| |
| |||||||
Log-Analyse und Auswertung: HEUR:Exploit.Script.Generic durch Kaspersky entdeckt - ist der Befall wirklich bereinigt?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.07.2014, 11:51
| #1 |
| |  HEUR:Exploit.Script.Generic durch Kaspersky entdeckt - ist der Befall wirklich bereinigt? Liebe Leute, nachdem ich mir kürzlich seit Äonen das erste Mal wieder eine Bezahlantivirensoftware gekauft habe (Kaspersky), nach jahrelanger Nutzung von Antivir und Co., wurde da bei einem Komplettscan sofort etwas gefunden: HEUR:Exploit.Script.Generic und noch ein zweites Objekt. Kaspersky bezeichnete es als Malware (Internet sagt Trojaner), desinfizierte und löschte angeblich. Ich finde die Logfile von Kasperky nicht, deswegen weiß ich nur den Namen des einen Fundes, den zweiten habe ich mir nicht gemerkt (ich dachte, ich kann das problemlos nach der Bereinigung nochmal anschauen und nun finde ich es nicht!). So, nun frage ich mich, ob die Schadsoftware wirklich verschwunden ist - der Rechner ist schon länger extrem langsam, aber da kann der Fehler auch vor dem Rechner sitzen (ich bin leider nicht so versiert)! Ich bin total paranoid  Ich habe eure Anleitung befolgt. Bei defogger hatte ich nicht den Eindruck, dass alles korrekt funktioniert hat, der Scan dauerte nicht mal eine Nanosekunde. Und bei GMER kamen zwei Fehlermeldungen ("Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird", und zwar bei netuser.dat und system). Hier die Logs (aufgesplitted, sonst hat der Text 17.000 Zeichen): Defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:23 on 07/07/2014 (Entenrechner)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01
Ran by Entenrechner (administrator) on ENTE on 07-07-2014 12:09:47
Running from C:\Users\Entenrechner\Desktop
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
() C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Entenrechner\Desktop\Tor Browser\App\vidalia.exe
() C:\Users\Entenrechner\Desktop\Tor Browser\App\tor.exe
(Mozilla Corporation) C:\Users\Entenrechner\Desktop\Tor Browser\FirefoxPortable\App\Firefox\tbb-firefox.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Atheros Communications)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2862448 2012-08-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-09-25] (Adobe Systems Incorporated)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328 2013-11-05] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-927294191-717072922-153577076-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [405504 2012-07-26] (Microsoft Corporation)
HKU\S-1-5-21-927294191-717072922-153577076-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-927294191-717072922-153577076-1002\...\MountPoints2: {fab7ab6a-baa4-11e3-bf2d-2016d843b6e9} - "E:\LaunchU3.exe" -a
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [266448 2013-06-21] (NVIDIA Corporation)
AppInit_DLLs: , C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll => C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll [653600 2013-07-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [214448 2013-06-21] (NVIDIA Corporation)
AppInit_DLLs-x32: , C:\Program Files (x86)\NVIDIA Corporation\NvStreamSrv\rxinput.dll => C:\Program Files (x86)\NVIDIA Corporation\NvStreamSrv\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Entenrechner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
SearchScopes: HKLM - DefaultScope {50952DBE-9475-4D32-B175-B9D835C33E99} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {50952DBE-9475-4D32-B175-B9D835C33E99} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - DefaultScope {50952DBE-9475-4D32-B175-B9D835C33E99} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {50952DBE-9475-4D32-B175-B9D835C33E99} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - DefaultScope {50952DBE-9475-4D32-B175-B9D835C33E99} URL =
SearchScopes: HKCU - {50952DBE-9475-4D32-B175-B9D835C33E99} URL =
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Entenrechner\AppData\Roaming\Mozilla\Firefox\Profiles\mn47gpws.default-1403556973923
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\Entenrechner\AppData\Roaming\Mozilla\Firefox\Profiles\mn47gpws.default-1403556973923\Extensions\donottrackplus@abine.com [2014-06-30]
FF Extension: WOT - C:\Users\Entenrechner\AppData\Roaming\Mozilla\Firefox\Profiles\mn47gpws.default-1403556973923\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-06-30]
