Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
1. Ich habe mir go.mail.ru eingefangen. IE startet gar nicht mehr und in Chrome werden alle URLs umgeleitet. Außerdem ist der Rechner langsamer.
2. Temporäre Dateien habe ich mit der Datenträgerbereinigung beseitigt.
3. Malwarebytes update, scan und reinigung durchgeführt (log anbei).
4. Gmer report anbei
5. Hijackthis log anbei
6. Unsinstall list anbei
Danke und LG
Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 23.09.18
Scan-Zeit: 18:15
Protokolldatei: e2ac7c68-bf4b-11e8-83ff-00ffb001a90a.json
-Softwaredaten-
Version: 3.6.1.2711
Komponentenversion: 1.0.463
Version des Aktualisierungspakets: 1.0.6973
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: AD005\atw11ge1
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 460572
Erkannte Bedrohungen: 103
In die Quarantäne verschobene Bedrohungen: 103
Abgelaufene Zeit: 20 Min., 32 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 18
RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\cmd.exe, In Quarantäne, [6479], [250074],1.0.6973
PUP.Optional.InstallCore, HKU\S-1-5-21-1454471165-527237240-682003330-72982\SOFTWARE\InstallCore, Löschen bei Neustart, [402], [239563],1.0.6973
PUP.Optional.MailRu, HKU\S-1-5-21-462691900-2967613020-3702357964-577120\SOFTWARE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\ru.mail.go.ext_info_host, In Quarantäne, [240], [485554],1.0.6973
Adware.SmartApplicationController.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\CheckControllerUpdatesUA, In Quarantäne, [5493], [470279],1.0.6973
Adware.SmartApplicationController.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D3CCF36E-96BA-4687-8062-EDCFA2A2C0C8}, In Quarantäne, [5493], [470279],1.0.6973
Adware.SmartApplicationController.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{D3CCF36E-96BA-4687-8062-EDCFA2A2C0C8}, In Quarantäne, [5493], [470279],1.0.6973
Adware.SmartApplicationController.TskLnk, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A6AE177E-D46B-4463-AA69-B9F818E0DC4A}_is1, In Quarantäne, [5493], [470279],1.0.6973
Adware.SmartApplicationController.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CheckControllerUpdatesUA, In Quarantäne, [5493], [-1],0.0.0
Adware.SmartApplicationController.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3CCF36E-96BA-4687-8062-EDCFA2A2C0C8}, In Quarantäne, [5493], [-1],0.0.0
Adware.SmartApplicationController.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D3CCF36E-96BA-4687-8062-EDCFA2A2C0C8}, In Quarantäne, [5493], [-1],0.0.0
PUP.Optional.MailRu, HKU\S-1-5-21-1454471165-527237240-682003330-72982\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}, Löschen bei Neustart, [240], [382913],1.0.6973
PUP.Optional.MailRu, HKU\S-1-5-21-462691900-2967613020-3702357964-577120\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}, In Quarantäne, [240], [382913],1.0.6973
PUP.Optional.InstallCore, HKU\S-1-5-21-462691900-2967613020-3702357964-577120\SOFTWARE\InstallCore, In Quarantäne, [402], [239563],1.0.6973
PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\fppjhfcgnalgfiimdflmikpifodndljf, In Quarantäne, [240], [557710],1.0.6973
PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gbnhehnpnbiioheicppmmmjaekcdfigc, In Quarantäne, [240], [557709],1.0.6973
PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68AE298D-7E8A-4F53-BE55-15D2B065F6C0}, In Quarantäne, [240], [471429],1.0.6973
RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\cmd.exe, In Quarantäne, [6479], [250074],1.0.6973
PUP.Optional.MailRu, HKU\S-1-5-21-1454471165-527237240-682003330-72982\SOFTWARE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\ru.mail.go.ext_info_host, Löschen bei Neustart, [240], [485554],1.0.6973
Registrierungswert: 7
PUP.Optional.MailRu, HKU\S-1-5-21-462691900-2967613020-3702357964-577120\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}|URL, In Quarantäne, [240], [382913],1.0.6973
PUP.Optional.MailRu, HKU\S-1-5-21-462691900-2967613020-3702357964-577120\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}|FAVICONURLFALLBACK, In Quarantäne, [240], [382913],1.0.6973
PUP.Optional.MailRu, HKU\S-1-5-21-462691900-2967613020-3702357964-577120\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}|SUGGESTIONSURL, In Quarantäne, [240], [382913],1.0.6973
PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68AE298D-7E8A-4F53-BE55-15D2B065F6C0}|APPPATH, In Quarantäne, [240], [471429],1.0.6973
PUP.Optional.MailRu, HKU\S-1-5-21-1454471165-527237240-682003330-72982\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}|URL, In Quarantäne, [240], [382913],1.0.6973
PUP.Optional.MailRu, HKU\S-1-5-21-1454471165-527237240-682003330-72982\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}|FAVICONURLFALLBACK, In Quarantäne, [240], [382913],1.0.6973
PUP.Optional.MailRu, HKU\S-1-5-21-1454471165-527237240-682003330-72982\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}|SUGGESTIONSURL, In Quarantäne, [240], [382913],1.0.6973
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 14
Adware.SmartApplicationController, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SMART APPLICATION CONTROLLER, In Quarantäne, [4268], [471427],1.0.6973
Adware.SmartApplicationController.TskLnk, C:\PROGRAM FILES (X86)\SMART APPLICATION CONTROLLER, In Quarantäne, [5493], [470279],1.0.6973
PUP.Optional.MailRu, C:\PROGRAM FILES (X86)\MAIL.RU, In Quarantäne, [240], [384138],1.0.6973
Adware.SmartApplicationController, C:\USERS\ATW11GE1\APPDATA\ROAMING\SMART APPLICATION CONTROLLER, In Quarantäne, [4268], [470282],1.0.6973
PUP.Optional.MailRu, C:\Users\atw11ge1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fppjhfcgnalgfiimdflmikpifodndljf\12.0.43_0\_metadata, In Quarantäne, [240], [557710],1.0.6973
PUP.Optional.MailRu, C:\Users\atw11ge1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fppjhfcgnalgfiimdflmikpifodndljf\12.0.43_0\icons, In Quarantäne, [240], [557710],1.0.6973
PUP.Optional.MailRu, C:\Users\atw11ge1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fppjhfcgnalgfiimdflmikpifodndljf\12.0.43_0, In Quarantäne, [240], [557710],1.0.6973
PUP.Optional.MailRu, C:\USERS\ATW11GE1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\FPPJHFCGNALGFIIMDFLMIKPIFODNDLJF, In Quarantäne, [240], [557710],1.0.6973
PUP.Optional.MailRu, C:\Users\atw11ge1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbnhehnpnbiioheicppmmmjaekcdfigc\12.0.42_0\integration\distribution, In Quarantäne, [240], [557709],1.0.6973
PUP.Optional.MailRu, C:\Users\atw11ge1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbnhehnpnbiioheicppmmmjaekcdfigc\12.0.42_0\integration, In Quarantäne, [240], [557709],1.0.6973
PUP.Optional.MailRu, C:\Users\atw11ge1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbnhehnpnbiioheicppmmmjaekcdfigc\12.0.42_0\_metadata, In Quarantäne, [240], [557709],1.0.6973
PUP.Optional.MailRu, C:\Users\atw11ge1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbnhehnpnbiioheicppmmmjaekcdfigc\12.0.42_0\img, In Quarantäne, [240], [557709],1.0.6973
PUP.Optional.MailRu, C:\Users\atw11ge1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbnhehnpnbiioheicppmmmjaekcdfigc\12.0.42_0, In Quarantäne, [240], [557709],1.0.6973
PUP.Optional.MailRu, C:\USERS\ATW11GE1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\GBNHEHNPNBIIOHEICPPMMMJAEKCDFIGC, In Quarantäne, [240], [557709],1.0.6973
Datei: 64
PUP.Optional.MailRu, C:\USERS\ATW11GE1\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\MAIL.RU.LNK, In Quarantäne, [240], [384473],1.0.6973
PUP.Optional.MailRu.Generic, C:\USERS\ATW11GE1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R32ANDWQ.DEFAULT\EXTENSIONS\homepage@mail.ru.xpi, In Quarantäne, [4617], [462926],1.0.6973
Adware.SmartApplicationController, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SMART APPLICATION CONTROLLER\SMART APPLICATION CONTROLLER.LNK, In Quarantäne, [4268], [471427],1.0.6973
PUP.Optional.MailRu.Generic, C:\USERS\ATW11GE1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R32ANDWQ.DEFAULT\EXTENSIONS\search@mail.ru.xpi, In Quarantäne, [4617], [462926],1.0.6973
Adware.SmartApplicationController.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\CheckControllerUpdatesUA, In Quarantäne, [5493], [470279],1.0.6973
Adware.SmartApplicationController.TskLnk, C:\PROGRAM FILES (X86)\SMART APPLICATION CONTROLLER\SMAPPSCONTROLLER.EXE, In Quarantäne, [5493], [470279],1.0.6973
Adware.SmartApplicationController.TskLnk, C:\Program Files (x86)\Smart Application Controller\smappscontroller_update.exe, In Quarantäne, [5493], [470279],1.0.6973
Adware.SmartApplicationController.TskLnk, C:\Program Files (x86)\Smart Application Controller\software_update.ico, In Quarantäne, [5493], [470279],1.0.6973
Adware.SmartApplicationController.TskLnk, C:\Program Files (x86)\Smart Application Controller\unins000.dat, In Quarantäne, [5493], [470279],1.0.6973
Adware.SmartApplicationController.TskLnk, C:\Program Files (x86)\Smart Application Controller\unins000.exe, In Quarantäne, [5493], [470279],1.0.6973
Adware.SmartApplicationController.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\CheckControllerUpdatesUA, In Quarantäne, [5493], [-1],0.0.0
PUP.Optional.MailRu, C:\USERS\ATW11GE1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R32ANDWQ.DEFAULT\EXTENSIONS\{A38384B3-2D1D-4F36-BC22-0F7AE402BCD7}.XPI, In Quarantäne, [240], [458842],1.0.6973
Adware.SmartApplicationController, C:\USERS\ATW11GE1\APPDATA\ROAMING\SMART APPLICATION CONTROLLER\SETTINGS.INI, In Quarantäne, [4268], [470282],1.0.6973
PUP.Optional.MailRu, C:\Users\atw11ge1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fppjhfcgnalgfiimdflmikpifodndljf\12.0.43_0\icons\128.png, In Quarantäne, [240], [557710],1.0.6973
PUP.Optional.MailRu, C:\Users\atw11ge1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fppjhfcgnalgfiimdflmikpifodndljf\12.0.43_0\icons\16.png, In Quarantäne, [240], [557710],1.0.6973
PUP.Optional.MailRu, C:\Users\atw11ge1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fppjhfcgnalgfiimdflmikpifodndljf\12.0.43_0\icons\48.png, In Quarantäne, [240], [557710],1.0.6973
PUP.Optional.MailRu, C:\Users\atw11ge1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fppjhfcgnalgfiimdflmikpifodndljf\12.0.43_0\icons\512.png, In Quarantäne, [240], [557710],1.0.6973
PUP.Optional.MailRu, C:\Users\atw11ge1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fppjhfcgnalgfiimdflmikpifodndljf\12.0.43_0\_metadata\computed_hashes.json, In Quarantäne, [240], [557710],1.0.6973
PUP.Optional.MailRu, C:\Users\atw11ge1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fppjhfcgnalgfiimdflmikpifodndljf\12.0.43_0\_metadata\verified_contents.json, In Quarantäne, [240], [557710],1.0.6973
PUP.Optional.MailRu, C:\Users\atw11ge1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fppjhfcgnalgfiimdflmikpifodndljf\12.0.43_0\background.js, In Quarantäne, [240], [557710],1.0.6973
PUP.Optional.MailRu, C:\Users\atw11ge1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fppjhfcgnalgfiimdflmikpifodndljf\12.0.43_0\build.js, In Quarantäne, [240], [557710],1.0.6973
PUP.Optional.MailRu, C:\Users\atw11ge1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fppjhfcgnalgfiimdflmikpifodndljf\12.0.43_0\manifest.json, In Quarantäne, [240], [557710],1.0.6973
