053FFF2 110(6E) IntG32 00 0008:8053FFFC 111(6F) IntG32 00 0008:80540006 112(70) IntG32 00 0008:80540010 113(71) IntG32 00 0008:8054001A 114(72) IntG32 00 0008:80540024 115(73) IntG32 00 0008:8054002E 116(74) IntG32 00 0008:8A1F3044 (hooked) 117(75) IntG32 00 0008:80540042 118(76) IntG32 00 0008:8054004C 119(77) IntG32 00 0008:80540056 120(78) IntG32 00 0008:80540060 121(79) IntG32 00 0008:8054006A 122(7A) IntG32 00 0008:80540074 123(7B) IntG32 00 0008:8054007E 124(7C) IntG32 00 0008:80540088 125(7D) IntG32 00 0008:80540092 126(7E) IntG32 00 0008:8054009C 127(7F) IntG32 00 0008:805400A6 128(80) IntG32 00 0008:805400B0 129(81) IntG32 00 0008:805400BA 130(82) IntG32 00 0008:8A706044 (hooked) 131(83) IntG32 00 0008:805400CE 132(84) IntG32 00 0008:8A1F3BEC (hooked) 133(85) IntG32 00 0008:805400E2 134(86) IntG32 00 0008:805400EC 135(87) IntG32 00 0008:805400F6 136(88) IntG32 00 0008:80540100 137(89) IntG32 00 0008:8054010A 138(8A) IntG32 00 0008:80540114 139(8B) IntG32 00 0008:8054011E 140(8C) IntG32 00 0008:80540128 141(8D) IntG32 00 0008:80540132 142(8E) IntG32 00 0008:8054013C 143(8F) IntG32 00 0008:80540146 144(90) IntG32 00 0008:80540150 145(91) IntG32 00 0008:8054015A 146(92) IntG32 00 0008:8A21D1D4 (hooked) 147(93) IntG32 00 0008:8054016E 148(94) IntG32 00 0008:8A1C8BEC (hooked) 149(95) IntG32 00 0008:80540182 150(96) IntG32 00 0008:8054018C 151(97) IntG32 00 0008:80540196 152(98) IntG32 00 0008:805401A0 153(99) IntG32 00 0008:805401AA 154(9A) IntG32 00 0008:805401B4 155(9B) IntG32 00 0008:805401BE 156(9C) IntG32 00 0008:805401C8 157(9D) IntG32 00 0008:805401D2 158(9E) IntG32 00 0008:805401DC 159(9F) IntG32 00 0008:805401E6 160(A0) IntG32 00 0008:805401F0 161(A1) IntG32 00 0008:805401FA 162(A2) IntG32 00 0008:80540204 163(A3) IntG32 00 0008:8054020E 164(A4) IntG32 00 0008:8A1D6BEC (hooked) 165(A5) IntG32 00 0008:80540222 166(A6) IntG32 00 0008:8054022C 167(A7) IntG32 00 0008:80540236 168(A8) IntG32 00 0008:80540240 169(A9) IntG32 00 0008:8054024A 170(AA) IntG32 00 0008:80540254 171(AB) IntG32 00 0008:8054025E 172(AC) IntG32 00 0008:80540268 173(AD) IntG32 00 0008:80540272 174(AE) IntG32 00 0008:8054027C 175(AF) IntG32 00 0008:80540286 176(B0) IntG32 00 0008:80540290 177(B1) IntG32 00 0008:8A6E2BEC (hooked) 178(B2) IntG32 00 0008:805402A4 179(B3) IntG32 00 0008:805402AE 180(B4) IntG32 00 0008:8A4C8044 (hooked) 181(B5) IntG32 00 0008:805402C2 182(B6) IntG32 00 0008:805402CC 183(B7) IntG32 00 0008:805402D6 184(B8) IntG32 00 0008:805402E0 185(B9) IntG32 00 0008:805402EA 186(BA) IntG32 00 0008:805402F4 187(BB) IntG32 00 0008:805402FE 188(BC) IntG32 00 0008:80540308 189(BD) IntG32 00 0008:80540312 190(BE) IntG32 00 0008:8054031C 191(BF) IntG32 00 0008:80540326 192(C0) IntG32 00 0008:80540330 193(C1) IntG32 00 0008:806E4AC0 194(C2) IntG32 00 0008:80540344 195(C3) IntG32 00 0008:8054034E 196(C4) IntG32 00 0008:80540358 197(C5) IntG32 00 0008:80540362 198(C6) IntG32 00 0008:8054036C 199(C7) IntG32 00 0008:80540376 200(C8) IntG32 00 0008:80540380 201(C9) IntG32 00 0008:8054038A 202(CA) IntG32 00 0008:80540394 203(CB) IntG32 00 0008:8054039E 204(CC) IntG32 00 0008:805403A8 205(CD) IntG32 00 0008:805403B2 206(CE) IntG32 00 0008:805403BC 207(CF) IntG32 00 0008:805403C6 208(D0) IntG32 00 0008:805403D0 209(D1) IntG32 00 0008:806E3E54 210(D2) IntG32 00 0008:805403E4 211(D3) IntG32 00 0008:805403EE 212(D4) IntG32 00 0008:805403F8 213(D5) IntG32 00 0008:80540402 214(D6) IntG32 00 0008:8054040C 215(D7) IntG32 00 0008:80540416 216(D8) IntG32 00 0008:80540420 217(D9) IntG32 00 0008:8054042A 218(DA) IntG32 00 0008:80540434 219(DB) IntG32 00 0008:8054043E 220(DC) IntG32 00 0008:80540448 221(DD) IntG32 00 0008:80540452 222(DE) IntG32 00 0008:8054045C 223(DF) IntG32 00 0008:80540466 224(E0) IntG32 00 0008:80540470 225(E1) IntG32 00 0008:806E5048 226(E2) IntG32 00 0008:80540484 227(E3) IntG32 00 0008:806E4DAC 228(E4) IntG32 00 0008:80540498 229(E5) IntG32 00 0008:805404A2 230(E6) IntG32 00 0008:805404AC 231(E7) IntG32 00 0008:805404B6 232(E8) IntG32 00 0008:805404C0 233(E9) IntG32 00 0008:805404CA 234(EA) IntG32 00 0008:805404D4 235(EB) IntG32 00 0008:805404DE 236(EC) IntG32 00 0008:805404E8 237(ED) IntG32 00 0008:805404F2 238(EE) IntG32 00 0008:805404F9 239(EF) IntG32 00 0008:80540500 240(F0) IntG32 00 0008:80540507 241(F1) IntG32 00 0008:8054050E 242(F2) IntG32 00 0008:80540515 243(F3) IntG32 00 0008:8054051C 244(F4) IntG32 00 0008:80540523 245(F5) IntG32 00 0008:8054052A 246(F6) IntG32 00 0008:80540531 247(F7) IntG32 00 0008:80540538 248(F8) IntG32 00 0008:8054053F 249(F9) IntG32 00 0008:80540546 250(FA) IntG32 00 0008:8054054D 251(FB) IntG32 00 0008:80540554 252(FC) IntG32 00 0008:8054055B 253(FD) IntG32 00 0008:806E55A8 254(FE) IntG32 00 0008:806E5748 255(FF) IntG32 00 0008:80540570 18:16:59 - Performing check: "SYSENTER hook": SYSENTER offset in kernel: 0x004697A0 (=0x805407A0) SYSENTER EIP: 0008:805407A0 [OK] 18:16:59 - Performing check: "IAT hooks": PID 792 - C:\WINDOWS\System32\smss.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) PID 848 - C:\WINDOWS\system32\csrss.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) CSRSRV.dll (75AE0000 - 75AEB000) basesrv.dll (75AF0000 - 75B00000) winsrv.dll (75B00000 - 75B4A000) USER32.dll (77D10000 - 77DA0000) KERNEL32.dll (7C800000 - 7C907000) GDI32.dll (77EF0000 - 77F38000) sxs.dll (76970000 - 76A21000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) PID 872 - C:\WINDOWS\system32\winlogon.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) kernel32.dll (7C800000 - 7C907000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) AUTHZ.dll (77690000 - 776A1000) msvcrt.dll (77BE0000 - 77C38000) CRYPT32.dll (77A50000 - 77AE5000) USER32.dll (77D10000 - 77DA0000) GDI32.dll (77EF0000 - 77F38000) MSASN1.dll (77AF0000 - 77B02000) NDdeApi.dll (758E0000 - 758E8000) PROFMAP.dll (758D0000 - 758DA000) NETAPI32.dll (597D0000 - 59824000) USERENV.dll (76620000 - 766D5000) PSAPI.DLL (76BB0000 - 76BBB000) REGAPI.dll (76B70000 - 76B7F000) SETUPAPI.dll (778F0000 - 779E4000) VERSION.dll (77BD0000 - 77BD8000) WINSTA.dll (76300000 - 76310000) WINTRUST.dll (76BF0000 - 76C1E000) IMAGEHLP.dll (76C50000 - 76C78000) WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) MSGINA.dll (75910000 - 75A09000) SHELL32.dll (7E670000 - 7EE90000) SHLWAPI.dll (77F40000 - 77FB6000) COMCTL32.dll (5D450000 - 5D4E7000) ODBC32.dll (745D0000 - 7460D000) comdlg32.dll (76350000 - 7639A000) comctl32.dll (773A0000 - 774A2000) odbcint.dll (20000000 - 20019000) SHSVCS.dll (776B0000 - 776D4000) sfc.dll (76B60000 - 76B65000) sfc_os.dll (76C20000 - 76C4A000) ole32.dll (774B0000 - 775EC000) Apphelp.dll (77B10000 - 77B32000) WINSCARD.DLL (72360000 - 7237C000) WTSAPI32.dll (76F10000 - 76F18000) sxs.dll (76970000 - 76A21000) uxtheme.dll (5AD70000 - 5ADA8000) WINMM.dll (76AF0000 - 76B1E000) cscdll.dll (765A0000 - 765BD000) WlNotify.dll (758F0000 - 7590B000) WINSPOOL.DRV (72F70000 - 72F96000) MPR.dll (71A80000 - 71A92000) rsaenh.dll (0FFD0000 - 0FFF8000) WgaLogon.dll (01210000 - 01252000) OLEAUT32.dll (770F0000 - 7717C000) NTMARTA.DLL (77660000 - 77681000) WLDAP32.dll (76F20000 - 76F4D000) SAMLIB.dll (71B70000 - 71B83000) CLBCATQ.DLL (76F90000 - 7700F000) COMRes.dll (77010000 - 770E3000) msv1_0.dll (77C40000 - 77C64000) cryptdll.dll (76740000 - 7674C000) iphlpapi.dll (76D20000 - 76D39000) AdobeDriveCS4_NP.dll(10000000 - 10013000) RASAPI32.dll (76EA0000 - 76EDC000) rasman.dll (76E50000 - 76E62000) TAPI32.dll (76E70000 - 76E9F000) rtutils.dll (76E40000 - 76E4E000) cscui.dll (779F0000 - 77A46000) wdmaud.drv (72C90000 - 72C99000) xpsp2res.dll (01580000 - 01859000) msacm32.drv (72C80000 - 72C88000) MSACM32.dll (77BB0000 - 77BC5000) midimap.dll (77BA0000 - 77BA7000) PID 916 - C:\WINDOWS\system32\services.