FF Extension: Ghostery - C:\Users\Entenrechner\AppData\Roaming\Mozilla\Firefox\Profiles\mn47gpws.default-1403556973923\Extensions\firefox@ghostery.com.xpi [2014-07-04]
FF Extension: NoScript - C:\Users\Entenrechner\AppData\Roaming\Mozilla\Firefox\Profiles\mn47gpws.default-1403556973923\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-06-30]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-07-05]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-07-05]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-07-05]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-07-05]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-07-05]
==================== Services (Whitelisted) =================
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-05-28] (Kaspersky Lab ZAO)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-04-12] (IvoSoft) [File not signed]
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-05-28] () [File not signed]
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]
S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe" [X]
==================== Drivers (Whitelisted) ====================
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-28] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-05-28] (Kaspersky Lab)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-05-28] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-05-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2014-05-28] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-05-28] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-05-28] (Kaspersky Lab ZAO)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-12-03] (Windows (R) 2003 DDK 3790 provider)
S3 SBIOSIO; \??\C:\Windows\Temp\SBIOSIO64.SYS [X]
S3 TVICPORT; \??\C:\windows\system32\DRIVERS\TVICPORT.SYS [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-07 12:09 - 2014-07-07 12:10 - 00022314 _____ () C:\Users\Entenrechner\Desktop\FRST.txt
2014-07-07 12:09 - 2014-07-07 12:09 - 02084352 _____ (Farbar) C:\Users\Entenrechner\Desktop\FRST64.exe
2014-07-07 12:09 - 2014-07-07 12:09 - 00000000 ____D () C:\FRST
2014-07-07 12:07 - 2014-07-07 12:07 - 00000000 _____ () C:\Users\Entenrechner\defogger_reenable
2014-07-07 12:06 - 2014-07-07 12:06 - 00050477 _____ () C:\Users\Entenrechner\Desktop\Defogger.exe
2014-07-07 11:48 - 2014-07-07 11:48 - 00000000 ___RD () C:\Users\Entenrechner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-07-07 11:47 - 2014-07-07 11:47 - 00000022 _____ () C:\windows\S.dirmngr
2014-07-07 01:46 - 2014-07-07 01:46 - 00000000 ____D () C:\Users\Entenrechner\AppData\Roaming\.kde
2014-07-07 01:46 - 2014-07-07 01:46 - 00000000 ____D () C:\Users\Entenrechner\AppData\Local\GNU
2014-07-07 00:41 - 2014-07-07 01:48 - 00000000 ____D () C:\Users\Entenrechner\Desktop\ALtonale
2014-07-06 17:09 - 2014-07-07 02:50 - 00259298 _____ () C:\windows\WindowsUpdate.log
2014-07-05 01:39 - 2014-07-05 01:39 - 00001359 _____ () C:\Users\Entenrechner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security.lnk
2014-07-05 01:37 - 2014-07-07 12:04 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-05 01:37 - 2014-07-05 01:37 - 00001162 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-07-05 01:37 - 2014-07-05 01:37 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-07-05 01:37 - 2014-05-28 16:38 - 00625760 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klif.sys
2014-07-05 01:37 - 2014-05-28 16:38 - 00115296 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klflt.sys
2014-07-05 01:37 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\windows\system32\klfphc.dll
2014-07-01 15:55 - 2014-07-07 02:00 - 00000000 ____D () C:\Users\Entenrechner\AppData\Local\Adobe
2014-07-01 09:03 - 2014-07-01 09:03 - 00022281 _____ () C:\Users\Entenrechner\Desktop\Adressen.odt
2014-06-23 22:56 - 2014-06-23 22:56 - 00000000 ____D () C:\Users\Entenrechner\Desktop\Alte Firefox-Daten
2014-06-23 22:55 - 2014-06-30 14:48 - 00032165 _____ () C:\Users\Entenrechner\Desktop\Offener Brief.odt
2014-06-12 20:46 - 2014-07-07 02:50 - 00001922 _____ () C:\windows\PFRO.log
2014-06-12 00:16 - 2014-06-13 12:30 - 00033340 _____ () C:\Users\Entenrechner\Desktop\Beschwerde Anhalt 11. Juni.odt
2014-06-11 14:38 - 2014-06-11 18:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-11 14:37 - 2014-06-11 14:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-10 12:46 - 2014-06-10 15:24 - 00015374 _____ () C:\Users\Entenrechner\Desktop\Herr Kießig neu eNummer.odt
2014-06-10 12:43 - 2014-06-10 15:36 - 00021580 _____ () C:\Users\Entenrechner\Desktop\Frau Harten Chavez NACHHAKEN.odt