PUP.Optional.MailRu, C:\USERS\ATW11GE1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Ersetzt, [240], [557710],1.0.6973
PUP.Optional.MailRu, C:\Users\atw11ge1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbnhehnpnbiioheicppmmmjaekcdfigc\12.0.42_0\img\128.png, In Quarantäne, [240], [557709],1.0.6973
PUP.Optional.MailRu, C:\Users\atw11ge1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbnhehnpnbiioheicppmmmjaekcdfigc\12.0.42_0\img\16.png, In Quarantäne, [240], [557709],1.0.6973
PUP.Optional.MailRu, C:\Users\atw11ge1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbnhehnpnbiioheicppmmmjaekcdfigc\12.0.42_0\img\48.png, In Quarantäne, [240], [557709],1.0.6973
PUP.Optional.MailRu, C:\Users\atw11ge1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbnhehnpnbiioheicppmmmjaekcdfigc\12.0.42_0\img\512.png, In Quarantäne, [240], [557709],1.0.6973
PUP.Optional.MailRu, C:\Users\atw11ge1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbnhehnpnbiioheicppmmmjaekcdfigc\12.0.42_0\integration\distribution\background.js, In Quarantäne, [240], [557709],1.0.6973
PUP.Optional.MailRu, C:\Users\atw11ge1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbnhehnpnbiioheicppmmmjaekcdfigc\12.0.42_0\integration\distribution\distribution-module.js, In Quarantäne, [240], [557709],1.0.6973
PUP.Optional.MailRu, C:\Users\atw11ge1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbnhehnpnbiioheicppmmmjaekcdfigc\12.0.42_0\_metadata\computed_hashes.json, In Quarantäne, [240], [557709],1.0.6973
PUP.Optional.MailRu, C:\Users\atw11ge1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbnhehnpnbiioheicppmmmjaekcdfigc\12.0.42_0\_metadata\verified_contents.json, In Quarantäne, [240], [557709],1.0.6973
PUP.Optional.MailRu, C:\Users\atw11ge1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbnhehnpnbiioheicppmmmjaekcdfigc\12.0.42_0\manifest.json, In Quarantäne, [240], [557709],1.0.6973
PUP.Optional.MailRu, C:\USERS\ATW11GE1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Ersetzt, [240], [557709],1.0.6973
Adware.MailRu.BatBitRst, C:\USERS\ATW11GE1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R32ANDWQ.DEFAULT\PREFS.JS, Ersetzt, [307], [481850],1.0.6973
Adware.MailRu.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, In Quarantäne, [307], [-1],0.0.0
Adware.MailRu.BatBitRst, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, In Quarantäne, [307], [-1],0.0.0
Adware.MailRu.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, In Quarantäne, [307], [-1],0.0.0
Adware.MailRu.BatBitRst, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, In Quarantäne, [307], [-1],0.0.0
Adware.MailRu.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, In Quarantäne, [307], [-1],0.0.0
Adware.MailRu.BatBitRst, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, In Quarantäne, [307], [-1],0.0.0
Adware.MailRu.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, In Quarantäne, [307], [-1],0.0.0
Adware.MailRu.BatBitRst, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, In Quarantäne, [307], [-1],0.0.0
PUP.Optional.BrowserHijack.ShrtCln, C:\USERS\ATW11GE1\APPDATA\ROAMING\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk, In Quarantäne, [14459], [303357],1.0.6973
PUP.Optional.BrowserHijack.ShrtCln, C:\USERS\ATW11GE1\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\User Pinned\TaskBar\Intеrnеt Ехplоrеr.lnk, In Quarantäne, [14459], [303357],1.0.6973
PUP.Optional.BrowserHijack.ShrtCln, C:\USERS\ATW11GE1\APPDATA\ROAMING\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk, In Quarantäne, [14459], [303357],1.0.6973
PUP.Optional.BrowserHijack.ShrtCln, C:\USERS\ATW11GE1\DESKTOP\Intеrnеt Ехplоrеr.lnk, In Quarantäne, [14459], [303357],1.0.6973
PUP.Optional.BrowserHijack.ShrtCln, C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.BAT, Ersetzt, [14459], [303357],1.0.6973
PUP.Optional.BrowserHijack.ShrtCln, C:\USERS\ATW11GE1\APPDATA\ROAMING\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk, In Quarantäne, [14459], [303355],1.0.6973
PUP.Optional.BrowserHijack.ShrtCln, C:\USERS\ATW11GE1\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\User Pinned\StartMenu\Gооglе Сhrоmе.lnk, In Quarantäne, [14459], [303355],1.0.6973
PUP.Optional.BrowserHijack.ShrtCln, C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.BAT, Ersetzt, [14459], [303355],1.0.6973
HackTool.Agent, C:\PROGRAM FILES (X86)\PDF PASSWORD REMOVER V3.1\PDF.PASSWORD.REMOVER.3.1-PATCH.EXE, In Quarantäne, [3923], [1570],1.0.6973
Adware.InstallMonster, C:\$RECYCLE.BIN\S-1-5-21-1454471165-527237240-682003330-72982\$RZUT9TN.RAR, In Quarantäne, [452], [420515],1.0.6973
Adware.InstallMonster, C:\$RECYCLE.BIN\S-1-5-21-1454471165-527237240-682003330-72982\$R3CN6UL.RAR, In Quarantäne, [452], [420515],1.0.6973
Adware.InstallMonster, C:\$RECYCLE.BIN\S-1-5-21-1454471165-527237240-682003330-72982\$REY6WNG.EXE, In Quarantäne, [452], [420515],1.0.6973
Adware.InstallMonster, C:\$RECYCLE.BIN\S-1-5-21-1454471165-527237240-682003330-72982\$RIXHNU3.CRDOWNLOAD, In Quarantäne, [452], [420515],1.0.6973
Adware.ICLoader, C:\$RECYCLE.BIN\S-1-5-21-1454471165-527237240-682003330-72982\$RCIRQLU.ZIP, In Quarantäne, [426], [369846],1.0.6973
Adware.InstallMonster, C:\$RECYCLE.BIN\S-1-5-21-1454471165-527237240-682003330-72982\$REWB0C3.RAR, In Quarantäne, [452], [420515],1.0.6973
Adware.ICLoader, C:\$RECYCLE.BIN\S-1-5-21-1454471165-527237240-682003330-72982\$RM6XKM6.ZIP, In Quarantäne, [426], [369846],1.0.6973
Adware.ICLoader, C:\$RECYCLE.BIN\S-1-5-21-1454471165-527237240-682003330-72982\$R5YW132.ZIP, In Quarantäne, [426], [369846],1.0.6973
Adware.InstallMonster, C:\$RECYCLE.BIN\S-1-5-21-1454471165-527237240-682003330-72982\$RBNUIX8.RAR, In Quarantäne, [452], [420515],1.0.6973
Adware.InstallMonster, C:\$RECYCLE.BIN\S-1-5-21-1454471165-527237240-682003330-72982\$RJLIP2K.RAR, In Quarantäne, [452], [420515],1.0.6973
Adware.InstallMonster, C:\$RECYCLE.BIN\S-1-5-21-1454471165-527237240-682003330-72982\$R6209VZ.RAR, In Quarantäne, [452], [420515],1.0.6973
Adware.InstallMonster, C:\$RECYCLE.BIN\S-1-5-21-1454471165-527237240-682003330-72982\$R92YAVI.EXE, In Quarantäne, [452], [420515],1.0.6973
PUP.Optional.MailRu, C:\USERS\ATW11GE1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Ersetzt, [240], [454830],1.0.6973
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
WMI: 0
(keine bösartigen Elemente erkannt)
(end)
GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2018-09-23 19:43:44
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000080 SAMSUN_ rev.EMT2 238,47GB
Running: lh1e327m.exe; Driver: C:\Users\atw11ge1\AppData\Local\Temp\kwdoypoc.sys
---- Kernel code sections - GMER 2.2 ----
.text C:\WINDOWS\system32\ntoskrnl.exe!KiCpuId + 978 fffff80003504092 1 byte [21]
---- User code sections - GMER 2.2 ----
.text C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe[1604] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes JMP 7645b2eb C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe[1604] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes JMP 7645b416 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe[1604] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes JMP 764d9149 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe[1604] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes CALL 764347d5 C:\WINDOWS\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe[1604] C:\WINDOWS\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes JMP 764d8a42 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe[1604] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes JMP 764d8c18 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe[1604] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes JMP 764d8938 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe[1604] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes JMP 764d8d02 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe[1604] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes JMP 7644f548 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe[1604] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes JMP 76456a77 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe[1604] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes JMP 764d9201 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe[1604] C:\WINDOWS\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes JMP 764d8d62 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe[1604] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes JMP 764d88fc C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe[1604] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes JMP 7644f5e1 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe[1604] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes JMP 7645b3ac C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe[1604] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes JMP 764d90c4 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe[1604] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes JMP 764d8891 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[1688] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes JMP 7645b2eb C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[1688] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes JMP 7645b416 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[1688] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes JMP 764d9149 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[1688] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes CALL 764347d5 C:\WINDOWS\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[1688] C:\WINDOWS\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes JMP 764d8a42 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[1688] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes JMP 764d8c18 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[1688] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes JMP 764d8938 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[1688] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes JMP 764d8d02 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[1688] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes JMP 7644f548 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[1688] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes JMP 76456a77 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[1688] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes JMP 764d9201 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[1688] C:\WINDOWS\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes JMP 764d8d62 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[1688] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes JMP 764d88fc C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[1688] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes JMP 7644f5e1 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[1688] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes JMP 7645b3ac C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[1688] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes JMP 764d90c4 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[1688] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes JMP 764d8891 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Kontiki\KService.exe[2744] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes JMP 7645b2eb C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Kontiki\KService.exe[2744] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes JMP 7645b416 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Kontiki\KService.exe[2744] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes JMP 764d9149 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Kontiki\KService.exe[2744] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes CALL 764347d5 C:\WINDOWS\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Kontiki\KService.exe[2744] C:\WINDOWS\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes JMP 764d8a42 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Kontiki\KService.exe[2744] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes JMP 764d8c18 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Kontiki\KService.exe[2744] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes JMP 764d8938 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Kontiki\KService.exe[2744] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes JMP 764d8d02 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Kontiki\KService.exe[2744] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes JMP 7644f548 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Kontiki\KService.exe[2744] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes JMP 76456a77 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Kontiki\KService.exe[2744] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes JMP 764d9201 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Kontiki\KService.exe[2744] C:\WINDOWS\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes JMP 764d8d62 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Kontiki\KService.exe[2744] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes JMP 764d88fc C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Kontiki\KService.exe[2744] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes JMP 7644f5e1 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Kontiki\KService.exe[2744] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes JMP 7645b3ac C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Kontiki\KService.exe[2744] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes JMP 764d90c4 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Kontiki\KService.exe[2744] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes JMP 764d8891 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\Service\lcservn.exe[2792] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes JMP 7645b2eb C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\Service\lcservn.exe[2792] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes JMP 7645b416 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\Service\lcservn.exe[2792] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes JMP 764d9149 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\Service\lcservn.exe[2792] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes CALL 764347d5 C:\WINDOWS\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\Service\lcservn.exe[2792] C:\WINDOWS\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes JMP 764d8a42 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\Service\lcservn.exe[2792] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes JMP 764d8c18 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\Service\lcservn.exe[2792] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes JMP 764d8938 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\Service\lcservn.exe[2792] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes JMP 764d8d02 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\Service\lcservn.exe[2792] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes JMP 7644f548 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\Service\lcservn.exe[2792] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes JMP 76456a77 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\Service\lcservn.exe[2792] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes JMP 764d9201 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\Service\lcservn.exe[2792] C:\WINDOWS\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes JMP 764d8d62 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\Service\lcservn.exe[2792] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes JMP 764d88fc C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\Service\lcservn.exe[2792] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes JMP 7644f5e1 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\Service\lcservn.exe[2792] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes JMP 7645b3ac C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\Service\lcservn.exe[2792] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes JMP 764d90c4 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\Service\lcservn.exe[2792] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes JMP 764d8891 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2820] C:\WINDOWS\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000077461401 2 bytes JMP 7645b2eb C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2820] C:\WINDOWS\syswow64\psapi.dll!EnumProcessModules + 17 0000000077461419 2 bytes JMP 7645b416 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2820] C:\WINDOWS\syswow64\psapi.dll!GetModuleInformation + 17 0000000077461431 2 bytes JMP 764d9149 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2820] C:\WINDOWS\syswow64\psapi.dll!GetModuleInformation + 42 000000007746144a 2 bytes CALL 764347d5 C:\WINDOWS\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2820] C:\WINDOWS\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000774614dd 2 bytes JMP 764d8a42 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2820] C:\WINDOWS\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes JMP 764d8c18 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2820] C:\WINDOWS\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007746150d 2 bytes JMP 764d8938 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2820] C:\WINDOWS\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes JMP 764d8d02 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2820] C:\WINDOWS\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007746153d 2 bytes JMP 7644f548 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2820] C:\WINDOWS\syswow64\psapi.dll!EnumProcesses + 17 0000000077461555 2 bytes JMP 76456a77 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2820] C:\WINDOWS\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007746156d 2 bytes JMP 764d9201 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2820] C:\WINDOWS\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000077461585 2 bytes JMP 764d8d62 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2820] C:\WINDOWS\syswow64\psapi.dll!QueryWorkingSet + 17 000000007746159d 2 bytes JMP 764d88fc C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2820] C:\WINDOWS\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000774615b5 2 bytes JMP 7644f5e1 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2820] C:\WINDOWS\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000774615cd 2 bytes JMP 7645b3ac C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2820] C:\WINDOWS\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes JMP 764d90c4 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2820] C:\WINDOWS\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes JMP 764d8891 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[4980] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes JMP 7645b2eb C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[4980] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes JMP 7645b416 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[4980] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes JMP 764d9149 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[4980] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes CALL 764347d5 C:\WINDOWS\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[4980] C:\WINDOWS\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes JMP 764d8a42 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[4980] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes JMP 764d8c18 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[4980] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes JMP 764d8938 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[4980] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes JMP 764d8d02 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[4980] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes JMP 7644f548 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[4980] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes JMP 76456a77 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[4980] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes JMP 764d9201 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[4980] C:\WINDOWS\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes JMP 764d8d62 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[4980] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes JMP 764d88fc C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[4980] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes JMP 7644f5e1 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[4980] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes JMP 7645b3ac C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[4980] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes JMP 764d90c4 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe[4980] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes JMP 764d8891 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\IndicatorUty\IndicatorUty.exe[6308] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes JMP 7645b2eb C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\IndicatorUty\IndicatorUty.exe[6308] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes JMP 7645b416 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\IndicatorUty\IndicatorUty.exe[6308] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes JMP 764d9149 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\IndicatorUty\IndicatorUty.exe[6308] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes CALL 764347d5 C:\WINDOWS\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Fujitsu\IndicatorUty\IndicatorUty.exe[6308] C:\WINDOWS\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes JMP 764d8a42 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\IndicatorUty\IndicatorUty.exe[6308] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes JMP 764d8c18 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\IndicatorUty\IndicatorUty.exe[6308] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes JMP 764d8938 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\IndicatorUty\IndicatorUty.exe[6308] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes JMP 764d8d02 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\IndicatorUty\IndicatorUty.exe[6308] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes JMP 7644f548 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\IndicatorUty\IndicatorUty.exe[6308] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes JMP 76456a77 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\IndicatorUty\IndicatorUty.exe[6308] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes JMP 764d9201 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\IndicatorUty\IndicatorUty.exe[6308] C:\WINDOWS\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes JMP 764d8d62 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\IndicatorUty\IndicatorUty.exe[6308] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes JMP 764d88fc C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\IndicatorUty\IndicatorUty.exe[6308] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes JMP 7644f5e1 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\IndicatorUty\IndicatorUty.exe[6308] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes JMP 7645b3ac C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\IndicatorUty\IndicatorUty.exe[6308] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes JMP 764d90c4 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Fujitsu\IndicatorUty\IndicatorUty.exe[6308] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes JMP 764d8891 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\loadprof.exe[6832] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes JMP 7645b2eb C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\loadprof.exe[6832] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes JMP 7645b416 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\loadprof.exe[6832] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes JMP 764d9149 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\loadprof.exe[6832] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes CALL 764347d5 C:\WINDOWS\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\loadprof.exe[6832] C:\WINDOWS\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes JMP 764d8a42 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\loadprof.exe[6832] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes JMP 764d8c18 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\loadprof.exe[6832] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes JMP 764d8938 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\loadprof.exe[6832] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes JMP 764d8d02 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\loadprof.exe[6832] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes JMP 7644f548 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\loadprof.exe[6832] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes JMP 76456a77 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\loadprof.exe[6832] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes JMP 764d9201 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\loadprof.exe[6832] C:\WINDOWS\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes JMP 764d8d62 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\loadprof.exe[6832] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes JMP 764d88fc C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\loadprof.exe[6832] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes JMP 7644f5e1 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\loadprof.exe[6832] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes JMP 7645b3ac C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\loadprof.exe[6832] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes JMP 764d90c4 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\loadprof.exe[6832] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes JMP 764d8891 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7504] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes JMP 7645b2eb C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7504] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes JMP 7645b416 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7504] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes JMP 764d9149 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7504] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes CALL 764347d5 C:\WINDOWS\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7504] C:\WINDOWS\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes JMP 764d8a42 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7504] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes JMP 764d8c18 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7504] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes JMP 764d8938 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7504] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes JMP 764d8d02 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7504] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes JMP 7644f548 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7504] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes JMP 76456a77 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7504] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes JMP 764d9201 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7504] C:\WINDOWS\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes JMP 764d8d62 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7504] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes JMP 764d88fc C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7504] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes JMP 7644f5e1 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7504] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes JMP 7645b3ac C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7504] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes JMP 764d90c4 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[7504] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes JMP 764d8891 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\SysWOW64\CCM\CcmExec.exe[8400] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes JMP 7645b2eb C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\SysWOW64\CCM\CcmExec.exe[8400] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes JMP 7645b416 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\SysWOW64\CCM\CcmExec.exe[8400] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes JMP 764d9149 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\SysWOW64\CCM\CcmExec.exe[8400] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes CALL 764347d5 C:\WINDOWS\syswow64\kernel32.dll
.text ... * 9
.text C:\WINDOWS\SysWOW64\CCM\CcmExec.exe[8400] C:\WINDOWS\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes JMP 764d8a42 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\SysWOW64\CCM\CcmExec.exe[8400] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes JMP 764d8c18 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\SysWOW64\CCM\CcmExec.exe[8400] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes JMP 764d8938 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\SysWOW64\CCM\CcmExec.exe[8400] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes JMP 764d8d02 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\SysWOW64\CCM\CcmExec.exe[8400] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes JMP 7644f548 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\SysWOW64\CCM\CcmExec.exe[8400] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes JMP 76456a77 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\SysWOW64\CCM\CcmExec.exe[8400] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes JMP 764d9201 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\SysWOW64\CCM\CcmExec.exe[8400] C:\WINDOWS\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes JMP 764d8d62 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\SysWOW64\CCM\CcmExec.exe[8400] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes JMP 764d88fc C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\SysWOW64\CCM\CcmExec.exe[8400] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes JMP 7644f5e1 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\SysWOW64\CCM\CcmExec.exe[8400] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes JMP 7645b3ac C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\SysWOW64\CCM\CcmExec.exe[8400] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes JMP 764d90c4 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\SysWOW64\CCM\CcmExec.exe[8400] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes JMP 764d8891 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[8792] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes JMP 7645b2eb C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[8792] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes JMP 7645b416 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[8792] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes JMP 764d9149 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[8792] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes CALL 764347d5 C:\WINDOWS\syswow64\kernel32.dll
.text ... * 9
.text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[8792] C:\WINDOWS\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes JMP 764d8a42 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[8792] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes JMP 764d8c18 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[8792] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes JMP 764d8938 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[8792] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes JMP 764d8d02 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[8792] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes JMP 7644f548 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[8792] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes JMP 76456a77 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[8792] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes JMP 764d9201 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[8792] C:\WINDOWS\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes JMP 764d8d62 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[8792] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes JMP 764d88fc C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[8792] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes JMP 7644f5e1 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[8792] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes JMP 7645b3ac C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[8792] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes JMP 764d90c4 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[8792] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes JMP 764d8891 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[10180] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes JMP 7645b2eb C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[10180] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes JMP 7645b416 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[10180] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes JMP 764d9149 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[10180] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes CALL 764347d5 C:\WINDOWS\syswow64\kernel32.dll