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) kernel32.dll (7C800000 - 7C907000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) msvcrt.dll (77BE0000 - 77C38000) NCObjAPI.DLL (5FB60000 - 5FB6C000) MSVCP60.dll (76020000 - 76085000) SCESRV.dll (77B40000 - 77B93000) USER32.dll (77D10000 - 77DA0000) GDI32.dll (77EF0000 - 77F38000) USERENV.dll (76620000 - 766D5000) AUTHZ.dll (77690000 - 776A1000) umpnpmgr.dll (75850000 - 7586F000) WINSTA.dll (76300000 - 76310000) NETAPI32.dll (597D0000 - 59824000) ShimEng.dll (5CF00000 - 5CF26000) AcGenral.DLL (6FD90000 - 6FF5A000) WINMM.dll (76AF0000 - 76B1E000) ole32.dll (774B0000 - 775EC000) OLEAUT32.dll (770F0000 - 7717C000) MSACM32.dll (77BB0000 - 77BC5000) VERSION.dll (77BD0000 - 77BD8000) SHELL32.dll (7E670000 - 7EE90000) SHLWAPI.dll (77F40000 - 77FB6000) UxTheme.dll (5AD70000 - 5ADA8000) comctl32.dll (773A0000 - 774A2000) comctl32.dll (5D450000 - 5D4E7000) Apphelp.dll (77B10000 - 77B32000) eventlog.dll (772D0000 - 772E1000) WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) PSAPI.DLL (76BB0000 - 76BBB000) wtsapi32.dll (76F10000 - 76F18000) PID 928 - C:\WINDOWS\system32\lsass.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) kernel32.dll (7C800000 - 7C907000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) LSASRV.dll (753D0000 - 75486000) MPR.dll (71A80000 - 71A92000) USER32.dll (77D10000 - 77DA0000) GDI32.dll (77EF0000 - 77F38000) MSASN1.dll (77AF0000 - 77B02000) msvcrt.dll (77BE0000 - 77C38000) NETAPI32.dll (597D0000 - 59824000) NTDSAPI.dll (76750000 - 76763000) DNSAPI.dll (76EE0000 - 76F07000) WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) WLDAP32.dll (76F20000 - 76F4D000) SAMLIB.dll (71B70000 - 71B83000) SAMSRV.dll (743C0000 - 7442E000) cryptdll.dll (76740000 - 7674C000) ShimEng.dll (5CF00000 - 5CF26000) AcGenral.DLL (6FD90000 - 6FF5A000) WINMM.dll (76AF0000 - 76B1E000) ole32.dll (774B0000 - 775EC000) OLEAUT32.dll (770F0000 - 7717C000) MSACM32.dll (77BB0000 - 77BC5000) VERSION.dll (77BD0000 - 77BD8000) SHELL32.dll (7E670000 - 7EE90000) SHLWAPI.dll (77F40000 - 77FB6000) USERENV.dll (76620000 - 766D5000) UxTheme.dll (5AD70000 - 5ADA8000) comctl32.dll (773A0000 - 774A2000) comctl32.dll (5D450000 - 5D4E7000) msprivs.dll (20000000 - 2000E000) kerberos.dll (71C70000 - 71CBB000) msv1_0.dll (77C40000 - 77C64000) iphlpapi.dll (76D20000 - 76D39000) netlogon.dll (74430000 - 74495000) w32time.dll (76770000 - 7679D000) MSVCP60.dll (76020000 - 76085000) schannel.dll (767A0000 - 767CD000) CRYPT32.dll (77A50000 - 77AE5000) wdigest.dll (7F000000 - 7F012000) rsaenh.dll (0FFD0000 - 0FFF8000) setupapi.dll (778F0000 - 779E4000) scecli.dll (74380000 - 743B0000) ipsecsvc.dll (74350000 - 74380000) AUTHZ.dll (77690000 - 776A1000) oakley.DLL (756C0000 - 7578E000) WINIPSEC.DLL (742E0000 - 742EB000) pstorsvc.dll (74310000 - 7431B000) mswsock.dll (719B0000 - 719F0000) hnetcfg.dll (66710000 - 66769000) wshtcpip.dll (719F0000 - 719F8000) dssenh.dll (68100000 - 68124000) psbase.dll (74330000 - 7434B000) PID 1124 - C:\WINDOWS\system32\nvsvc32.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) kernel32.dll (7C800000 - 7C907000) USERENV.dll (76620000 - 766D5000) msvcrt.dll (77BE0000 - 77C38000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) USER32.dll (77D10000 - 77DA0000) GDI32.dll (77EF0000 - 77F38000) POWRPROF.dll (74A50000 - 74A58000) SETUPAPI.dll (778F0000 - 779E4000) wtsapi32.dll (76F10000 - 76F18000) WINSTA.dll (76300000 - 76310000) NETAPI32.dll (597D0000 - 59824000) VERSION.dll (77BD0000 - 77BD8000) SHLWAPI.dll (77F40000 - 77FB6000) COMCTL32.dll (5D450000 - 5D4E7000) SHELL32.dll (7E670000 - 7EE90000) ole32.dll (774B0000 - 775EC000) OLEAUT32.dll (770F0000 - 7717C000) comctl32.dll (773A0000 - 774A2000) nvapi.dll (00940000 - 00A4A000) WINTRUST.dll (76BF0000 - 76C1E000) CRYPT32.dll (77A50000 - 77AE5000) MSASN1.dll (77AF0000 - 77B02000) IMAGEHLP.dll (76C50000 - 76C78000) msv1_0.dll (77C40000 - 77C64000) cryptdll.dll (76740000 - 7674C000) iphlpapi.dll (76D20000 - 76D39000) WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) NTMARTA.DLL (77660000 - 77681000) WLDAP32.dll (76F20000 - 76F4D000) SAMLIB.dll (71B70000 - 71B83000) uxtheme.dll (5AD70000 - 5ADA8000) PID 1148 - C:\WINDOWS\system32\svchost.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) kernel32.dll (7C800000 - 7C907000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) ShimEng.dll (5CF00000 - 5CF26000) AcGenral.DLL (6FD90000 - 6FF5A000) USER32.dll (77D10000 - 77DA0000) GDI32.dll (77EF0000 - 77F38000) WINMM.dll (76AF0000 - 76B1E000) ole32.dll (774B0000 - 775EC000) msvcrt.dll (77BE0000 - 77C38000) OLEAUT32.dll (770F0000 - 7717C000) MSACM32.dll (77BB0000 - 77BC5000) VERSION.dll (77BD0000 - 77BD8000) SHELL32.dll (7E670000 - 7EE90000) SHLWAPI.dll (77F40000 - 77FB6000) USERENV.dll (76620000 - 766D5000) UxTheme.dll (5AD70000 - 5ADA8000) comctl32.dll (773A0000 - 774A2000) comctl32.dll (5D450000 - 5D4E7000) NTMARTA.DLL (77660000 - 77681000) WLDAP32.dll (76F20000 - 76F4D000) SAMLIB.dll (71B70000 - 71B83000) rpcss.dll (76A30000 - 76A94000) WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) xpsp2res.dll (20000000 - 202D9000) CLBCATQ.DLL (76F90000 - 7700F000) COMRes.dll (77010000 - 770E3000) Apphelp.dll (77B10000 - 77B32000) termsrv.dll (761D0000 - 76224000) ICAAPI.dll (74EF0000 - 74EF6000) SETUPAPI.dll (778F0000 - 779E4000) WINTRUST.dll (76BF0000 - 76C1E000) CRYPT32.dll (77A50000 - 77AE5000) MSASN1.dll (77AF0000 - 77B02000) IMAGEHLP.dll (76C50000 - 76C78000) AUTHZ.dll (77690000 - 776A1000) mstlsapi.dll (75090000 - 750AF000) ACTIVEDS.dll (77C90000 - 77CC3000) adsldpc.dll (76DD0000 - 76DF5000) NETAPI32.dll (597D0000 - 59824000) ATL.DLL (76AD0000 - 76AE1000) REGAPI.dll (76B70000 - 76B7F000) rsaenh.dll (0FFD0000 - 0FFF8000) PID 1212 - C:\WINDOWS\system32\svchost.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) kernel32.dll (7C800000 - 7C907000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) ShimEng.dll (5CF00000 - 5CF26000) AcGenral.DLL (6FD90000 - 6FF5A000) USER32.dll (77D10000 - 77DA0000) GDI32.dll (77EF0000 - 77F38000) WINMM.dll (76AF0000 - 76B1E000) ole32.dll (774B0000 - 775EC000) msvcrt.dll (77BE0000 - 77C38000) OLEAUT32.dll (770F0000 - 7717C000) MSACM32.dll (77BB0000 - 77BC5000) VERSION.dll (77BD0000 - 77BD8000) SHELL32.dll (7E670000 - 7EE90000) SHLWAPI.dll (77F40000 - 77FB6000) USERENV.dll (76620000 - 766D5000) UxTheme.dll (5AD70000 - 5ADA8000) comctl32.dll (773A0000 - 774A2000) comctl32.dll (5D450000 - 5D4E7000) rpcss.dll (76A30000 - 76A94000) WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) xpsp2res.dll (20000000 - 202D9000) rsaenh.dll (0FFD0000 - 0FFF8000) mswsock.dll (719B0000 - 719F0000) hnetcfg.dll (66710000 - 66769000) wshtcpip.dll (719F0000 - 719F8000) DNSAPI.dll (76EE0000 - 76F07000) iphlpapi.dll (76D20000 - 76D39000) winrnr.dll (76F70000 - 76F78000) WLDAP32.dll (76F20000 - 76F4D000) mdnsNSP.dll (16080000 - 160A5000) rasadhlp.dll (76F80000 - 76F86000) CLBCATQ.DLL (76F90000 - 7700F000) COMRes.dll (77010000 - 770E3000) PID 1252 - C:\WINDOWS\System32\svchost.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) kernel32.dll (7C800000 - 7C907000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) ShimEng.dll (5CF00000 - 5CF26000) AcGenral.DLL (6FD90000 - 6FF5A000) USER32.dll (77D10000 - 77DA0000) GDI32.dll (77EF0000 - 77F38000) WINMM.dll (76AF0000 - 76B1E000) ole32.dll (774B0000 - 775EC000) msvcrt.dll (77BE0000 - 77C38000) OLEAUT32.dll (770F0000 - 7717C000) MSACM32.dll (77BB0000 - 77BC5000) VERSION.dll (77BD0000 - 77BD8000) SHELL32.dll (7E670000 - 7EE90000) SHLWAPI.dll (77F40000 - 77FB6000) USERENV.dll (76620000 - 766D5000) UxTheme.dll (5AD70000 - 5ADA8000) comctl32.dll (773A0000 - 774A2000) comctl32.dll (5D450000 - 5D4E7000) NTMARTA.DLL (77660000 - 77681000) WLDAP32.dll (76F20000 - 76F4D000) SAMLIB.dll (71B70000 - 71B83000) xpsp2res.dll (20000000 - 202D9000) shsvcs.dll (776B0000 - 776D4000) WINSTA.dll (76300000 - 76310000) NETAPI32.dll (597D0000 - 59824000) dhcpcsvc.dll (76D40000 - 76D5E000) DNSAPI.dll (76EE0000 - 76F07000) WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) iphlpapi.dll (76D20000 - 76D39000) CLBCATQ.DLL (76F90000 - 7700F000) COMRes.dll (77010000 - 770E3000) schedsvc.dll (76B20000 - 76B53000) NTDSAPI.dll (76750000 - 76763000) IMAGEHLP.dll (76C50000 - 76C78000) WTSAPI32.dll (76F10000 - 76F18000) SETUPAPI.dll (778F0000 - 779E4000) msv1_0.dll (77C40000 - 77C64000) cryptdll.dll (76740000 - 7674C000) MSIDLE.DLL (74ED0000 - 74ED5000) audiosrv.dll (70DC0000 - 70DCD000) WINTRUST.dll (76BF0000 - 76C1E000) CRYPT32.dll (77A50000 - 77AE5000) MSASN1.dll (77AF0000 - 77B02000) wkssvc.dll (76E00000 - 76E23000) dmserver.dll (74F10000 - 74F19000) cryptsvc.dll (76CD0000 - 76CE2000) certcli.dll (752D0000 - 75303000) ATL.DLL (76AD0000 - 76AE1000) CRYPTUI.dll (76880000 - 76905000) WININET.dll (77180000 - 77229000) ESENT.dll (5E200000 - 5E310000) ersvc.dll (74F00000 - 74F09000) es.dll (776E0000 - 77724000) pchsvc.dll (74EC0000 - 74ECC000) hidserv.dll (68D80000 - 68D89000) HID.DLL (68D90000 - 68D99000) rsaenh.dll (0FFD0000 - 0FFF8000) srvsvc.dll (75010000 - 7502A000) netman.dll (77CD0000 - 77D03000) netshell.dll (763A0000 - 7654B000) rtutils.dll (76E40000 - 76E4E000) credui.dll (76BC0000 - 76BEF000) MPRAPI.dll (76D00000 - 76D18000) ACTIVEDS.dll (77C90000 - 77CC3000) adsldpc.dll (76DD0000 - 76DF5000) RASAPI32.dll (76EA0000 - 76EDC000) rasman.dll (76E50000 - 76E62000) TAPI32.dll (76E70000 - 76E9F000) WZCSvc.DLL (775F0000 - 7765E000) WMI.dll (76CF0000 - 76CF4000) WZCSAPI.DLL (72FA0000 - 72FB0000) HNETCFG.DLL (66710000 - 66769000) seclogon.dll (73C90000 - 73C98000) sens.dll (72260000 - 7226D000) srsvc.dll (75120000 - 7514E000) POWRPROF.dll (74A50000 - 74A58000) w32time.dll (76770000 - 7679D000) MSVCP60.dll (76020000 - 76085000) trkwks.dll (74FF0000 - 75009000) wmisvc.dll (4F110000 - 4F138000) VSSAPI.DLL (75360000 - 753CD000) mswsock.dll (719B0000 - 719F0000) wshtcpip.dll (719F0000 - 719F8000) wuauserv.dll (50000000 - 50005000) wuaueng.dll (50040000 - 50219000) WINSPOOL.DRV (72F70000 - 72F96000) WINHTTP.dll (4D5C0000 - 4D619000) Cabinet.dll (750D0000 - 750E4000) mspatcha.dll (604A0000 - 604AB000) SXS.DLL (76970000 - 76A21000) comsvcs.dll (76090000 - 761CA000) MTXCLU.DLL (75070000 - 75083000) WSOCK32.dll (71A30000 - 71A3A000) colbact.DLL (750B0000 - 750C4000) CLUSAPI.DLL (76D60000 - 76D71000) RESUTILS.DLL (75030000 - 75042000) sfc.dll (76B60000 - 76B65000) sfc_os.dll (76C20000 - 76C4A000) Apphelp.dll (77B10000 - 77B32000) ipnathlp.dll (668D0000 - 66926000) AUTHZ.dll (77690000 - 776A1000) browser.dll (772F0000 - 77305000) wscsvc.dll (4C170000 - 4C187000) msi.dll (745E0000 - 748A6000) wbemcomn.dll (75210000 - 75247000) wbemcore.dll (76260000 - 762E5000) esscli.dll (75290000 - 752CF000) FastProx.dll (75620000 - 75696000) wbemsvc.dll (74E50000 - 74E5E000) wmiutils.dll (74FA0000 - 74FBC000) repdrvfs.dll (75180000 - 751AE000) wmiprvsd.dll (42BC0000 - 42C32000) NCObjAPI.DLL (5FB60000 - 5FB6C000) wbemess.dll (75310000 - 75356000) ncprov.dll (5FB30000 - 5FB3E000) wups2.dll (50F00000 - 50F0D000) rasadhlp.dll (76F80000 - 76F86000) netcfgx.dll (75580000 - 7561D000) rasmans.dll (723F0000 - 72420000) WINIPSEC.DLL (742E0000 - 742EB000) tapisrv.dll (73350000 - 7338F000) PSAPI.DLL (76BB0000 - 76BBB000) rastapi.dll (75490000 - 754A1000) unimdm.tsp (58030000 - 58066000) uniplat.dll (71F90000 - 71F97000) kmddsp.tsp (580B0000 - 580BB000) ndptsp.tsp (58090000 - 580A0000) ipconf.tsp (580C0000 - 580C8000) h323.tsp (580E0000 - 58126000) hidphone.tsp (580D0000 - 580DA000) rasppp.dll (721D0000 - 72205000) ntlsapi.dll (72420000 - 72426000) kerberos.dll (71C70000 - 71CBB000) raschap.dll (76CA0000 - 76CB4000) rastls.dll (76B80000 - 76B9F000) SCHANNEL.dll (767A0000 - 767CD000) WinSCard.dll (72360000 - 7237C000) upnp.dll (76DA0000 - 76DC3000) SSDPAPI.dll (74E80000 - 74E8C000) RASDLG.dll (754D0000 - 7557B000) urlmon.dll (7DF20000 - 7DFC3000) PID 1320 - C:\WINDOWS\system32\svchost.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) kernel32.dll (7C800000 - 7C907000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) ShimEng.dll (5CF00000 - 5CF26000) AcGenral.DLL (6FD90000 - 6FF5A000) USER32.dll (77D10000 - 77DA0000) GDI32.dll (77EF0000 - 77F38000) WINMM.dll (76AF0000 - 76B1E000) ole32.dll (774B0000 - 775EC000) msvcrt.dll (77BE0000 - 77C38000) OLEAUT32.dll (770F0000 - 7717C000) MSACM32.dll (77BB0000 - 77BC5000) VERSION.dll (77BD0000 - 77BD8000) SHELL32.dll (7E670000 - 7EE90000) SHLWAPI.dll (77F40000 - 77FB6000) USERENV.dll (76620000 - 766D5000) UxTheme.dll (5AD70000 - 5ADA8000) comctl32.dll (773A0000 - 774A2000) comctl32.dll (5D450000 - 5D4E7000) dnsrslvr.dll (76720000 - 7672D000) DNSAPI.dll (76EE0000 - 76F07000) WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) iphlpapi.dll (76D20000 - 76D39000) rsaenh.dll (0FFD0000 - 0FFF8000) mswsock.dll (719B0000 - 719F0000) hnetcfg.dll (66710000 - 66769000) wshtcpip.dll (719F0000 - 719F8000) PID 1400 - C:\WINDOWS\system32\svchost.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) kernel32.dll (7C800000 - 7C907000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) ShimEng.dll (5CF00000 - 5CF26000) AcGenral.DLL (6FD90000 - 6FF5A000) USER32.dll (77D10000 - 77DA0000) GDI32.dll (77EF0000 - 77F38000) WINMM.dll (76AF0000 - 76B1E000) ole32.dll (774B0000 - 775EC000) msvcrt.dll (77BE0000 - 77C38000) OLEAUT32.dll (770F0000 - 7717C000) MSACM32.dll (77BB0000 - 77BC5000) VERSION.dll (77BD0000 - 77BD8000) SHELL32.dll (7E670000 - 7EE90000) SHLWAPI.dll (77F40000 - 77FB6000) USERENV.dll (76620000 - 766D5000) UxTheme.dll (5AD70000 - 5ADA8000) comctl32.dll (773A0000 - 774A2000) comctl32.dll (5D450000 - 5D4E7000) NTMARTA.DLL (77660000 - 77681000) WLDAP32.dll (76F20000 - 76F4D000) SAMLIB.dll (71B70000 - 71B83000) xpsp2res.dll (20000000 - 202D9000) lmhsvc.dll (74BC0000 - 74BC6000) iphlpapi.dll (76D20000 - 76D39000) WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) regsvc.dll (76AA0000 - 76AB2000) ssdpsrv.dll (76910000 - 76924000) hnetcfg.dll (66710000 - 66769000) CLBCATQ.DLL (76F90000 - 7700F000) COMRes.dll (77010000 - 770E3000) mswsock.dll (719B0000 - 719F0000) wshtcpip.dll (719F0000 - 719F8000) rsaenh.dll (0FFD0000 - 0FFF8000) httpapi.dll (67A10000 - 67A1A000) WINHTTP.dll (4D5C0000 - 4D619000) PID 1488 - C:\WINDOWS\system32\spoolsv.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) kernel32.dll (7C800000 - 7C907000) msvcrt.dll (77BE0000 - 77C38000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) GDI32.dll (77EF0000 - 77F38000) USER32.dll (77D10000 - 77DA0000) ShimEng.dll (5CF00000 - 5CF26000) AcGenral.DLL (6FD90000 - 6FF5A000) WINMM.dll (76AF0000 - 76B1E000) ole32.dll (774B0000 - 775EC000) OLEAUT32.dll (770F0000 - 7717C000) MSACM32.dll (77BB0000 - 77BC5000) VERSION.dll (77BD0000 - 77BD8000) SHELL32.dll (7E670000 - 7EE90000) SHLWAPI.dll (77F40000 - 77FB6000) USERENV.dll (76620000 - 766D5000) UxTheme.dll (5AD70000 - 5ADA8000) comctl32.dll (773A0000 - 774A2000) comctl32.dll (5D450000 - 5D4E7000) SPOOLSS.DLL (74250000 - 74265000) WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) DNSAPI.dll (76EE0000 - 76F07000) iphlpapi.dll (76D20000 - 76D39000) rasadhlp.dll (76F80000 - 76F86000) localspl.dll (75E60000 - 75EB8000) sfc_os.dll (76C20000 - 76C4A000) WINTRUST.dll (76BF0000 - 76C1E000) CRYPT32.dll (77A50000 - 77AE5000) MSASN1.dll (77AF0000 - 77B02000) IMAGEHLP.dll (76C50000 - 76C78000) winspool.drv (72F70000 - 72F96000) netapi32.dll (597D0000 - 59824000) avmprmon.dll (00970000 - 00977000) cnbjmon.dll (74200000 - 7420F000) ZLhp1020.DLL (10000000 - 1001B000) ZLM.dll (00980000 - 00987000) pjlmon.dll (741E0000 - 741E7000) tcpmon.dll (72390000 - 7239F000) usbmon.dll (72380000 - 72387000) IMFPrint.DLL (715E0000 - 715ED000) Imf32.dll (71600000 - 71607000) ZTAG32.dll (715D0000 - 715D6000) ZSPOOL.dll (71130000 - 71145000) filterpipelineprintproc.dll(3F420000 - 3F43B000) mswsock.dll (719B0000 - 719F0000) winrnr.dll (76F70000 - 76F78000) WLDAP32.dll (76F20000 - 76F4D000) mdnsNSP.dll (16080000 - 160A5000) win32spl.dll (76550000 - 76573000) NETRAP.dll (71C00000 - 71C07000) NTDSAPI.dll (76750000 - 76763000) CLBCATQ.DLL (76F90000 - 7700F000) COMRes.dll (77010000 - 770E3000) inetpp.dll (74270000 - 74285000) xpsp2res.dll (20000000 - 202D9000) PID 1552 - C:\Programme\Avira\AntiVir Desktop\sched.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) kernel32.dll (7C800000 - 7C907000) IPHLPAPI.DLL (76D20000 - 76D39000) msvcrt.dll (77BE0000 - 77C38000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) USER32.dll (77D10000 - 77DA0000) GDI32.dll (77EF0000 - 77F38000) WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) MSVCR90.dll (78520000 - 785C3000) MSVCP90.dll (78480000 - 7850E000) VERSION.dll (77BD0000 - 77BD8000) SHELL32.dll (7E670000 - 7EE90000) SHLWAPI.dll (77F40000 - 77FB6000) comctl32.dll (773A0000 - 774A2000) comctl32.dll (5D450000 - 5D4E7000) schedr.dll (10000000 - 10004000) WTSAPI32.DLL (76F10000 - 76F18000) WINSTA.dll (76300000 - 76310000) NETAPI32.dll (597D0000 - 59824000) rasapi32.dll (76EA0000 - 76EDC000) rasman.dll (76E50000 - 76E62000) TAPI32.dll (76E70000 - 76E9F000) rtutils.dll (76E40000 - 76E4E000) WINMM.dll (76AF0000 - 76B1E000) avevtlog.dll (00B90000 - 00BBE000) sqlite3.dll (00CF0000 - 00D43000) CRYPT32.dll (77A50000 - 77AE5000) MSASN1.dll (77AF0000 - 77B02000) xpsp2res.dll (20000000 - 202D9000) rsaenh.dll (0FFD0000 - 0FFF8000) userenv.dll (76620000 - 766D5000) cryptnet.dll (76580000 - 76593000) WLDAP32.dll (76F20000 - 76F4D000) WINHTTP.dll (4D5C0000 - 4D619000) SensApi.dll (72240000 - 72245000) PID 1592 - C:\WINDOWS\system32\svchost.