==================== One Month Modified Files and Folders =======
2014-07-07 12:10 - 2014-07-07 12:09 - 00022314 _____ () C:\Users\Entenrechner\Desktop\FRST.txt
2014-07-07 12:09 - 2014-07-07 12:09 - 02084352 _____ (Farbar) C:\Users\Entenrechner\Desktop\FRST64.exe
2014-07-07 12:09 - 2014-07-07 12:09 - 00000000 ____D () C:\FRST
2014-07-07 12:07 - 2014-07-07 12:07 - 00000000 _____ () C:\Users\Entenrechner\defogger_reenable
2014-07-07 12:07 - 2013-05-22 11:58 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-07-07 12:07 - 2013-05-22 11:14 - 00000000 ____D () C:\Users\Entenrechner
2014-07-07 12:06 - 2014-07-07 12:06 - 00050477 _____ () C:\Users\Entenrechner\Desktop\Defogger.exe
2014-07-07 12:04 - 2014-07-05 01:37 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-07 12:00 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sru
2014-07-07 11:51 - 2012-10-20 07:47 - 00000000 ____D () C:\ProgramData\WinClon
2014-07-07 11:48 - 2014-07-07 11:48 - 00000000 ___RD () C:\Users\Entenrechner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-07-07 11:47 - 2014-07-07 11:47 - 00000022 _____ () C:\windows\S.dirmngr
2014-07-07 11:47 - 2012-07-26 09:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-07 02:50 - 2014-07-06 17:09 - 00259298 _____ () C:\windows\WindowsUpdate.log
2014-07-07 02:50 - 2014-06-12 20:46 - 00001922 _____ () C:\windows\PFRO.log
2014-07-07 02:47 - 2013-07-08 20:00 - 00000000 ____D () C:\Users\Entenrechner\AppData\Roaming\gnupg
2014-07-07 02:29 - 2012-10-20 07:54 - 00000360 _____ () C:\windows\Tasks\Xerox PhotoCafe Communicator.job
2014-07-07 02:02 - 2013-05-22 16:15 - 00000000 ____D () C:\Users\Entenrechner\AppData\Local\CrashDumps
2014-07-07 02:00 - 2014-07-01 15:55 - 00000000 ____D () C:\Users\Entenrechner\AppData\Local\Adobe
2014-07-07 01:48 - 2014-07-07 00:41 - 00000000 ____D () C:\Users\Entenrechner\Desktop\ALtonale
2014-07-07 01:46 - 2014-07-07 01:46 - 00000000 ____D () C:\Users\Entenrechner\AppData\Roaming\.kde
2014-07-07 01:46 - 2014-07-07 01:46 - 00000000 ____D () C:\Users\Entenrechner\AppData\Local\GNU
2014-07-06 17:13 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-07-06 17:10 - 2014-04-30 13:10 - 00000000 ____D () C:\Users\Entenrechner\Desktop\Backup
2014-07-05 01:39 - 2014-07-05 01:39 - 00001359 _____ () C:\Users\Entenrechner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security.lnk
2014-07-05 01:37 - 2014-07-05 01:37 - 00001162 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-07-05 01:37 - 2014-07-05 01:37 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-07-05 01:37 - 2012-07-26 10:12 - 00000000 ___HD () C:\windows\ELAMBKUP
2014-07-05 01:37 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-07-01 09:03 - 2014-07-01 09:03 - 00022281 _____ () C:\Users\Entenrechner\Desktop\Adressen.odt
2014-06-30 14:48 - 2014-06-23 22:55 - 00032165 _____ () C:\Users\Entenrechner\Desktop\Offener Brief.odt
2014-06-23 22:56 - 2014-06-23 22:56 - 00000000 ____D () C:\Users\Entenrechner\Desktop\Alte Firefox-Daten
2014-06-22 18:47 - 2013-08-15 22:24 - 00768688 _____ () C:\windows\system32\perfh019.dat
2014-06-22 18:47 - 2013-08-15 22:24 - 00157826 _____ () C:\windows\system32\perfc019.dat
2014-06-22 18:47 - 2012-10-20 22:21 - 00753134 _____ () C:\windows\system32\perfh007.dat
2014-06-22 18:47 - 2012-10-20 22:21 - 00155826 _____ () C:\windows\system32\perfc007.dat
2014-06-22 18:47 - 2012-07-26 09:28 - 02671956 _____ () C:\windows\system32\PerfStringBackup.INI
2014-06-13 12:30 - 2014-06-12 00:16 - 00033340 _____ () C:\Users\Entenrechner\Desktop\Beschwerde Anhalt 11. Juni.odt
2014-06-12 20:46 - 2013-07-01 16:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-11 18:54 - 2014-06-11 14:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-11 14:37 - 2014-06-11 14:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-10 15:36 - 2014-06-10 12:43 - 00021580 _____ () C:\Users\Entenrechner\Desktop\Frau Harten Chavez NACHHAKEN.odt
2014-06-10 15:24 - 2014-06-10 12:46 - 00015374 _____ () C:\Users\Entenrechner\Desktop\Herr Kießig neu eNummer.odt
Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-06 17:32
==================== End Of Log ============================
--- --- --- Geändert von Myriam84 (07.07.2014 um 11:58 Uhr) |
|
07.07.2014, 11:53
| #2 |
| | HEUR:Exploit.Script.Generic durch Kaspersky entdeckt - ist der Befall wirklich bereinigt? GMER
__________________Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-07 12:19:57
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003d rev. 0.00MB