.text ... * 9
.text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[10180] C:\WINDOWS\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes JMP 764d8a42 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[10180] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes JMP 764d8c18 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[10180] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes JMP 764d8938 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[10180] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes JMP 764d8d02 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[10180] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes JMP 7644f548 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[10180] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes JMP 76456a77 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[10180] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes JMP 764d9201 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[10180] C:\WINDOWS\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes JMP 764d8d62 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[10180] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes JMP 764d88fc C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[10180] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes JMP 7644f5e1 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[10180] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes JMP 7645b3ac C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[10180] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes JMP 764d90c4 C:\WINDOWS\syswow64\kernel32.dll
.text C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe[10180] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes JMP 764d8891 C:\WINDOWS\syswow64\kernel32.dll
? C:\WINDOWS\system32\esentprf.dll [10180] entry point in ".data" section 00000000704c99e3
.text C:\Program Files\Internet Explorer\iexplore.exe[8404] C:\WINDOWS\system32\kernel32.dll!MapViewOfFile 0000000077aed840 9 bytes JMP 0000000037ae1738
.text C:\Program Files\Internet Explorer\iexplore.exe[8404] C:\WINDOWS\system32\kernel32.dll!LoadLibraryExA + 1 0000000077aed861 7 bytes {JMP 0xffffffffbfff2c18}
.text C:\Program Files\Internet Explorer\iexplore.exe[8404] C:\WINDOWS\system32\kernel32.dll!CreateFileMappingA 0000000077aedf80 10 bytes JMP 0000000037ae14f8
.text C:\Program Files\Internet Explorer\iexplore.exe[8404] C:\WINDOWS\system32\kernel32.dll!CreateFileMappingW 0000000077aeee90 9 bytes JMP 0000000037ae15b8
.text C:\Program Files\Internet Explorer\iexplore.exe[8404] C:\WINDOWS\system32\kernel32.dll!CreateFileW 0000000077af0d10 10 bytes JMP 0000000037ae1378
.text C:\Program Files\Internet Explorer\iexplore.exe[8404] C:\WINDOWS\system32\kernel32.dll!LoadLibraryW 0000000077af6420 10 bytes JMP 0000000037ae03b8
.text C:\Program Files\Internet Explorer\iexplore.exe[8404] C:\WINDOWS\system32\kernel32.dll!LoadLibraryA 0000000077af6510 10 bytes JMP 0000000037ae02f8
.text C:\Program Files\Internet Explorer\iexplore.exe[8404] C:\WINDOWS\system32\kernel32.dll!CreateProcessInternalW 0000000077afdd20 8 bytes JMP 0000000037ae0bf8
.text C:\Program Files\Internet Explorer\iexplore.exe[8404] C:\WINDOWS\system32\kernel32.dll!CreateProcessW 0000000077b005e0 12 bytes JMP 0000000037ae0a78
.text C:\Program Files\Internet Explorer\iexplore.exe[8404] C:\WINDOWS\system32\kernel32.dll!MapViewOfFileEx 0000000077b01b40 9 bytes JMP 0000000037ae17f8
.text C:\Program Files\Internet Explorer\iexplore.exe[8404] C:\WINDOWS\system32\kernel32.dll!CreateFileA 0000000077b01b80 10 bytes JMP 0000000037ae12b8
.text C:\Program Files\Internet Explorer\iexplore.exe[8404] C:\WINDOWS\system32\kernel32.dll!WriteProcessMemory 0000000077b2bf70 9 bytes JMP 0000000037ae1078
.text C:\Program Files\Internet Explorer\iexplore.exe[8404] C:\WINDOWS\system32\kernel32.dll!VirtualProtectEx 0000000077b2c010 9 bytes JMP 0000000037ae0778
.text C:\Program Files\Internet Explorer\iexplore.exe[8404] C:\WINDOWS\system32\kernel32.dll!VirtualAllocEx 0000000077b2c070 1 byte JMP 0000000037ae05f8
.text C:\Program Files\Internet Explorer\iexplore.exe[8404] C:\WINDOWS\system32\kernel32.dll!VirtualAllocEx + 2 0000000077b2c072 6 bytes {JMP 0xffffffffbffb4588}
.text C:\Program Files\Internet Explorer\iexplore.exe[8404] C:\WINDOWS\system32\kernel32.dll!CreateRemoteThread 0000000077b2c990 12 bytes JMP 0000000037ae0ef8
.text C:\Program Files\Internet Explorer\iexplore.exe[8404] C:\WINDOWS\system32\kernel32.dll!CreateProcessInternalA 0000000077b7a300 11 bytes JMP 0000000037ae0b38
.text C:\Program Files\Internet Explorer\iexplore.exe[8404] C:\WINDOWS\system32\kernel32.dll!CreateProcessA 0000000077b7afd0 12 bytes JMP 0000000037ae09b8
.text C:\Program Files\Internet Explorer\iexplore.exe[8404] C:\WINDOWS\system32\kernel32.dll!WinExec 0000000077b7b510 8 bytes JMP 0000000037ae11f8
.text C:\Program Files\Internet Explorer\iexplore.exe[8404] C:\WINDOWS\system32\KERNELBASE.dll!VirtualAlloc 000007fefd991900 2 bytes JMP 000007febd990538
.text C:\Program Files\Internet Explorer\iexplore.exe[8404] C:\WINDOWS\system32\KERNELBASE.dll!VirtualAlloc + 3 000007fefd991903 6 bytes [FF, BF, CC, CC, CC, CC]
.text C:\Program Files\Internet Explorer\iexplore.exe[8404] C:\WINDOWS\system32\KERNELBASE.dll!CreateFileW 000007fefd995fe0 9 bytes JMP 000007febd990d78
.text C:\Program Files\Internet Explorer\iexplore.exe[8404] C:\WINDOWS\system32\KERNELBASE.dll!CreateRemoteThreadEx 000007fefd99acb0 8 bytes JMP 000007febd990b38
.text C:\Program Files\Internet Explorer\iexplore.exe[8404] C:\WINDOWS\system32\KERNELBASE.dll!HeapCreate 000007fefd99b2d0 13 bytes JMP 000007febd9909b8
.text C:\Program Files\Internet Explorer\iexplore.exe[8404] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd99c750 10 bytes JMP 000007febd9903b8
.text C:\Program Files\Internet Explorer\iexplore.exe[8404] C:\WINDOWS\system32\KERNELBASE.dll!MapViewOfFileEx 000007fefd9a07e0 14 bytes JMP 000007febd991078
.text C:\Program Files\Internet Explorer\iexplore.exe[8404] C:\WINDOWS\system32\KERNELBASE.dll!CreateFileMappingW 000007fefd9a0890 9 bytes JMP 000007febd990e38
.text C:\Program Files\Internet Explorer\iexplore.exe[8404] C:\WINDOWS\system32\KERNELBASE.dll!MapViewOfFile 000007fefd9a0a90 14 bytes JMP 000007febd990fb8
.text C:\Program Files\Internet Explorer\iexplore.exe[8404] C:\WINDOWS\system32\KERNELBASE.dll!VirtualProtect 000007fefd9a13b0 9 bytes JMP 000007febd990778
.text C:\Program Files\Internet Explorer\iexplore.exe[8404] C:\WINDOWS\system32\KERNELBASE.dll!VirtualProtectEx 000007fefd9a13e0 11 bytes JMP 000007febd9908f8
.text C:\Program Files\Internet Explorer\iexplore.exe[8404] C:\WINDOWS\system32\KERNELBASE.dll!CreateFileMappingNumaW 000007fefd9a1930 10 bytes JMP 000007febd990ef8
.text C:\Program Files\Internet Explorer\iexplore.exe[8404] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd9a9ac0 9 bytes JMP 000007febd9902f8
.text C:\Program Files\Internet Explorer\iexplore.exe[8404] C:\WINDOWS\system32\KERNELBASE.dll!VirtualAllocEx 000007fefd9c3870 8 bytes JMP 000007febd9906b8
.text C:\Program Files\Internet Explorer\iexplore.exe[8404] C:\WINDOWS\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd9c38a0 8 bytes JMP 000007febd990cb8
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6864] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes JMP 7645b2eb C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6864] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes JMP 7645b416 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6864] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes JMP 764d9149 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6864] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes CALL 764347d5 C:\WINDOWS\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6864] C:\WINDOWS\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes JMP 764d8a42 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6864] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes JMP 764d8c18 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6864] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes JMP 764d8938 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6864] C:\WINDOWS\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes JMP 764d8d02 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6864] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes JMP 7644f548 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6864] C:\WINDOWS\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes JMP 76456a77 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6864] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes JMP 764d9201 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6864] C:\WINDOWS\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes JMP 764d8d62 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6864] C:\WINDOWS\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes JMP 764d88fc C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6864] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes JMP 7644f5e1 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6864] C:\WINDOWS\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes JMP 7645b3ac C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6864] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes JMP 764d90c4 C:\WINDOWS\syswow64\kernel32.dll
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6864] C:\WINDOWS\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes JMP 764d8891 C:\WINDOWS\syswow64\kernel32.dll
---- User IAT/EAT - GMER 2.2 ----
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\SearchIndexer.exe[KERNEL32.dll!GetProcAddress] [7fefd5e4230] C:\WINDOWS\system32\apphelp.dll
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\SearchIndexer.exe[msvcrt.dll!exit] [7fece52826c] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\kernel32.dll[ntdll.dll!RtlUnlockHeap] [7fece528164] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\kernel32.dll[ntdll.dll!RtlSizeHeap] [7fece528260] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\kernel32.dll[ntdll.dll!RtlReAllocateHeap] [7fece5273ec] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\kernel32.dll[ntdll.dll!RtlLockHeap] [7fece5280e8] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\kernel32.dll[ntdll.dll!RtlFreeHeap] [7fece527a7c] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\kernel32.dll[ntdll.dll!RtlAllocateHeap] [7fece5271cc] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\kernel32.dll[ntdll.dll!RtlCreateHeap] [7fece527e84] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\kernel32.dll[ntdll.dll!RtlDestroyHeap] [7fece528048] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\kernel32.dll[ntdll.dll!RtlExitUserProcess] [7fece5282e4] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!RtlAllocateHeap] [7fece5271cc] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!RtlFreeHeap] [7fece527a7c] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!RtlExitUserProcess] [7fece5282e4] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!RtlReAllocateHeap] [7fece5273ec] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!RtlLockHeap] [7fece5280e8] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!RtlUnlockHeap] [7fece528164] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!RtlCreateHeap] [7fece527e84] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!RtlDestroyHeap] [7fece528048] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!RtlValidateHeap] [7fece5281c0] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!RtlWalkHeap] [7fece528054] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\ADVAPI32.dll[ntdll.dll!RtlAllocateHeap] [7fece5271cc] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\ADVAPI32.dll[ntdll.dll!RtlFreeHeap] [7fece527a7c] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\ADVAPI32.dll[ntdll.dll!RtlReAllocateHeap] [7fece5273ec] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\ADVAPI32.dll[KERNEL32.dll!GetProcAddress] [7fefd5e4230] C:\WINDOWS\system32\apphelp.dll