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) kernel32.dll (7C800000 - 7C907000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) ShimEng.dll (5CF00000 - 5CF26000) AcGenral.DLL (6FD90000 - 6FF5A000) USER32.dll (77D10000 - 77DA0000) GDI32.dll (77EF0000 - 77F38000) WINMM.dll (76AF0000 - 76B1E000) ole32.dll (774B0000 - 775EC000) msvcrt.dll (77BE0000 - 77C38000) OLEAUT32.dll (770F0000 - 7717C000) MSACM32.dll (77BB0000 - 77BC5000) VERSION.dll (77BD0000 - 77BD8000) SHELL32.dll (7E670000 - 7EE90000) SHLWAPI.dll (77F40000 - 77FB6000) USERENV.dll (76620000 - 766D5000) UxTheme.dll (5AD70000 - 5ADA8000) comctl32.dll (773A0000 - 774A2000) comctl32.dll (5D450000 - 5D4E7000) NTMARTA.DLL (77660000 - 77681000) WLDAP32.dll (76F20000 - 76F4D000) SAMLIB.dll (71B70000 - 71B83000) xpsp2res.dll (20000000 - 202D9000) webclnt.dll (5AA50000 - 5AA65000) WININET.dll (77180000 - 77229000) CRYPT32.dll (77A50000 - 77AE5000) MSASN1.dll (77AF0000 - 77B02000) WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) wsock32.dll (71A30000 - 71A3A000) PID 1660 - C:\Programme\Avira\AntiVir Desktop\avguard.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) kernel32.dll (7C800000 - 7C907000) USER32.dll (77D10000 - 77DA0000) GDI32.dll (77EF0000 - 77F38000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) MSVCR90.dll (78520000 - 785C3000) MSVCP90.dll (78480000 - 7850E000) VERSION.dll (77BD0000 - 77BD8000) SHELL32.dll (7E670000 - 7EE90000) msvcrt.dll (77BE0000 - 77C38000) SHLWAPI.dll (77F40000 - 77FB6000) comctl32.dll (773A0000 - 774A2000) comctl32.dll (5D450000 - 5D4E7000) WTSAPI32.DLL (76F10000 - 76F18000) WINSTA.dll (76300000 - 76310000) NETAPI32.dll (597D0000 - 59824000) AVEvtLog.dll (10000000 - 1002E000) guardmsg.dll (00BF0000 - 00BF9000) sqlite3.dll (00C10000 - 00C63000) AVPREF.DLL (00D80000 - 00D8D000) SMTPLIB.DLL (00DA0000 - 00DAB000) WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) wintrust.dll (76BF0000 - 76C1E000) CRYPT32.dll (77A50000 - 77AE5000) MSASN1.dll (77AF0000 - 77B02000) IMAGEHLP.dll (76C50000 - 76C78000) AVGIO.DLL (01000000 - 01016000) FLTLIB.DLL (5E160000 - 5E168000) aecore.dll (01030000 - 01060000) aevdf.dll (01070000 - 0108B000) aescript.dll (013D0000 - 0150A000) aescn.dll (01510000 - 01530000) aesbx.dll (01530000 - 0156F000) aerdl.dll (01580000 - 01606000) aepack.dll (01620000 - 0168D000) unacev2.dll (016A0000 - 016EB000) aeoffice.dll (01700000 - 01733000) aeheur.dll (01750000 - 019B4000) aehelp.dll (019D0000 - 01A0D000) aegen.dll (01A20000 - 01A7D000) aeemu.dll (01A90000 - 01AF1000) aebb.dll (01B10000 - 01B1E000) avipc.dll (01CA0000 - 01CB2000) PID 1672 - C:\Programme\Bonjour\mDNSResponder.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) kernel32.dll (7C800000 - 7C907000) WS2_32.dll (71A10000 - 71A27000) msvcrt.dll (77BE0000 - 77C38000) WS2HELP.dll (71A00000 - 71A08000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) IPHLPAPI.DLL (76D20000 - 76D39000) USER32.dll (77D10000 - 77DA0000) GDI32.dll (77EF0000 - 77F38000) ole32.dll (774B0000 - 775EC000) OLEAUT32.dll (770F0000 - 7717C000) rsaenh.dll (0FFD0000 - 0FFF8000) SHELL32.dll (7E670000 - 7EE90000) SHLWAPI.dll (77F40000 - 77FB6000) comctl32.dll (773A0000 - 774A2000) comctl32.dll (5D450000 - 5D4E7000) mswsock.dll (719B0000 - 719F0000) hnetcfg.dll (66710000 - 66769000) wshtcpip.dll (719F0000 - 719F8000) MPRAPI.dll (76D00000 - 76D18000) ACTIVEDS.dll (77C90000 - 77CC3000) adsldpc.dll (76DD0000 - 76DF5000) NETAPI32.dll (597D0000 - 59824000) WLDAP32.dll (76F20000 - 76F4D000) ATL.DLL (76AD0000 - 76AE1000) rtutils.dll (76E40000 - 76E4E000) SAMLIB.dll (71B70000 - 71B83000) SETUPAPI.dll (778F0000 - 779E4000) PID 1712 - C:\Programme\Hotspot Shield\bin\openvpnas.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) kernel32.dll (7C800000 - 7C907000) libcurl.dll (6B240000 - 6B2AF000) msvcrt.dll (77BE0000 - 77C38000) wldap32.dll (76F20000 - 76F4D000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) WS2_32.DLL (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) libidn-11.dll (69540000 - 69586000) libeay32.dll (61D80000 - 61EA8000) GDI32.dll (77EF0000 - 77F38000) USER32.dll (77D10000 - 77DA0000) WSOCK32.DLL (71A30000 - 71A3A000) libssl32.dll (6B080000 - 6B0BD000) WINMM.DLL (76AF0000 - 76B1E000) IPHLPAPI.DLL (76D20000 - 76D39000) SHELL32.DLL (7E670000 - 7EE90000) SHLWAPI.dll (77F40000 - 77FB6000) comctl32.dll (773A0000 - 774A2000) comctl32.dll (5D450000 - 5D4E7000) mswsock.dll (719B0000 - 719F0000) hnetcfg.dll (66710000 - 66769000) wshtcpip.dll (719F0000 - 719F8000) USERENV.dll (76620000 - 766D5000) PID 1780 - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) kernel32.dll (7C800000 - 7C907000) WSOCK32.dll (71A30000 - 71A3A000) WS2_32.dll (71A10000 - 71A27000) msvcrt.dll (77BE0000 - 77C38000) WS2HELP.dll (71A00000 - 71A08000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) OLEAUT32.dll (770F0000 - 7717C000) USER32.dll (77D10000 - 77DA0000) GDI32.dll (77EF0000 - 77F38000) ole32.dll (774B0000 - 775EC000) WININET.dll (77180000 - 77229000) CRYPT32.dll (77A50000 - 77AE5000) MSASN1.dll (77AF0000 - 77B02000) SHLWAPI.dll (77F40000 - 77FB6000) SHELL32.dll (7E670000 - 7EE90000) comctl32.dll (773A0000 - 774A2000) comctl32.dll (5D450000 - 5D4E7000) Iphlpapi.dll (76D20000 - 76D39000) USERENV.dll (76620000 - 766D5000) mswsock.dll (719B0000 - 719F0000) hnetcfg.dll (66710000 - 66769000) wshtcpip.dll (719F0000 - 719F8000) CLBCATQ.DLL (76F90000 - 7700F000) COMRes.dll (77010000 - 770E3000) VERSION.dll (77BD0000 - 77BD8000) msxml3.dll (74900000 - 74A23000) urlmon.dll (7DF20000 - 7DFC3000) mlang.dll (75DC0000 - 75E51000) MPRAPI.dll (76D00000 - 76D18000) ACTIVEDS.dll (77C90000 - 77CC3000) adsldpc.dll (76DD0000 - 76DF5000) NETAPI32.dll (597D0000 - 59824000) WLDAP32.dll (76F20000 - 76F4D000) ATL.DLL (76AD0000 - 76AE1000) rtutils.dll (76E40000 - 76E4E000) SAMLIB.dll (71B70000 - 71B83000) SETUPAPI.dll (778F0000 - 779E4000) PID 1796 - C:\Programme\Hotspot Shield\bin\hsswd.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) kernel32.dll (7C800000 - 7C907000) WS2_32.dll (71A10000 - 71A27000) msvcrt.dll (77BE0000 - 77C38000) WS2HELP.dll (71A00000 - 71A08000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) SHELL32.dll (7E670000 - 7EE90000) GDI32.dll (77EF0000 - 77F38000) USER32.dll (77D10000 - 77DA0000) SHLWAPI.dll (77F40000 - 77FB6000) OLEAUT32.dll (770F0000 - 7717C000) ole32.dll (774B0000 - 775EC000) PSAPI.DLL (76BB0000 - 76BBB000) curllib.dll (10000000 - 10032000) SSLEAY32.dll (00340000 - 00373000) LIBEAY32.dll (61D80000 - 61EA8000) WSOCK32.DLL (71A30000 - 71A3A000) MSVCR90.dll (78520000 - 785C3000) OpenLDAP.dll (00390000 - 003AB000) libsasl.dll (003B0000 - 003C3000) comctl32.dll (773A0000 - 774A2000) comctl32.dll (5D450000 - 5D4E7000) Iphlpapi.dll (76D20000 - 76D39000) USERENV.dll (76620000 - 766D5000) mswsock.dll (719B0000 - 719F0000) hnetcfg.dll (66710000 - 66769000) wshtcpip.dll (719F0000 - 719F8000) PID 1816 - C:\Programme\FRITZ!DSL\IGDCTRL.EXE ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) kernel32.dll (7C800000 - 7C907000) avmcsock.dll (10000000 - 10043000) WSOCK32.dll (71A30000 - 71A3A000) WS2_32.dll (71A10000 - 71A27000) msvcrt.dll (77BE0000 - 77C38000) WS2HELP.dll (71A00000 - 71A08000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) MSVCR71.dll (7C340000 - 7C396000) avmigd.dll (00330000 - 00337000) upnpapicli.dll (00340000 - 0036B000) avmufc.dll (00370000 - 0037A000) MFC71.DLL (7C140000 - 7C243000) GDI32.dll (77EF0000 - 77F38000) USER32.dll (77D10000 - 77DA0000) SHLWAPI.dll (77F40000 - 77FB6000) COMCTL32.dll (773A0000 - 774A2000) igdapi.dll (00380000 - 00391000) ole32.dll (774B0000 - 775EC000) OLEAUT32.dll (770F0000 - 7717C000) MFC71DEU.DLL (5D360000 - 5D370000) CLBCATQ.DLL (76F90000 - 7700F000) COMRes.dll (77010000 - 770E3000) VERSION.dll (77BD0000 - 77BD8000) AVMCONN.DLL (01F50000 - 01F6A000) SXS.DLL (76970000 - 76A21000) avmssl.dll (020F0000 - 020F7000) SSLEAY32.dll (02100000 - 02130000) LIBEAY32.dll (02130000 - 0222B000) mswsock.dll (719B0000 - 719F0000) DNSAPI.dll (76EE0000 - 76F07000) iphlpapi.dll (76D20000 - 76D39000) winrnr.dll (76F70000 - 76F78000) WLDAP32.dll (76F20000 - 76F4D000) mdnsNSP.dll (16080000 - 160A5000) rasadhlp.dll (76F80000 - 76F86000) hnetcfg.dll (66710000 - 66769000) wshtcpip.dll (719F0000 - 719F8000) uxtheme.dll (5AD70000 - 5ADA8000) PID 1836 - C:\Programme\Java\jre6\bin\jqs.