Running: Gmer-19357.exe; Driver: C:\Users\Entenrechner\AppData\Local\Temp\pxloapow.sys
---- User code sections - GMER 2.1 ----
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\KERNEL32.DLL!RegQueryValueExW 000007fea7fe6764 9 bytes JMP 000007ffa73f0308
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\KERNEL32.DLL!RegSetValueExW 000007fea7ffd000 8 bytes JMP 000007ffa73f03b0
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\KERNEL32.DLL!RegDeleteValueW 000007fea8004890 7 bytes JMP 000007ffa73f0340
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007fea800d8f8 7 bytes JMP 000007ffa73f0260
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007fea801b1a4 7 bytes JMP 000007ffa73f0298
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007fea801b214 7 bytes JMP 000007ffa73f02d0
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007fea801b238 8 bytes JMP 000007ffa73f0228
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\KERNEL32.DLL!RegSetValueExA 000007fea801b87c 8 bytes JMP 000007ffa73f0378
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fea7402850 1 byte JMP 000007ffa73f00d8
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW + 2 000007fea7402852 5 bytes {JMP 0xfffffffffffed888}
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fea7402898 5 bytes JMP 000007ffa73f0180
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fea74070e0 6 bytes JMP 000007ffa73f0148
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fea74073fc 5 bytes JMP 000007ffa73f0110
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\USER32.dll!CreateWindowExW 000007fea79bc5b0 7 bytes JMP 000007ffa73f0490
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 000007fea79c31f0 9 bytes JMP 000007ffa73f03e8
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\USER32.dll!EnumDisplayDevicesW 000007fea79c33e0 5 bytes JMP 000007ffa73f0458
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\USER32.dll!EnumDisplayDevicesA 000007fea79c7160 5 bytes JMP 000007ffa73f0420
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fea9ba10b0 8 bytes JMP 000007ffa73f01f0
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fea9bb11b0 8 bytes JMP 000007ffa73f01b8
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\dxgi.dll!CreateDXGIFactory1 000007fea5c96d10 5 bytes JMP 000007ffa5c80110
.text C:\windows\system32\dwm.exe[584] C:\windows\system32\dxgi.dll!CreateDXGIFactory 000007fea5c9d060 5 bytes JMP 000007ffa5c800d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1224] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fea5bb1532 4 bytes [BB, A5, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1224] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fea5bb153a 4 bytes [BB, A5, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1224] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fea5bb165a 4 bytes [BB, A5, FE, 07]
.text C:\windows\system32\nvvsvc.exe[1232] C:\windows\system32\MSIMG32.dll!GradientFill + 690 000007fea5bb1532 4 bytes [BB, A5, FE, 07]
.text C:\windows\system32\nvvsvc.exe[1232] C:\windows\system32\MSIMG32.dll!GradientFill + 698 000007fea5bb153a 4 bytes [BB, A5, FE, 07]
.text C:\windows\system32\nvvsvc.exe[1232] C:\windows\system32\MSIMG32.dll!TransparentBlt + 246 000007fea5bb165a 4 bytes [BB, A5, FE, 07]
.text C:\windows\system32\nvvsvc.exe[1232] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007feaa1e177a 4 bytes [1E, AA, FE, 07]
.text C:\windows\system32\nvvsvc.exe[1232] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007feaa1e1782 4 bytes [1E, AA, FE, 07]
.text C:\windows\System32\svchost.exe[2088] c:\windows\system32\WSOCK32.dll!recvfrom + 742 000007fe9fec1b32 4 bytes [EC, 9F, FE, 07]
.text C:\windows\System32\svchost.exe[2088] c:\windows\system32\WSOCK32.dll!recvfrom + 750 000007fe9fec1b3a 4 bytes [EC, 9F, FE, 07]
.text C:\windows\System32\svchost.exe[2280] c:\windows\system32\WSOCK32.dll!recvfrom + 742 000007fe9fec1b32 4 bytes [EC, 9F, FE, 07]
.text C:\windows\System32\svchost.exe[2280] c:\windows\system32\WSOCK32.dll!recvfrom + 750 000007fe9fec1b3a 4 bytes [EC, 9F, FE, 07]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2464] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fea5bb1532 4 bytes [BB, A5, FE, 07]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2464] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fea5bb153a 4 bytes [BB, A5, FE, 07]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[2464] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fea5bb165a 4 bytes [BB, A5, FE, 07]