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!RtlFreeHeap] [7fece527a7c] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!RtlAllocateHeap] [7fece5271cc] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!RtlFreeHeap] [7fece527a7c] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!RtlAllocateHeap] [7fece5271cc] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\USER32.dll[ntdll.dll!RtlFreeHeap] [7fece527a7c] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\USER32.dll[ntdll.dll!RtlAllocateHeap] [7fece5271cc] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\USER32.dll[ntdll.dll!RtlReAllocateHeap] [7fece5273ec] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\USER32.dll[ntdll.dll!RtlSizeHeap] [7fece528260] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\USER32.dll[KERNEL32.dll!GetProcAddress] [7fefd5e4230] C:\WINDOWS\system32\apphelp.dll
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\GDI32.dll[ntdll.dll!RtlFreeHeap] [7fece527a7c] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\GDI32.dll[ntdll.dll!RtlAllocateHeap] [7fece5271cc] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\GDI32.dll[KERNEL32.dll!GetProcAddress] [7fefd5e4230] C:\WINDOWS\system32\apphelp.dll
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\ole32.dll[ntdll.dll!RtlFreeHeap] [7fece527a7c] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\ole32.dll[ntdll.dll!RtlAllocateHeap] [7fece5271cc] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\ole32.dll[ntdll.dll!RtlReAllocateHeap] [7fece5273ec] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress] [7fefd5e4230] C:\WINDOWS\system32\apphelp.dll
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\TQUERY.DLL[KERNEL32.dll!GetProcAddress] [7fefd5e4230] C:\WINDOWS\system32\apphelp.dll
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [7fefd5e4230] C:\WINDOWS\system32\apphelp.dll
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\MSSRCH.DLL[KERNEL32.dll!GetProcAddress] [7fefd5e4230] C:\WINDOWS\system32\apphelp.dll
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\ESENT.dll[KERNEL32.dll!GetProcAddress] [7fefd5e4230] C:\WINDOWS\system32\apphelp.dll
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\IMM32.dll[KERNEL32.dll!GetProcAddress] [7fefd5e4230] C:\WINDOWS\system32\apphelp.dll
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [7fefd5e4230] C:\WINDOWS\system32\apphelp.dll
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\SHELL32.dll[ntdll.dll!RtlFreeHeap] [7fece527a7c] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\CRYPTBASE.dll[ntdll.dll!RtlAllocateHeap] [7fece5271cc] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\CRYPTBASE.dll[ntdll.dll!RtlFreeHeap] [7fece527a7c] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\SSPICLI.DLL[ntdll.dll!RtlFreeHeap] [7fece527a7c] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\SSPICLI.DLL[ntdll.dll!RtlAllocateHeap] [7fece5271cc] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\CLBCatQ.DLL[ntdll.dll!RtlAllocateHeap] [7fece5271cc] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\CLBCatQ.DLL[ntdll.dll!RtlFreeHeap] [7fece527a7c] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\CLBCatQ.DLL[KERNEL32.dll!GetProcAddress] [7fefd5e4230] C:\WINDOWS\system32\apphelp.dll
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\rsaenh.dll[ntdll.dll!RtlFreeHeap] [7fece527a7c] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\rsaenh.dll[ntdll.dll!RtlAllocateHeap] [7fece5271cc] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\rsaenh.dll[KERNEL32.dll!GetProcAddress] [7fefd5e4230] C:\WINDOWS\system32\apphelp.dll
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\RpcRtRemote.dll[ntdll.dll!RtlFreeHeap] [7fece527a7c] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\RpcRtRemote.dll[ntdll.dll!RtlAllocateHeap] [7fece5271cc] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\Program Files\Common Files\Microsoft Shared\Ink\IpsPlugin.dll[KERNEL32.dll!GetProcAddress] [7fefd5e4230] C:\WINDOWS\system32\apphelp.dll
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\WINSTA.dll[KERNEL32.dll!GetProcAddress] [7fefd5e4230] C:\WINDOWS\system32\apphelp.dll
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\propsys.dll[KERNEL32.dll!GetProcAddress] [7fefd5e4230] C:\WINDOWS\system32\apphelp.dll
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\WLDAP32.dll[KERNEL32.dll!GetProcAddress] [7fefd5e4230] C:\WINDOWS\system32\apphelp.dll
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\WTSAPI32.dll[KERNEL32.dll!GetProcAddress] [7fefd5e4230] C:\WINDOWS\system32\apphelp.dll
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\VSSAPI.DLL[ntdll.dll!RtlFreeHeap] [7fece527a7c] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\VSSAPI.DLL[ntdll.dll!RtlAllocateHeap] [7fece5271cc] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\ATL.DLL[KERNEL32.dll!GetProcAddress] [7fefd5e4230] C:\WINDOWS\system32\apphelp.dll
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\SAMLIB.dll[ntdll.dll!RtlFreeHeap] [7fece527a7c] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\es.dll[ntdll.dll!RtlAllocateHeap] [7fece5271cc] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\es.dll[ntdll.dll!RtlFreeHeap] [7fece527a7c] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\CFGMGR32.dll[KERNEL32.dll!GetProcAddress] [7fefd5e4230] C:\WINDOWS\system32\apphelp.dll
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\System32\NaturalLanguage6.dll[KERNEL32.dll!GetProcAddress] [7fefd5e4230] C:\WINDOWS\system32\apphelp.dll
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\CRYPT32.dll[ntdll.dll!RtlAllocateHeap] [7fece5271cc] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\CRYPT32.dll[ntdll.dll!RtlFreeHeap] [7fece527a7c] C:\WINDOWS\AppPatch\AppPatch64\AcXtrnal.DLL
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\CRYPT32.dll[KERNEL32.dll!GetProcAddress] [7fefd5e4230] C:\WINDOWS\system32\apphelp.dll
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\System32\NLSData0007.dll[KERNEL32.dll!GetProcAddress] [7fefd5e4230] C:\WINDOWS\system32\apphelp.dll
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\System32\NLSData0009.dll[KERNEL32.dll!GetProcAddress] [7fefd5e4230] C:\WINDOWS\system32\apphelp.dll
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[KERNEL32.dll!GetProcAddress] [7fefd5e4230] C:\WINDOWS\system32\apphelp.dll
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\SETUPAPI.dll[KERNEL32.dll!GetProcAddress] [7fefd5e4230] C:\WINDOWS\system32\apphelp.dll
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\system32\elscore.dll[KERNEL32.dll!GetProcAddress] [7fefd5e4230] C:\WINDOWS\system32\apphelp.dll
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\System32\NLSData0019.dll[KERNEL32.dll!GetProcAddress] [7fefd5e4230] C:\WINDOWS\system32\apphelp.dll
IAT C:\WINDOWS\system32\SearchIndexer.exe[1652] @ C:\WINDOWS\System32\NLSData0000.dll[KERNEL32.dll!GetProcAddress] [7fefd5e4230] C:\WINDOWS\system32\apphelp.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\Program Files\Internet Explorer\iexplore.exe[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\USER32.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\GDI32.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\advapi32.DLL[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\shell32.DLL[USER32.dll!MessageBoxW] [7feecc36840] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\shell32.DLL[USER32.dll!DialogBoxParamW] [7feecc362b0] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\shell32.DLL[USER32.dll!MessageBoxIndirectW] [7feecc10750] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\shell32.DLL[USER32.dll!EnableWindow] [7feecbfef00] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamW] [7feecc362b0] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamA] [7feecc361b0] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\SHLWAPI.dll[USER32.dll!MessageBoxW] [7feecc36840] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\iertutil.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\version.DLL[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\apphelp.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\AppPatch\AppPatch64\EMET64.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\IEFRAME.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\IEFRAME.dll[USER32.dll!EnableWindow] [7feecbfef00] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\IEFRAME.dll[USER32.dll!DialogBoxParamW] [7feecc362b0] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\IEFRAME.dll[USER32.dll!MessageBoxW] [7feecc36840] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\IEFRAME.dll[USER32.dll!MessageBoxIndirectW] [7feecc10750] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\ole32.dll[USER32.dll!EnableWindow] [7feecbfef00] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\ole32.dll[USER32.dll!DialogBoxParamW] [7feecc362b0] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\ole32.dll[USER32.dll!MessageBoxW] [7feecc36840] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\OLEAUT32.dll[USER32.dll!EnableWindow] [7feecbfef00] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\WINHTTP.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\webio.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[USER32.dll!EnableWindow] [7feecbfef00] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[USER32.dll!DialogBoxIndirectParamW] [7feecc360d0] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\comdlg32.dll[USER32.dll!EnableWindow] [7feecbfef00] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\comdlg32.dll[USER32.dll!DialogBoxIndirectParamW] [7feecc360d0] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\comdlg32.dll[USER32.dll!MessageBoxW] [7feecc36840] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\comdlg32.dll[COMCTL32.dll!PropertySheetW] [7feecc36f30] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\comdlg32.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\uxtheme.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\urlmon.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\urlmon.dll[USER32.dll!EnableWindow] [7feecbfef00] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\urlmon.dll[USER32.dll!DialogBoxParamW] [7feecc362b0] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\WININET.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\dwmapi.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\rsaenh.