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) kernel32.dll (7C800000 - 7C907000) WS2_32.dll (71A10000 - 71A27000) msvcrt.dll (77BE0000 - 77C38000) WS2HELP.dll (71A00000 - 71A08000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) ole32.dll (774B0000 - 775EC000) GDI32.dll (77EF0000 - 77F38000) USER32.dll (77D10000 - 77DA0000) MSVCR71.dll (7C340000 - 7C396000) psapi.dll (76BB0000 - 76BBB000) pdh.dll (74C30000 - 74C87000) comdlg32.dll (76350000 - 7639A000) SHLWAPI.dll (77F40000 - 77FB6000) COMCTL32.dll (5D450000 - 5D4E7000) SHELL32.dll (7E670000 - 7EE90000) CRYPT32.dll (77A50000 - 77AE5000) MSASN1.dll (77AF0000 - 77B02000) ODBC32.dll (745D0000 - 7460D000) odbcbcp.dll (66B40000 - 66B46000) VERSION.dll (77BD0000 - 77BD8000) OLEAUT32.dll (770F0000 - 7717C000) comctl32.dll (773A0000 - 774A2000) odbcint.dll (20000000 - 20019000) mswsock.dll (719B0000 - 719F0000) hnetcfg.dll (66710000 - 66769000) wshtcpip.dll (719F0000 - 719F8000) netfxperf.dll (79FD0000 - 79FD8000) mscoree.dll (79000000 - 79046000) perfcounter.dll (640D0000 - 640E6000) MSVCR80.dll (78130000 - 781CB000) mscorwks.dll (00DF0000 - 01380000) CorperfmonExt.dll (60310000 - 60327000) aspnet_perf.dll (60080000 - 60089000) aspnet_isapi.dll (79E60000 - 79EA2000) USERENV.dll (76620000 - 766D5000) query.dll (7D9B0000 - 7DB17000) msdtcuiu.DLL (61070000 - 6109B000) ATL.DLL (76AD0000 - 76AE1000) MFC42u.DLL (727A0000 - 7289E000) MPR.dll (71A80000 - 71A92000) MSDTCPRX.dll (6DA00000 - 6DA6D000) MSVCP60.dll (76020000 - 76085000) MTXCLU.DLL (75070000 - 75083000) COMRes.dll (77010000 - 770E3000) WSOCK32.dll (71A30000 - 71A3A000) NETAPI32.dll (597D0000 - 59824000) MFC42LOC.DLL (61DC0000 - 61DCE000) CLUSAPI.DLL (76D60000 - 76D71000) RESUTILS.DLL (75030000 - 75042000) NTMARTA.DLL (77660000 - 77681000) WLDAP32.dll (76F20000 - 76F4D000) SAMLIB.dll (71B70000 - 71B83000) perfdisk.dll (5EB60000 - 5EB69000) perfnet.dll (5EB50000 - 5EB58000) perfos.dll (5EB30000 - 5EB3A000) perfproc.dll (5EB20000 - 5EB2D000) pschdprf.dll (5E5B0000 - 5E5B6000) TRAFFIC.dll (73500000 - 7350B000) iphlpapi.dll (76D20000 - 76D39000) WMI.dll (76CF0000 - 76CF4000) rsvpperf.dll (5D7C0000 - 5D7C6000) winspool.drv (72F70000 - 72F96000) tapiperf.dll (5BB60000 - 5BB65000) Perfctrs.dll (5EB70000 - 5EB7D000) MPRAPI.dll (76D00000 - 76D18000) ACTIVEDS.dll (77C90000 - 77CC3000) adsldpc.dll (76DD0000 - 76DF5000) rtutils.dll (76E40000 - 76E4E000) SETUPAPI.dll (778F0000 - 779E4000) perfts.dll (5EB10000 - 5EB16000) WINSTA.dll (76300000 - 76310000) UTILDLL.dll (5B130000 - 5B13A000) TAPI32.dll (76E70000 - 76E9F000) WINMM.dll (76AF0000 - 76B1E000) wmiaprpl.dll (59D20000 - 59D39000) loadperf.dll (72ED0000 - 72EEC000) wbemcomn.dll (75210000 - 75247000) PID 1952 - C:\Programme\Sitecom\Common\RegistryWriter.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) kernel32.dll (7C800000 - 7C907000) SETUPAPI.dll (778F0000 - 779E4000) msvcrt.dll (77BE0000 - 77C38000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) GDI32.dll (77EF0000 - 77F38000) USER32.dll (77D10000 - 77DA0000) SHLWAPI.dll (77F40000 - 77FB6000) PID 160 - C:\WINDOWS\system32\svchost.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) kernel32.dll (7C800000 - 7C907000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) ShimEng.dll (5CF00000 - 5CF26000) AcGenral.DLL (6FD90000 - 6FF5A000) USER32.dll (77D10000 - 77DA0000) GDI32.dll (77EF0000 - 77F38000) WINMM.dll (76AF0000 - 76B1E000) ole32.dll (774B0000 - 775EC000) msvcrt.dll (77BE0000 - 77C38000) OLEAUT32.dll (770F0000 - 7717C000) MSACM32.dll (77BB0000 - 77BC5000) VERSION.dll (77BD0000 - 77BD8000) SHELL32.dll (7E670000 - 7EE90000) SHLWAPI.dll (77F40000 - 77FB6000) USERENV.dll (76620000 - 766D5000) UxTheme.dll (5AD70000 - 5ADA8000) comctl32.dll (773A0000 - 774A2000) comctl32.dll (5D450000 - 5D4E7000) wiaservc.dll (75B50000 - 75BA5000) CFGMGR32.dll (74A60000 - 74A67000) setupapi.DLL (778F0000 - 779E4000) mscms.dll (73AA0000 - 73AB5000) WINSPOOL.DRV (72F70000 - 72F96000) WINSTA.dll (76300000 - 76310000) NETAPI32.dll (597D0000 - 59824000) xpsp2res.dll (20000000 - 202D9000) CLBCATQ.DLL (76F90000 - 7700F000) COMRes.dll (77010000 - 770E3000) WINTRUST.dll (76BF0000 - 76C1E000) CRYPT32.dll (77A50000 - 77AE5000) MSASN1.dll (77AF0000 - 77B02000) IMAGEHLP.dll (76C50000 - 76C78000) actxprxy.dll (71CC0000 - 71CDC000) sti.dll (73B10000 - 73B24000) PID 732 - C:\WINDOWS\System32\alg.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) kernel32.dll (7C800000 - 7C907000) msvcrt.dll (77BE0000 - 77C38000) ATL.DLL (76AD0000 - 76AE1000) USER32.dll (77D10000 - 77DA0000) GDI32.dll (77EF0000 - 77F38000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) ole32.dll (774B0000 - 775EC000) OLEAUT32.dll (770F0000 - 7717C000) WSOCK32.dll (71A30000 - 71A3A000) WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) MSWSOCK.DLL (719B0000 - 719F0000) ShimEng.dll (5CF00000 - 5CF26000) AcGenral.DLL (6FD90000 - 6FF5A000) WINMM.dll (76AF0000 - 76B1E000) MSACM32.dll (77BB0000 - 77BC5000) VERSION.dll (77BD0000 - 77BD8000) SHELL32.dll (7E670000 - 7EE90000) SHLWAPI.dll (77F40000 - 77FB6000) USERENV.dll (76620000 - 766D5000) UxTheme.dll (5AD70000 - 5ADA8000) comctl32.dll (773A0000 - 774A2000) comctl32.dll (5D450000 - 5D4E7000) CLBCATQ.DLL (76F90000 - 7700F000) COMRes.dll (77010000 - 770E3000) xpsp2res.dll (20000000 - 202D9000) hnetcfg.dll (66710000 - 66769000) wshtcpip.dll (719F0000 - 719F8000) PID 780 - C:\WINDOWS\system32\wbem\wmiprvse.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) kernel32.dll (7C800000 - 7C907000) msvcrt.dll (77BE0000 - 77C38000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) USER32.dll (77D10000 - 77DA0000) GDI32.dll (77EF0000 - 77F38000) wbemcomn.dll (75210000 - 75247000) OLEAUT32.dll (770F0000 - 7717C000) ole32.dll (774B0000 - 775EC000) FastProx.dll (75620000 - 75696000) MSVCP60.dll (76020000 - 76085000) NTDSAPI.dll (76750000 - 76763000) DNSAPI.dll (76EE0000 - 76F07000) WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) WLDAP32.dll (76F20000 - 76F4D000) NETAPI32.dll (597D0000 - 59824000) NCObjAPI.DLL (5FB60000 - 5FB6C000) ShimEng.dll (5CF00000 - 5CF26000) AcGenral.DLL (6FD90000 - 6FF5A000) WINMM.dll (76AF0000 - 76B1E000) MSACM32.dll (77BB0000 - 77BC5000) VERSION.dll (77BD0000 - 77BD8000) SHELL32.dll (7E670000 - 7EE90000) SHLWAPI.dll (77F40000 - 77FB6000) USERENV.dll (76620000 - 766D5000) UxTheme.dll (5AD70000 - 5ADA8000) comctl32.dll (773A0000 - 774A2000) comctl32.dll (5D450000 - 5D4E7000) xpsp2res.dll (20000000 - 202D9000) CLBCATQ.DLL (76F90000 - 7700F000) COMRes.dll (77010000 - 770E3000) wbemsvc.dll (74E50000 - 74E5E000) wmiutils.dll (74FA0000 - 74FBC000) esscli.dll (75290000 - 752CF000) wmiprov.dll (72E90000 - 72EB8000) WMI.dll (76CF0000 - 76CF4000) PID 3332 - C:\Programme\Avira\AntiVir Desktop\avgnt.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) kernel32.dll (7C800000 - 7C907000) mfc90u.dll (789E0000 - 78D81000) MSVCR90.dll (78520000 - 785C3000) USER32.dll (77D10000 - 77DA0000) GDI32.dll (77EF0000 - 77F38000) SHLWAPI.dll (77F40000 - 77FB6000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) msvcrt.dll (77BE0000 - 77C38000) COMCTL32.dll (773A0000 - 774A2000) MSIMG32.dll (76320000 - 76325000) SHELL32.dll (7E670000 - 7EE90000) cclib.dll (10000000 - 10038000) VERSION.dll (77BD0000 - 77BD8000) MSVCP90.dll (78480000 - 7850E000) UxTheme.dll (5AD70000 - 5ADA8000) MFC90DEU.DLL (5D360000 - 5D36F000) ccgen.dll (00AF0000 - 00B60000) ole32.dll (774B0000 - 775EC000) ccgenrc.dll (00B60000 - 00B69000) ccguard.dll (00B80000 - 00BBA000) ccgrdrc.dll (00BE0000 - 00BE8000) avipc.dll (00C00000 - 00C12000) ccupdate.dll (00C30000 - 00C5C000) ccupdrc.dll (00C80000 - 00C86000) cclic.dll (00CA0000 - 00CB1000) cclicrc.dll (00CE0000 - 00CE3000) ccmsg.dll (00D20000 - 00D4D000) wtsapi32.dll (76F10000 - 76F18000) WINSTA.dll (76300000 - 76310000) NETAPI32.dll (597D0000 - 59824000) PID 3356 - C:\Programme\Java\jre6\bin\jusched.