.text C:\windows\Explorer.EXE[2612] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fea5bb1532 4 bytes [BB, A5, FE, 07]
.text C:\windows\Explorer.EXE[2612] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fea5bb153a 4 bytes [BB, A5, FE, 07]
.text C:\windows\Explorer.EXE[2612] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fea5bb165a 4 bytes [BB, A5, FE, 07]
.text C:\windows\Explorer.EXE[2612] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fe9fec1b32 4 bytes [EC, 9F, FE, 07]
.text C:\windows\Explorer.EXE[2612] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fe9fec1b3a 4 bytes [EC, 9F, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3012] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fea5bb1532 4 bytes [BB, A5, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3012] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fea5bb153a 4 bytes [BB, A5, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3012] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fea5bb165a 4 bytes [BB, A5, FE, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4448] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fea5bb1532 4 bytes [BB, A5, FE, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4448] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fea5bb153a 4 bytes [BB, A5, FE, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4448] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fea5bb165a 4 bytes [BB, A5, FE, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\KERNEL32.dll!RegQueryValueExW 000007fea7fe6764 9 bytes JMP 000007ffa73d03e8
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\KERNEL32.dll!RegSetValueExW 000007fea7ffd000 8 bytes JMP 000007ffa73d0490
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\KERNEL32.dll!RegDeleteValueW 000007fea8004890 7 bytes JMP 000007ffa73d0420
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\KERNEL32.dll!K32GetModuleFileNameExW 000007fea800d8f8 7 bytes JMP 000007ffa73d0340
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\KERNEL32.dll!K32GetMappedFileNameW 000007fea801b1a4 7 bytes JMP 000007ffa73d0378
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\KERNEL32.dll!K32GetModuleInformation 000007fea801b214 7 bytes JMP 000007ffa73d03b0
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 000007fea801b238 8 bytes JMP 000007ffa73d0308
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\KERNEL32.dll!RegSetValueExA 000007fea801b87c 8 bytes JMP 000007ffa73d0458
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fea7402850 1 byte JMP 000007ffa73d00d8
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW + 2 000007fea7402852 5 bytes {JMP 0xfffffffffffcd888}
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\KERNELBASE.dll!FreeLibrary 000007fea7402898 5 bytes JMP 000007ffa73d0180
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fea74070e0 6 bytes JMP 000007ffa73d0148
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fea74073fc 5 bytes JMP 000007ffa73d0110
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\USER32.dll!CreateWindowExW 000007fea79bc5b0 7 bytes JMP 000007ffa73d0570
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 000007fea79c31f0 9 bytes JMP 000007ffa73d04c8
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\USER32.dll!EnumDisplayDevicesW 000007fea79c33e0 5 bytes JMP 000007ffa73d0538
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\USER32.dll!EnumDisplayDevicesA 000007fea79c7160 5 bytes JMP 000007ffa73d0500
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fea9ba10b0 8 bytes JMP 000007ffa73d01f0
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fea9bb11b0 8 bytes JMP 000007ffa73d01b8
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\SYSTEM32\combase.dll!CoCreateInstance 000007fea9692100 5 bytes JMP 000007ffa73d0228
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\SYSTEM32\combase.dll!CoSetProxyBlanket 000007fea96a5d4c 7 bytes JMP 000007ffa73d0260
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fea5bb1532 4 bytes [BB, A5, FE, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fea5bb153a 4 bytes [BB, A5, FE, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fea5bb165a 4 bytes [BB, A5, FE, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\SYSTEM32\d3d9.dll!Direct3DCreate9Ex 000007fe9fbaada0 5 bytes JMP 000007fea73d02d0
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[4524] C:\windows\SYSTEM32\d3d9.dll!Direct3DCreate9 000007fe9fbcd6c8 6 bytes JMP 000007fea73d0298