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\CLBCatQ.DLL[USER32.dll!DialogBoxParamW] [7feecc362b0] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\CLBCatQ.DLL[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\Program Files\Internet Explorer\ieproxy.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\Secur32.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\srvcli.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\wkscli.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\CRYPT32.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\IEUI.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\windowscodecs.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\Windows\system32\oleacc.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\propsys.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\ntmarta.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\WLDAP32.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\explorerframe.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\explorerframe.dll[USER32.dll!EnableWindow] [7feecbfef00] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\DUser.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\DUI70.dll[USER32.dll!EnableWindow] [7feecbfef00] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\DUI70.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\SETUPAPI.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\SETUPAPI.dll[USER32.dll!DialogBoxParamW] [7feecc362b0] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\SETUPAPI.dll[USER32.dll!EnableWindow] [7feecbfef00] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\SETUPAPI.dll[USER32.dll!MessageBoxW] [7feecc36840] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\CFGMGR32.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\MLANG.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\mfc100u.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\mfc100u.dll[USER32.dll!MessageBoxW] [7feecc36840] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\mfc100u.dll[USER32.dll!EnableWindow] [7feecbfef00] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\MSVCR100.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\MPR.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\RICHED20.DLL[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\RICHED20.DLL[USER32.dll!EnableWindow] [7feecbfef00] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23894_none_145eb2808b8d6928\gdiplus.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\LINKINFO.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\dxgi.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\WINTRUST.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\System32\fwpuclnt.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\credssp.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\schannel.DLL[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\bcrypt.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\cryptnet.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\System32\netprofm.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\System32\nlaapi.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\MSVCR80.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\System32\msxml6.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\UIAutomationCore.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\System32\StructuredQuery.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\Windows\system32\actxprxy.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\Windows\system32\thumbcache.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\SearchFolder.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\SHDOCVW.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\SHDOCVW.dll[USER32.dll!EnableWindow] [7feecbfef00] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\SHDOCVW.dll[USER32.dll!DialogBoxParamW] [7feecc362b0] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\ntshrui.dll[USER32.dll!DialogBoxParamW] [7feecc362b0] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\ntshrui.dll[USER32.dll!EnableWindow] [7feecbfef00] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\ntshrui.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\System32\WINSTA.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\System32\DAVHLPR.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\WINMM.dll[USER32.dll!MessageBoxW] [7feecc36840] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\WINMM.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\PortableDeviceApi.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\EhStorAPI.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\system32\NetworkExplorer.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\WINDOWS\System32\ieapfltr.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[8404] @ C:\Program Files\Windows Defender\MpOav.dll[KERNEL32.dll!GetProcAddress] [7feecbf1c40] C:\Program Files\Internet Explorer\IEShims.dll
---- EOF - GMER 2.2 ----
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 19:48:47, on 23.09.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19101)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Fujitsu\IndicatorUty\IndicatorUty.exe
C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\loadprof.exe
C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\lcuser.exe
C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\Pulse.exe
C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\lchelper.exe
C:\Users\atw11ge1\AppData\Roaming\Siemens\PCS\PCSMonitor.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Install\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://intranet.entry.siemens.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxyconf-uba.siemens.net/proxy-coia.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxyfarm-fth.3dns.netz.sbs.de:84
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: PXCIEaddin5 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEAddin5.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll
O2 - BHO: Trend Micro Osprey Plugin - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg32.dll
O2 - BHO: Trend Micro IE Protection - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\module\BES\IE32\TmBpIe32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll
O3 - Toolbar: PDFXChange 2012 IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEAddin5.dll
O4 - HKLM\..\Run: [IndicatorUtility] "C:\Program Files (x86)\Fujitsu\IndicatorUty\IndicatorUty.exe"
O4 - HKLM\..\Run: [USM] C:\Program Files (x86)\Siemens\USM\USM.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [LoadProf] C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\loadprof.exe
O4 - HKLM\..\Run: [SGLCUser] C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\lcuser.exe
O4 - HKLM\..\Run: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.10\bin\EpmNews.exe
O4 - HKLM\..\Run: [EaseUS Cleanup] "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.10\bin\CleanUpUI.exe" 10 300
O4 - HKLM\..\Run: [kdx] C:\Program Files (x86)\Kontiki\KHost.exe -all
O4 - HKLM\..\Run: [PulseSecure] C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\Pulse.exe -tray
O4 - HKCU\..\Run: [Greenshot] "C:\Program Files\GREENSHOT\Greenshot.exe"
O4 - HKCU\..\Run: [SiemensPulseCheckSurvey] C:\Users\atw11ge1\AppData\Roaming\Siemens\PCS\PCSLauncher.exe
O4 - HKCU\..\Run: [Google Update] C:\Users\atw11ge1\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe
O4 - HKCU\..\Run: [circuitcontactcard] C:\Users\atw11ge1\AppData\Local\Unify\Circuit Contact Card Provider\circuitcontactcard.exe
O4 - HKCU\..\RunOnce: [Application Restart #1] C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe" "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe" "C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe"
O4 - HKUS\S-1-5-18\..\Run: [Greenshot] C:\Program Files\GREENSHOT\Greenshot.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Greenshot] C:\Program Files\GREENSHOT\Greenshot.exe (User 'Default user')
O4 - Startup: regedit tweaks.lnk = C:\Windows\regedit.exe
O4 - Startup: Windows Explorer.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.apac-ps-share.healthcare.siemens.com
O15 - Trusted Zone: *.apac-share.healthcare.siemens.com
O15 - Trusted Zone: *.cx-ps-share.healthcare.siemens.com
O15 - Trusted Zone: *.cx-share.healthcare.siemens.com
O15 - Trusted Zone: *.emea-ps-share.healthcare.siemens.com
O15 - Trusted Zone: *.emea-share.healthcare.siemens.com
O15 - Trusted Zone: *.row-uat-share.healthcare.siemens.com
O15 - Trusted Zone: *.share-apac.med.siemens.de
O15 - Trusted Zone: *.share-emea.med.siemens.de
O15 - Trusted Zone: *.siemens-poc-eu.flexiblessl.com
O15 - Trusted Zone: ura.siemens.com
O15 - Trusted Zone: ura-ae.siemens.com
O15 - Trusted Zone: ura-cn.siemens.com
O15 - Trusted Zone: ura-jp.siemens.com
O15 - Trusted Zone: ura-sa.siemens.com
O15 - Trusted Zone: *.usmlvv1sbl142-share.healthcare.siemens.com
O15 - Trusted Zone: *.usmlvv1sbl280-share.healthcare.siemens.com
O15 - Trusted Zone: *.usmlvv1sbl541-share.healthcare.siemens.com
O15 - Trusted Zone: *.usmlvv1sbl687-share.healthcare.siemens.com
O15 - Trusted Zone: *.usmlvv1sbl882-share.healthcare.siemens.com
O15 - ESC Trusted Zone: http://*.connectify.me
O15 - ESC Trusted Zone: http://*.fastspring.com
O15 - ESC Trusted Zone: http://*.connectify.me (HKLM)
O15 - ESC Trusted Zone: http://*.fastspring.com (HKLM)
O16 - DPF: {8E375A63-C616-46F1-AC77-59DF78F3A826} (PulseSetupClientControl Class) - https://pulsesecure.net/dana-cached/sc/PulseSetupClient.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad005.onehc.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{413DD9FE-1666-4962-ADC5-907920C2D856}: Domain = ad001.siemens.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{413DD9FE-1666-4962-ADC5-907920C2D856}: NameServer = 129.103.99.235,129.103.99.237
O17 - HKLM\System\CCS\Services\Tcpip\..\{668429FC-243A-4ACA-938E-56EA3364269D}: NameServer = 194.48.139.254 194.48.128.199
O17 - HKLM\System\CCS\Services\Tcpip\..\{9296A51F-6CD9-4894-A928-C70142B2F3D9}: Domain = ad001.siemens.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{9296A51F-6CD9-4894-A928-C70142B2F3D9}: NameServer = 129.103.99.235,129.103.99.237
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad005.onehc.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ad005.onehc.net,ad001.siemens.net,ww005.siemens.net,ww002.siemens.net,ww500.siemens.net,med.siemens.de,wurmloch.siemens.de,siemens.net,ww300.siemens.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad005.onehc.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ad005.onehc.net,ad001.siemens.net,ww005.siemens.net,ww002.siemens.net,ww500.siemens.net,med.siemens.de,wurmloch.siemens.de,siemens.net,ww300.siemens.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ad005.onehc.net,ad001.siemens.net,ww005.siemens.net,ww002.siemens.net,ww500.siemens.net,med.siemens.de,wurmloch.siemens.de,siemens.net,ww300.siemens.net
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\module\BES\IE32\TmBpIe32.dll
O18 - Protocol: tmop - {69FD7CE3-4604-4FE6-967C-49B9735CEE70} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopIEPlg32.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Pulse Secure, LLC - C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FJRadioSwitchUtilityService - FUJITSU LIMITED - C:\Program Files\Fujitsu\RadioSwitchUtility\RadioSwitchUtilityDaemon.exe