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) kernel32.dll (7C800000 - 7C907000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) GDI32.dll (77EF0000 - 77F38000) USER32.dll (77D10000 - 77DA0000) WININET.dll (77180000 - 77229000) CRYPT32.dll (77A50000 - 77AE5000) msvcrt.dll (77BE0000 - 77C38000) MSASN1.dll (77AF0000 - 77B02000) OLEAUT32.dll (770F0000 - 7717C000) ole32.dll (774B0000 - 775EC000) SHLWAPI.dll (77F40000 - 77FB6000) SHELL32.dll (7E670000 - 7EE90000) comctl32.dll (773A0000 - 774A2000) comctl32.dll (5D450000 - 5D4E7000) uxtheme.dll (5AD70000 - 5ADA8000) PID 3372 - C:\Programme\Windows Live\Messenger\msnmsgr.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) kernel32.dll (7C800000 - 7C907000) The code of CreateEventA at 7C8308C9 (0) got patched. Here is the diff: Address New-Original 7C8308C9: E9 - 8B 7C8308CA: 82 - FF 7C8308CB: 0F - 55 7C8308CC: 7D - 8B 7C8308CD: AB - EC --> JMP DWORD PTR DS:[28001850] Patched by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of FindResourceA at 7C80BE99 (0) got patched. Here is the diff: Address New-Original 7C80BE99: E9 - 6A 7C80BE9A: 62 - 20 7C80BE9B: 5E - 68 --> JMP DWORD PTR DS:[28001D00] Patched by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of FindResourceExA at 7C835FC0 (0) got patched. Here is the diff: Address New-Original 7C835FC0: E9 - 6A 7C835FC1: CB - 20 7C835FC2: BD - 68 --> JMP DWORD PTR DS:[28001D90] Patched by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of FindResourceExW at 7C80AC98 (0) got patched. Here is the diff: Address New-Original 7C80AC98: E9 - 6A 7C80AC99: D3 - 20 7C80AC9A: 6F - 68 --> JMP DWORD PTR DS:[28001C70] Patched by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of FindResourceW at 7C80BBDE (0) got patched. Here is the diff: Address New-Original 7C80BBDE: E9 - 6A 7C80BBDF: 0D - 20 7C80BBE0: 60 - 68 --> JMP DWORD PTR DS:[28001BF0] Patched by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadResource at 7C809FC5 (0) got patched. Here is the diff: Address New-Original 7C809FC5: E9 - 6A 7C809FC6: 66 - 14 7C809FC7: 7E - 68 --> JMP DWORD PTR DS:[28001E30] Patched by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LockResource at 7C80CCA7 (0) got patched. Here is the diff: Address New-Original 7C80CCA7: E9 - 8B 7C80CCA8: B4 - FF 7C80CCA9: 52 - 55 7C80CCAA: 7F - 8B 7C80CCAB: AB - EC --> JMP DWORD PTR DS:[28001F60] Patched by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of SetHandleCount at 7C80CCA7 (0) got patched. Here is the diff: Address New-Original 7C80CCA7: E9 - 8B 7C80CCA8: B4 - FF 7C80CCA9: 52 - 55 7C80CCAA: 7F - 8B 7C80CCAB: AB - EC --> JMP DWORD PTR DS:[28001F60] Patched by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of SizeofResource at 7C80BC79 (0) got patched. Here is the diff: Address New-Original 7C80BC79: E9 - 6A 7C80BC7A: 72 - 14 7C80BC7B: 62 - 68 --> JMP DWORD PTR DS:[28001EF0] Patched by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ADVAPI32.dll (77DA0000 - 77E4A000) The code of CryptDecrypt at 77DBA2D1 (0) got patched. Here is the diff: Address New-Original 77DBA2D1: E9 - 6A 77DBA2D2: 8A - 24 77DBA2D3: 6D - 68 --> JMP DWORD PTR DS:[28001060] Patched by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CryptDeriveKey at 77DBA1A5 (0) got patched. Here is the diff: Address New-Original 77DBA1A5: E9 - 6A 77DBA1A6: 56 - 30 77DBA1A7: 6E - 68 --> JMP DWORD PTR DS:[28001000] Patched by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) GDI32.dll (77EF0000 - 77F38000) USER32.dll (77D10000 - 77DA0000) The code of CreateDialogParamW at 77D3629F (0) got patched. Here is the diff: Address New-Original 77D3629F: E9 - 8B 77D362A0: 6C - FF 77D362A1: FE - 55 77D362A2: 2C - 8B 77D362A3: B0 - EC --> JMP DWORD PTR DS:[28006110] Patched by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateWindowExW at 77D21AD5 (0) got patched. Here is the diff: Address New-Original 77D21AD5: E9 - 8B 77D21AD6: 06 - FF 77D21AD7: 22 - 55 77D21AD8: 2E - 8B 77D21AD9: B0 - EC --> JMP DWORD PTR DS:[28003CE0] Patched by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetWindowLongW at 77D1887E (0) got patched. Here is the diff: Address New-Original 77D1887E: E9 - 6A 77D1887F: 6D - 08 77D18880: E2 - 68 --> JMP DWORD PTR DS:[28006AF0] Patched by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadIconW at 77D22174 (0) got patched. Here is the diff: Address New-Original 77D22174: E9 - 8B 77D22175: D7 - FF 77D22176: 47 - 55 77D22177: 2E - 8B 77D22178: B0 - EC --> JMP DWORD PTR DS:[28006950] Patched by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadImageW at 77D242A4 (0) got patched. Here is the diff: Address New-Original 77D242A4: E9 - 8B 77D242A5: B7 - FF 77D242A6: 24 - 55 77D242A7: 2E - 8B 77D242A8: B0 - EC --> JMP DWORD PTR DS:[28006760] Patched by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MessageBoxIndirectW at 77D660B7 (0) got patched. Here is the diff: Address New-Original 77D660B7: E9 - 8B 77D660B8: 44 - FF 77D660B9: 02 - 55 77D660BA: 2A - 8B 77D660BB: B0 - EC --> JMP DWORD PTR DS:[28006300] Patched by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of PeekMessageW at 77D19278 (0) got patched. Here is the diff: Address New-Original 77D19278: E9 - 8B 77D19279: 33 - FF 77D1927A: B4 - 55 77D1927B: 2E - 8B 77D1927C: B0 - EC --> JMP DWORD PTR DS:[280046B0] Patched by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of SetWindowPlacement at 77D3FBEA (0) got patched. Here is the diff: Address New-Original 77D3FBEA: E9 - B8 77D3FBEB: A1 - 21 77D3FBEC: 62 - 12 77D3FBED: 2C - 00 77D3FBEE: B0 - 00 --> JMP DWORD PTR DS:[28005E90] Patched by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of SetWindowRgn at 77D21DE0 (0) got patched. Here is the diff: Address New-Original 77D21DE0: E9 - 6A 77D21DE1: EB - 10 77D21DE2: 41 - 68 --> JMP DWORD PTR DS:[28005FD0] Patched by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of TrackPopupMenuEx at 77D6CAFE (0) got patched. Here is the diff: Address New-Original 77D6CAFE: E9 - B8 77D6CAFF: 8D - 35 77D6CB00: 84 - 12 77D6CB01: 29 - 00 77D6CB02: B0 - 00 --> JMP DWORD PTR DS:[28004F90] Patched by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: MSVCR80.dll (78130000 - 781CB000) msvcrt.dll (77BE0000 - 77C38000) WSOCK32.dll (71A30000 - 71A3A000) PresenceIM.dlOrdinal 019 --[HOOKED]-- @2800B440 by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: PresenceIM.dlOrdinal 016 --[HOOKED]-- @2800B080 by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: PresenceIM.dlOrdinal 003 --[HOOKED]-- @2800B860 by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) NETAPI32.dll (597D0000 - 59824000) SHELL32.dll (7E670000 - 7EE90000) The code of Shell_NotifyIconW at 7E6D1BEA (0) got patched. Here is the diff: Address New-Original 7E6D1BEA: E9 - 8B 7E6D1BEB: 41 - FF 7E6D1BEC: 18 - 55 7E6D1BED: 93 - 8B 7E6D1BEE: A9 - EC --> JMP DWORD PTR DS:[28003430] Patched by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: SHLWAPI.dll (77F40000 - 77FB6000) ole32.dll (774B0000 - 775EC000) The code of CoCreateInstance at 774F6009 (0) got patched. Here is the diff: Address New-Original 774F6009: E9 - 8B 774F600A: 02 - FF 774F600B: C6 - 55 774F600C: B0 - 8B 774F600D: B0 - EC --> JMP DWORD PTR DS:[28002610] Patched by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CoInitializeEx at 774C42F3 (0) got patched. Here is the diff: Address New-Original 774C42F3: E9 - 8B 774C42F4: 78 - FF 774C42F5: DF - 55 774C42F6: B3 - 8B 774C42F7: B0 - EC --> JMP DWORD PTR DS:[28002270] Patched by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CoRegisterClassObject at 77511BFC (0) got patched. Here is the diff: Address New-Original 77511BFC: E9 - 8B 77511BFD: 6F - FF 77511BFE: 07 - 55 77511BFF: AF - 8B 77511C00: B0 - EC --> JMP DWORD PTR DS:[28002370] Patched by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: OLEAUT32.dll (770F0000 - 7717C000) gdiplus.dll (4EBA0000 - 4ED4B000) UXCore.dll (70300000 - 70554000) The code of ?IsCompositionEnabled@@YGJPA_N@Z at 703BC3F9 (0) got patched. Here is the diff: Address New-Original 703BC3F9: E9 - 8B 703BC3FA: A2 - FF 703BC3FB: D2 - 55 703BC3FC: C4 - 8B 703BC3FD: B7 - EC --> JMP DWORD PTR DS:[280096A0] Patched by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ?UpdateFrame@UXFramelessManager@@QAEJ_N@Z at 7033DFF6 (0) got patched. Here is the diff: Address New-Original 7033DFF6: E9 - 8B 7033DFF7: 95 - FF 7033DFF8: B7 - 55 7033DFF9: CC - 8B 7033DFFA: B7 - EC --> JMP DWORD PTR DS:[28009790] Patched by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ?_FireClickEvent@DirectUI@@YGXPAVButton@1@PBUtagClickInfo@1@@Z at 703549C4 (0) got patched. Here is the diff: Address New-Original 703549C4: E9 - 8B 703549C5: B7 - FF 703549C6: 49 - 55 703549C7: CB - 8B 703549C8: B7 - EC --> JMP DWORD PTR DS:[28009380] Patched by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: comdlg32.dll (76350000 - 7639A000) The code of ChooseFontW at 7636C4A9 (0) got patched. Here is the diff: Address New-Original 7636C4A9: E9 - 8B 7636C4AA: C2 - FF 7636C4AB: 4D - 55 7636C4AC: C9 - 8B 7636C4AD: B1 - EC --> JMP DWORD PTR DS:[28001270] Patched by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetOpenFileNameW at 76367C65 (0) got patched. Here is the diff: Address New-Original 76367C65: E9 - 8B 76367C66: 26 - FF 76367C67: 97 - 55 76367C68: C9 - 8B 76367C69: B1 - EC --> JMP DWORD PTR DS:[28001390] Patched by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: COMCTL32.dll (773A0000 - 774A2000) MSIMG32.dll (26000000 - 26011000) IMM32.dll (76330000 - 7634D000) SETUPAPI.dll (778F0000 - 779E4000) WLDCore.dll (70A00000 - 70A0E000) USP10.dll (75790000 - 757FB000) CRYPT32.dll (77A50000 - 77AE5000) MSASN1.dll (77AF0000 - 77B02000) WINTRUST.dll (76BF0000 - 76C1E000) IMAGEHLP.dll (76C50000 - 76C78000) VERSION.dll (77BD0000 - 77BD8000) WINMM.dll (76AF0000 - 76B1E000) WININET.dll (77180000 - 77229000) The code of HttpOpenRequestA at 77193674 (0) got patched. Here is the diff: Address New-Original 77193674: E9 - 8B 77193675: D7 - FF 77193676: 68 - 55 77193677: E7 - 8B 77193678: B0 - EC --> JMP DWORD PTR DS:[28009F50] Patched by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of HttpSendRequestA at 771960C9 (0) got patched. Here is the diff: Address New-Original 771960C9: E9 - 8B 771960CA: F2 - FF 771960CB: 40 - 55 771960CC: E7 - 8B 771960CD: B0 - EC --> JMP DWORD PTR DS:[2800A1C0] Patched by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of InternetCloseHandle at 77194D3C (0) got patched. Here is the diff: Address New-Original 77194D3C: E9 - 8B 77194D3D: 4F - FF 77194D3F: E7 - 8B 77194D40: B0 - EC --> JMP DWORD PTR DS:[2800A290] Patched by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of InternetReadFile at 7719827C (0) got patched. Here is the diff: Address New-Original 7719827C: E9 - 8B 7719827D: 5F - FF 7719827E: 1E - 55 7719827F: E7 - 8B 77198280: B0 - EC --> JMP DWORD PTR DS:[2800A0E0] Patched by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: iphlpapi.dll (76D20000 - 76D39000) UxTheme.dll (5AD70000 - 5ADA8000) MSACM32.dll (77BB0000 - 77BC5000) msidcrl40.dll (27500000 - 2761A000) OLEACC.dll (74C00000 - 74C2C000) MSVCP60.dll (76020000 - 76085000) SensApi.dll (72240000 - 72245000) PSAPI.DLL (76BB0000 - 76BBB000) wldlog.dll (5FC00000 - 5FC0B000) uxcontacts.dll (70C00000 - 70C86000) UXCalendar.dll (70F00000 - 70F1B000) LiveNatTrav.dll (5F500000 - 5F53A000) LiveTransport.dll (5F300000 - 5F38A000) CRYPTNET.dll (76580000 - 76593000) WLDAP32.dll (76F20000 - 76F4D000) WINHTTP.dll (4D5C0000 - 4D619000) USERENV.dll (76620000 - 766D5000) PresenceIM.dll (5F100000 - 5F16C000) MsImg32.dll (76320000 - 76325000) MsgPlusLive.dll (28000000 - 28379000) WTSAPI32.dll (76F10000 - 76F18000) WINSTA.dll (76300000 - 76310000) Detoured.dll (0F000000 - 0F006000) rsaenh.dll (0FFD0000 - 0FFF8000) NTMARTA.DLL (77660000 - 77681000) SAMLIB.dll (71B70000 - 71B83000) msgslang.14.0.8089.0726.dll(59300000 - 5935C000) msgsres.dll (60400000 - 60EE1000) [-] Unable to load module C:\Programme\Windows Live\Messenger\msgsres.dll for checking Riched20.dll (74DB0000 - 74E1C000) The code of CreateTextServices at 74DFD3BE (0) got patched. Here is the diff: Address New-Original 74DFD3BE: E9 - 8B 74DFD3BF: 4D - FF 74DFD3C1: 20 - 8B 74DFD3C2: B3 - EC --> JMP DWORD PTR DS:[28002910] Patched by C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\Messenger Plus! Live\MsgPlusLive.dll!WindowDataTransform+0xD7FB0360: Base address: 28000000 Size: 00379000 Flags: 80084004 Load count: 1 Name: Messenger Plus! Live Prod. Version: 4, 83, 0, 372 Company: Yuna Software File Version: 4, 83, 0, 372 Description: Messenger Plus! Live Add-On Location: C:\Programme\Messenger Plus! Live\MsgPlusLive.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: CLBCATQ.DLL (76F90000 - 7700F000) COMRes.dll (77010000 - 770E3000) msxml3.dll (74900000 - 74A23000) MsgPlusLiveRes.dll (29000000 - 291CA000) xpsp2res.dll (20000000 - 202D9000) inetcomm.dll (75C90000 - 75D3B000) MSOERT2.dll (76830000 - 76852000) inetres.dll (01B10000 - 01B1F000) sqmapi.dll (6CD00000 - 6CD24000) es.dll (776E0000 - 77724000) urlmon.dll (7DF20000 - 7DFC3000) vvpltfrm.dll (5B200000 - 5B26D000) DSOUND.dll (73E70000 - 73ECC000) uccapi.dll (23780000 - 23C1F000) MSVCR90.dll (78520000 - 785C3000) MSVCP90.dll (78480000 - 7850E000) RTMPLTFM.dll (24780000 - 24D87000) wdmaud.drv (72C90000 - 72C99000) msacm32.drv (72C80000 - 72C88000) midimap.dll (77BA0000 - 77BA7000) devenum.dll (765F0000 - 76601000) msdmo.dll (73620000 - 73627000) quartz.dll (74790000 - 748FE000) DDRAW.dll (736D0000 - 73719000) DCIMAN32.dll (73B30000 - 73B36000) D3DIM700.DLL (738B0000 - 73980000) hid.dll (68D90000 - 68D99000) dnsapi.dll (76EE0000 - 76F07000) mswsock.dll (719B0000 - 719F0000) hnetcfg.dll (66710000 - 66769000) wshtcpip.dll (719F0000 - 719F8000) schannel.dll (767A0000 - 767CD000) msgswcam.dll (5B600000 - 5B66E000) sirenacm.dll (02D30000 - 02D43000) SXS.DLL (76970000 - 76A21000) msi.dll (02E20000 - 030E6000) PID 1328 - C:\WINDOWS\system32\wuauclt.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) kernel32.dll (7C800000 - 7C907000) msvcrt.dll (77BE0000 - 77C38000) ole32.dll (774B0000 - 775EC000) GDI32.dll (77EF0000 - 77F38000) USER32.dll (77D10000 - 77DA0000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) OLEAUT32.dll (770F0000 - 7717C000) SHLWAPI.dll (77F40000 - 77FB6000) ShimEng.dll (5CF00000 - 5CF26000) AcGenral.DLL (6FD90000 - 6FF5A000) WINMM.dll (76AF0000 - 76B1E000) MSACM32.dll (77BB0000 - 77BC5000) VERSION.dll (77BD0000 - 77BD8000) SHELL32.dll (7E670000 - 7EE90000) USERENV.dll (76620000 - 766D5000) UxTheme.dll (5AD70000 - 5ADA8000) comctl32.dll (773A0000 - 774A2000) wucltui.dll (507E0000 - 50832000) MSIMG32.dll (76320000 - 76325000) Cabinet.dll (750D0000 - 750E4000) CRYPT32.dll (77A50000 - 77AE5000) MSASN1.dll (77AF0000 - 77B02000) WINTRUST.dll (76BF0000 - 76C1E000) IMAGEHLP.dll (76C50000 - 76C78000) CLBCATQ.DLL (76F90000 - 7700F000) COMRes.dll (77010000 - 770E3000) xpsp2res.dll (20000000 - 202D9000) wups2.dll (50F00000 - 50F0D000) wuaucpl.cpl (508E0000 - 50917000) mucltui.dll (509E0000 - 50A25000) PID 3648 - C:\Programme\Hotspot Shield\bin\openvpntray.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) kernel32.dll (7C800000 - 7C907000) WININET.DLL (77180000 - 77229000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) CRYPT32.dll (77A50000 - 77AE5000) msvcrt.dll (77BE0000 - 77C38000) USER32.dll (77D10000 - 77DA0000) GDI32.dll (77EF0000 - 77F38000) MSASN1.dll (77AF0000 - 77B02000) OLEAUT32.dll (770F0000 - 7717C000) ole32.dll (774B0000 - 775EC000) SHLWAPI.dll (77F40000 - 77FB6000) IPHLPAPI.DLL (76D20000 - 76D39000) WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) SHELL32.DLL (7E670000 - 7EE90000) comctl32.dll (773A0000 - 774A2000) comctl32.dll (5D450000 - 5D4E7000) USERENV.dll (76620000 - 766D5000) gui-eng.dll (10000000 - 10003000) uxtheme.dll (5AD70000 - 5ADA8000) wsock32.dll (71A30000 - 71A3A000) RASAPI32.DLL (76EA0000 - 76EDC000) rasman.dll (76E50000 - 76E62000) NETAPI32.dll (597D0000 - 59824000) TAPI32.dll (76E70000 - 76E9F000) rtutils.dll (76E40000 - 76E4E000) WINMM.dll (76AF0000 - 76B1E000) msv1_0.dll (77C40000 - 77C64000) cryptdll.dll (76740000 - 7674C000) sensapi.dll (72240000 - 72245000) urlmon.dll (7DF20000 - 7DFC3000) VERSION.dll (77BD0000 - 77BD8000) mswsock.dll (719B0000 - 719F0000) hnetcfg.dll (66710000 - 66769000) wshtcpip.dll (719F0000 - 719F8000) PID 3772 - C:\WINDOWS\explorer.