O23 - Service: FJStatusPanelSwitchDaemon - FUJITSU LIMITED - C:\Program Files\Fujitsu\StatusPanelSwitch\StatusPanelSwitchDaemon.exe
O23 - Service: FUJ02E3Service - FUJITSU LIMITED - C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel Bluetooth Service (iBtSiva) - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Pulse Secure, LLC - C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: KService - Kollective Inc. - C:\Program Files (x86)\Kontiki\KService.exe
O23 - Service: SG LAN Crypt Service (LCSERV) - Sophos Limited - C:\Program Files (x86)\Sophos\SafeGuard LAN Crypt\Service\lcservn.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: OfficeScan NT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: O2FLASH - BayHubTech/O2Micro International - C:\WINDOWS\system32\DRIVERS\o2flash.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Pulse Secure Service (PulseSecureService) - Pulse Secure, LLC - C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe
O23 - Service: Dell Migration Manager RUM Agent Service (QsRUMAgent) - Dell Software Inc - C:\WINDOWS\Quest Resource Updating Agent\QsResourceUpdatingAgent.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: VNC Server Version 4 for Siemens IT (sit-WinVNC4) - RealVNC Ltd. - C:\Program Files (x86)\RealVNC4GAIN\VNC4\winvnc4.exe
O23 - Service: SMS Task Sequence Agent (smstsmgr) - Unknown owner - C:\WINDOWS\SysWOW64\CCM\TSManager.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Sierra Wireless Service (SwiService) - Sierra Wireless, Inc. - C:\Program Files (x86)\Sierra Wireless Inc\Utils\SWIService.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
O23 - Service: OfficeScan Common Client Solution Framework (TmCCSF) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\TmCCSF.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: UCMS - Unknown owner - C:\Program Files\Siemens\UCMS\Core\UCMS.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wondershare Application Framework Service (WsAppService) - Wondershare - C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe
O23 - Service: Wondershare Driver Install Service (WsDrvInst) - Unknown owner - C:\Program Files (x86)\Wondershare\Wondershare TunesGo Retro (Deutsch)(CPC)\DriverInstall.exe (file missing)
--
End of file - 16946 bytes
2007 Microsoft Office Suite Service Pack 3 (SP3)
2007 Microsoft Office Suite Service Pack 3 (SP3)
2007 Microsoft Office Suite Service Pack 3 (SP3)
2007 Microsoft Office Suite Service Pack 3 (SP3)
2007 Microsoft Office Suite Service Pack 3 (SP3)
2007 Microsoft Office Suite Service Pack 3 (SP3)
2007 Microsoft Office Suite Service Pack 3 (SP3)
2007 Microsoft Office Suite Service Pack 3 (SP3)
2007 Microsoft Office Suite Service Pack 3 (SP3)
2007 Microsoft Office Suite Service Pack 3 (SP3)
2007 Microsoft Office Suite Service Pack 3 (SP3)
2007 Microsoft Office Suite Service Pack 3 (SP3)
2007 Microsoft Office Suite Service Pack 3 (SP3)
2007 Microsoft Office Suite Service Pack 3 (SP3)
2007 Microsoft Office Suite Service Pack 3 (SP3)
2007 Microsoft Office Suite Service Pack 3 (SP3)
2007 Microsoft Office Suite Service Pack 3 (SP3)
ACDSee 32
Adobe Acrobat Reader 2017 MUI
Adobe Flash Player 30 ActiveX
Adobe Photoshop CS
Adobe Shockwave Player 12.3
Adobe SVG Viewer
Adobe SVG Viewer 3.0
Allok AVI DivX MPEG to DVD Converter 2.2.0429
Apple Application Support (32-Bit)
Apple Software Update
Authorware Web Player
Bitwig 8-Track
Bree-SH
CDBurnerXP
CDex extraction audio
Circuit Desktop App 1.2.1606
Circuit for Outlook
Circuit for Outlook Admin Package
Circuit for Outlook Bundle
Circuit for Outlook Connector
Cisco WebEx Meeting Center
CoffeeCup Free FTP
Dell Resource Updating Agent 8.11
DVD Decrypter (Remove Only)
EasyGPS 2.7.5
EMET 5.5
EMET 5.5 Config Update
Fujitsu Hotkey Utility
Fujitsu Hotkey Utility
Fujitsu System Extension Utility
Function Manager
GoldWave v5.68
Google Chrome
Google Update Helper
Google Update Helper
Hotkey-Detektiv
Internet Explorer 11
Java 8 Update 181 32-bit
KeePass 2.34
Kollective SD ECDN Agent
LIFEBOOK Application Panel
MetaTrader 4 at FOREX.com 4.00
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (French) 2007
Microsoft Office Access MUI (German) 2007
Microsoft Office Access MUI (Spanish) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Excel MUI (Spanish) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office InfoPath MUI (French) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office InfoPath MUI (Spanish) 2007
Microsoft Office Language Pack 2007 Service Pack 3 (SP3)
Microsoft Office Language Pack 2007 Service Pack 3 (SP3)
Microsoft Office Language Pack 2007 Service Pack 3 (SP3)
Microsoft Office Language Pack 2007 Service Pack 3 (SP3)
Microsoft Office Language Pack 2007 Service Pack 3 (SP3)
Microsoft Office Language Pack 2007 Service Pack 3 (SP3)
Microsoft Office Language Pack 2007 Service Pack 3 (SP3)
Microsoft Office Language Pack 2007 Service Pack 3 (SP3)
Microsoft Office Language Pack 2007 Service Pack 3 (SP3)
Microsoft Office Language Pack 2007 Service Pack 3 (SP3)
Microsoft Office Language Pack 2007 Service Pack 3 (SP3)
Microsoft Office Language Pack 2007 Service Pack 3 (SP3)
Microsoft Office Language Pack 2007 Service Pack 3 (SP3)
Microsoft Office Language Pack 2007 Service Pack 3 (SP3)
Microsoft Office Language Pack 2007 Service Pack 3 (SP3)
Microsoft Office Language Pack 2007 Service Pack 3 (SP3)
Microsoft Office Language Pack 2007 Service Pack 3 (SP3)
Microsoft Office Language Pack 2007 Service Pack 3 (SP3)
Microsoft Office Language Pack 2007 Service Pack 3 (SP3)
Microsoft Office Language Pack 2007 Service Pack 3 (SP3)
Microsoft Office Language Pack 2007 Service Pack 3 (SP3)
Microsoft Office Language Pack 2007 Service Pack 3 (SP3)
Microsoft Office Language Pack 2007 Service Pack 3 (SP3)
Microsoft Office Language Pack 2007 Service Pack 3 (SP3)
Microsoft Office Language Pack 2007 Service Pack 3 (SP3)
Microsoft Office Language Pack 2007 Service Pack 3 (SP3)
Microsoft Office Language Pack 2007 Service Pack 3 (SP3)
Microsoft Office Language Pack 2007 Service Pack 3 (SP3)
Microsoft Office Language Pack 2007 Service Pack 3 (SP3)
Microsoft Office Language Pack 2007 Service Pack 3 (SP3)
Microsoft Office Language Pack 2007 Service Pack 3 (SP3)
Microsoft Office Language Pack 2007 Service Pack 3 (SP3)
Microsoft Office Language Pack 2007 Service Pack 3 (SP3)
Microsoft Office Language Pack 2007 Service Pack 3 (SP3)
Microsoft Office Language Pack 2007 Service Pack 3 (SP3)
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (French) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office Outlook MUI (Spanish) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office PowerPoint MUI (Spanish) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing (Spanish) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (French) 2007
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Publisher MUI (Spanish) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Shared MUI (Spanish) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Office Word MUI (Spanish) 2007
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2013 Redistributable - x64
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24123
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24123
Mindjet MindManager Viewer 7 English
Mozilla Firefox 45.6.0 ESR (x86 en-US)
Mozilla Maintenance Service
Nero Burning Core
Nero Burning ROM
Nero Burning ROM 2014
Nero Burning ROM Help (CHM)
Nero ControlCenter
Nero ControlCenter Help (CHM)
Nero Core Components
Nero Info
Nero SharedVideoCodecs
Nero Update
O2Micro Flash Memory Card Windows Driver
O2Micro OZ776 SCR Driver
OF0000199 Office 2007 Prof. SCCS
PDF Password Remover v3.1
Pointing Device Utility
Pulse Check Survey
Pulse Secure 5.3
Pulse Secure Installer Service
Pulse Secure Installer Service 8.1
Pulse Secure Network Connect 8.0
Pulse Secure Network Connect 8.1
Pulse Secure Setup Client Activex Control
Pulse Secure Setup Client Activex Control
RealVNC Enterprise Edition SIT4.5.3 (SVR)
Report As SPAM
Schriftart code_128ttf
SCMS
Security Update for Microsoft Office 2007 suites (KB2596650) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596904) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2825645) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2825645) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880514) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881067) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2956110) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2984938) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2984943) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2986253) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB3085549) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB3213641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB3213646) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB4011656) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB4011656) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB4011656) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB4011656) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB4011715) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB2596614) 32-Bit Edition
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB4011717) 32-Bit Edition
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB4018354) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB4018353) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB3114426) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB4011200) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB4011200) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB4011200) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB4011200) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB4011200) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB3213642) 32-Bit Edition
Security Update for Microsoft Office Visio Viewer 2007 (KB2596915) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB4018355) 32-Bit Edition
Siemens Corporate Forms V5
Siemens Fonts 2001
Sierra Wireless Fujitsu Mobile Broadband Driver Package
SWI Software Package Runtime
Trend Micro OfficeScan Agent
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4.7 (KB4040973)
Update for Microsoft .NET Framework 4.7 (KB4041778)
Update for Microsoft .NET Framework 4.7 (KB4043764)
Update for Microsoft .NET Framework 4.7 (KB4054981)
Update for Microsoft .NET Framework 4.7 (KB4074880)
Update for Microsoft .NET Framework 4.7 (KB4096418)
Update for Microsoft .NET Framework 4.7 (KB4338420)
Update for Microsoft .NET Framework 4.7 (KB4344146)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2965286) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB3213646) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB3213646) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB3213646) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB3213649) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 (KB4011203) 32-Bit Edition
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2553110)
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
URA V2.0 connection 1.0
Winamp
WinRAR archiver
WinZip
Wireless Radio Switch Utility
Xilisoft Video Converter Ultimate 6
XMedia Recode Version 3.3.7.4
XnView 2.40