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) kernel32.dll (7C800000 - 7C907000) msvcrt.dll (77BE0000 - 77C38000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) GDI32.dll (77EF0000 - 77F38000) USER32.dll (77D10000 - 77DA0000) SHLWAPI.dll (77F40000 - 77FB6000) SHELL32.dll (7E670000 - 7EE90000) ole32.dll (774B0000 - 775EC000) OLEAUT32.dll (770F0000 - 7717C000) BROWSEUI.dll (75F20000 - 7601D000) SHDOCVW.dll (7E1E0000 - 7E352000) CRYPT32.dll (77A50000 - 77AE5000) MSASN1.dll (77AF0000 - 77B02000) CRYPTUI.dll (76880000 - 76905000) WINTRUST.dll (76BF0000 - 76C1E000) IMAGEHLP.dll (76C50000 - 76C78000) NETAPI32.dll (597D0000 - 59824000) WININET.dll (77180000 - 77229000) WLDAP32.dll (76F20000 - 76F4D000) VERSION.dll (77BD0000 - 77BD8000) UxTheme.dll (5AD70000 - 5ADA8000) ShimEng.dll (5CF00000 - 5CF26000) AcGenral.DLL (6FD90000 - 6FF5A000) WINMM.dll (76AF0000 - 76B1E000) MSACM32.dll (77BB0000 - 77BC5000) USERENV.dll (76620000 - 766D5000) comctl32.dll (773A0000 - 774A2000) comctl32.dll (5D450000 - 5D4E7000) appHelp.dll (77B10000 - 77B32000) CLBCATQ.DLL (76F90000 - 7700F000) COMRes.dll (77010000 - 770E3000) cscui.dll (779F0000 - 77A46000) CSCDLL.dll (765A0000 - 765BD000) themeui.dll (5B9B0000 - 5BA22000) MSIMG32.dll (76320000 - 76325000) xpsp2res.dll (20000000 - 202D9000) msutb.dll (60010000 - 60043000) MSCTF.dll (746A0000 - 746EB000) LINKINFO.dll (76930000 - 76938000) ntshrui.dll (76940000 - 76966000) ATL.DLL (76AD0000 - 76AE1000) SAMLIB.dll (71B70000 - 71B83000) msi.dll (014D0000 - 01796000) SETUPAPI.dll (778F0000 - 779E4000) NETSHELL.dll (763A0000 - 7654B000) rtutils.dll (76E40000 - 76E4E000) credui.dll (76BC0000 - 76BEF000) WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) iphlpapi.dll (76D20000 - 76D39000) WINSTA.dll (76300000 - 76310000) webcheck.dll (74AB0000 - 74AF8000) WSOCK32.dll (71A30000 - 71A3A000) stobject.dll (765C0000 - 765E1000) BatMeter.dll (74A70000 - 74A7A000) POWRPROF.dll (74A50000 - 74A58000) WTSAPI32.dll (76F10000 - 76F18000) WPDShServiceObj.dll (164A0000 - 164C3000) WINHTTP.dll (4D5C0000 - 4D619000) mydocs.dll (723A0000 - 723BA000) PortableDeviceTypes.dll(109C0000 - 109EC000) PortableDeviceApi.dll(10930000 - 10979000) wdmaud.drv (72C90000 - 72C99000) msacm32.drv (72C80000 - 72C88000) midimap.dll (77BA0000 - 77BA7000) MPR.dll (71A80000 - 71A92000) AdobeDriveCS4_NP.dll(10000000 - 10013000) drprov.dll (75F00000 - 75F07000) ntlanman.dll (71B90000 - 71B9E000) NETUI0.dll (71C50000 - 71C67000) NETUI1.dll (71C10000 - 71C50000) NETRAP.dll (71C00000 - 71C07000) davclnt.dll (75F10000 - 75F19000) WZCSAPI.DLL (72FA0000 - 72FB0000) urlmon.dll (7DF20000 - 7DFC3000) rsaenh.dll (0FFD0000 - 0FFF8000) comdlg32.dll (76350000 - 7639A000) rarext.dll (00E50000 - 00E7E000) shlext.dll (023A0000 - 023EC000) WINSPOOL.DRV (72F70000 - 72F96000) mbamext.dll (01AC0000 - 01AD8000) ShellExt.dll (024F0000 - 02508000) MSVCP90.dll (78480000 - 7850E000) MSVCR90.dll (78520000 - 785C3000) ATL90.DLL (78E20000 - 78E4B000) PSAPI.DLL (76BB0000 - 76BBB000) browselc.dll (02570000 - 02583000) SDHelper.dll (025E0000 - 027B6000) faultrep.dll (69900000 - 69916000) olepro32.dll (5F1A0000 - 5F1B7000) jsproxy.dll (65F40000 - 65F47000) MSGINA.dll (75910000 - 75A09000) ODBC32.dll (745D0000 - 7460D000) odbcint.dll (02D10000 - 02D29000) DUSER.dll (6C670000 - 6C6BD000) sti.dll (73B10000 - 73B24000) CFGMGR32.dll (74A60000 - 74A67000) MLANG.dll (75DC0000 - 75E51000) shdoclc.dll (03070000 - 030FE000) PDFShell.DEU (03020000 - 0306C000) wzcdlg.dll (4F4A0000 - 4F4FF000) shlxthdl.dll (5EE60000 - 5EEBF000) gdiplus.dll (4EBA0000 - 4ED4B000) stlport_vc7145.dll (5E470000 - 5E507000) PDFShell.dll (03480000 - 034DB000) MSVCR80.dll (78130000 - 781CB000) mscms.dll (73AA0000 - 73AB5000) MSVFW32.dll (75EC0000 - 75EE1000) qedit.dll (66B80000 - 66C0C000) quartz.dll (74790000 - 748FE000) devenum.dll (765F0000 - 76601000) msdmo.dll (73620000 - 73627000) VSFilter.dll (03C20000 - 03D18000) AviSplitter.ax (03D20000 - 03D81000) oggsplitter.ax (03540000 - 0358B000) wmpasf.dll (133D0000 - 1340F000) dxmasf.dll (6C410000 - 6C48E000) DRMClien.DLL (03D90000 - 03DDF000) DivXMedia.ax (03B90000 - 03BE6000) MSVCP60.dll (76020000 - 76085000) mpg2splt.ax (58340000 - 58367000) RealMediaSplitter.ax(03EA0000 - 03F0E000) msxml5.dll (78800000 - 7895C000) MatroskaSplitter.ax (04650000 - 046C1000) BIB.dll (038E0000 - 0392A000) VersionCue.DLL (61800000 - 6195B000) SXS.DLL (76970000 - 76A21000) PID 2592 - C:\Programme\Sitecom\Common\RaUI.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) kernel32.dll (7C800000 - 7C907000) NETAPI32.dll (597D0000 - 59824000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) msvcrt.dll (77BE0000 - 77C38000) WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) CRYPT32.dll (77A50000 - 77AE5000) USER32.dll (77D10000 - 77DA0000) GDI32.dll (77EF0000 - 77F38000) MSASN1.dll (77AF0000 - 77B02000) acAuth.dll (10000000 - 10122000) SETUPAPI.dll (778F0000 - 779E4000) iphlpapi.dll (76D20000 - 76D39000) ole32.dll (774B0000 - 775EC000) SHLWAPI.dll (77F40000 - 77FB6000) VERSION.dll (77BD0000 - 77BD8000) comdlg32.dll (76350000 - 7639A000) COMCTL32.dll (5D450000 - 5D4E7000) SHELL32.dll (7E670000 - 7EE90000) WINSPOOL.DRV (72F70000 - 72F96000) oledlg.dll (74CB0000 - 74CD1000) OLEAUT32.dll (770F0000 - 7717C000) WINMM.dll (76AF0000 - 76B1E000) comctl32.dll (773A0000 - 774A2000) uxtheme.dll (5AD70000 - 5ADA8000) WINTRUST.dll (76BF0000 - 76C1E000) IMAGEHLP.dll (76C50000 - 76C78000) xpsp2res.dll (20000000 - 202D9000) CLBCATQ.DLL (76F90000 - 7700F000) COMRes.dll (77010000 - 770E3000) wbemprox.dll (74E70000 - 74E78000) wbemcomn.dll (75210000 - 75247000) wbemsvc.dll (74E50000 - 74E5E000) fastprox.dll (75620000 - 75696000) MSVCP60.dll (76020000 - 76085000) NTDSAPI.dll (76750000 - 76763000) DNSAPI.dll (76EE0000 - 76F07000) WLDAP32.dll (76F20000 - 76F4D000) rsaenh.dll (0FFD0000 - 0FFF8000) DHCPCSVC.DLL (76D40000 - 76D5E000) PID 244 - C:\WINDOWS\System32\svchost.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) kernel32.dll (7C800000 - 7C907000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) ShimEng.dll (5CF00000 - 5CF26000) AcGenral.DLL (6FD90000 - 6FF5A000) USER32.dll (77D10000 - 77DA0000) GDI32.dll (77EF0000 - 77F38000) WINMM.dll (76AF0000 - 76B1E000) ole32.dll (774B0000 - 775EC000) msvcrt.dll (77BE0000 - 77C38000) OLEAUT32.dll (770F0000 - 7717C000) MSACM32.dll (77BB0000 - 77BC5000) VERSION.dll (77BD0000 - 77BD8000) SHELL32.dll (7E670000 - 7EE90000) SHLWAPI.dll (77F40000 - 77FB6000) USERENV.dll (76620000 - 766D5000) UxTheme.dll (5AD70000 - 5ADA8000) comctl32.dll (773A0000 - 774A2000) comctl32.dll (5D450000 - 5D4E7000) NTMARTA.DLL (77660000 - 77681000) WLDAP32.dll (76F20000 - 76F4D000) SAMLIB.dll (71B70000 - 71B83000) xpsp2res.dll (20000000 - 202D9000) w3ssl.dll (5AE00000 - 5AE07000) strmfilt.dll (66E40000 - 66E56000) CRYPT32.dll (77A50000 - 77AE5000) MSASN1.dll (77AF0000 - 77B02000) HTTPAPI.dll (67A10000 - 67A1A000) WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) PID 3908 - C:\WINDOWS\system32\wscntfy.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) kernel32.dll (7C800000 - 7C907000) msvcrt.dll (77BE0000 - 77C38000) USER32.dll (77D10000 - 77DA0000) GDI32.dll (77EF0000 - 77F38000) SHELL32.dll (7E670000 - 7EE90000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) SHLWAPI.dll (77F40000 - 77FB6000) comctl32.dll (773A0000 - 774A2000) xpsp2res.dll (20000000 - 202D9000) uxtheme.dll (5AD70000 - 5ADA8000) PID 672 - E:\mp3player\radix_installer\radixgui.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) kernel32.dll (7C800000 - 7C907000) USER32.dll (77D10000 - 77DA0000) GDI32.dll (77EF0000 - 77F38000) comdlg32.dll (76350000 - 7639A000) SHLWAPI.dll (77F40000 - 77FB6000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) msvcrt.dll (77BE0000 - 77C38000) COMCTL32.dll (5D450000 - 5D4E7000) SHELL32.dll (7E670000 - 7EE90000) ole32.dll (774B0000 - 775EC000) VERSION.dll (77BD0000 - 77BD8000) dbghelp.dll (59DD0000 - 59E71000) comctl32.dll (773A0000 - 774A2000) wintrust.dll (76BF0000 - 76C1E000) CRYPT32.dll (77A50000 - 77AE5000) MSASN1.dll (77AF0000 - 77B02000) IMAGEHLP.dll (76C50000 - 76C78000) NTMARTA.DLL (77660000 - 77681000) WLDAP32.dll (76F20000 - 76F4D000) SAMLIB.dll (71B70000 - 71B83000) uxtheme.dll (5AD70000 - 5ADA8000) xpsp2res.dll (20000000 - 202D9000) rsaenh.dll (0FFD0000 - 0FFF8000) userenv.dll (76620000 - 766D5000) netapi32.dll (597D0000 - 59824000) cryptnet.dll (76580000 - 76593000) WINHTTP.dll (4D5C0000 - 4D619000) SensApi.dll (72240000 - 72245000) ---- Check ended at 2.4.2010 18:18:15 ----