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4556] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fea5bb1532 4 bytes [BB, A5, FE, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4556] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fea5bb153a 4 bytes [BB, A5, FE, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4556] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fea5bb165a 4 bytes [BB, A5, FE, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4556] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fe9fec1b32 4 bytes [EC, 9F, FE, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4556] C:\windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fe9fec1b3a 4 bytes [EC, 9F, FE, 07]
.text C:\Program Files\Elantech\ETDCtrl.exe[4580] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fea5bb1532 4 bytes [BB, A5, FE, 07]
.text C:\Program Files\Elantech\ETDCtrl.exe[4580] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fea5bb153a 4 bytes [BB, A5, FE, 07]
.text C:\Program Files\Elantech\ETDCtrl.exe[4580] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fea5bb165a 4 bytes [BB, A5, FE, 07]
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4116] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fea5bb1532 4 bytes [BB, A5, FE, 07]
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4116] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fea5bb153a 4 bytes [BB, A5, FE, 07]
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4116] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fea5bb165a 4 bytes [BB, A5, FE, 07]
.text C:\Windows\System32\igfxpers.exe[4024] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007feaa1e177a 4 bytes [1E, AA, FE, 07]
.text C:\Windows\System32\igfxpers.exe[4024] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007feaa1e1782 4 bytes [1E, AA, FE, 07]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007feaa40104d 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!RtlEnterCriticalSection + 39 000007feaa401087 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!RtlRestoreLastWin32Error + 34 000007feaa4010b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77 000007feaa40110d 24 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!_local_unwind + 36 000007feaa401184 64 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!memcmp + 199 000007feaa401297 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!strcat + 144 000007feaa401360 16 bytes {JMP 0xffffffffffffff8c}
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!strcpy + 183 000007feaa401437 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!strlen + 168 000007feaa4015b8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!strncat + 405 000007feaa401765 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!strncmp + 181 000007feaa401835 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!strncpy + 354 000007feaa4019b2 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!RtlGetCurrentProcessorNumberEx + 52 000007feaa401a24 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!NtdllDialogWndProc_W + 601 000007feaa401dee 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 99 000007feaa401e73 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 118 000007feaa402096 48 bytes {JMP 0xffffffffffffffc0}
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403 000007feaa4025b4 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!__chkstk + 77 000007feaa40261d 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!_setjmp + 160 000007feaa4026f0 16 bytes {JMP RAX}
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!longjmp + 236 000007feaa40289c 32 bytes {JMP 0xffffffffffffffb9}
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000007feaa402cb0 8 bytes {JMP QWORD [RIP-0x167]}
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007feaa402e30 8 bytes {JMP QWORD [RIP-0x2df]}
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007feaa402e60 8 bytes {JMP QWORD [RIP-0x4af]}
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007feaa402f80 2 bytes [FF, 25]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 3 000007feaa402f83 5 bytes [FA, FF, FF, 90, 90]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007feaa403030 8 bytes {JMP QWORD [RIP-0x677]}
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007feaa4036f1 8 bytes {JMP QWORD [RIP-0xaff]}
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 000007feaa4039d1 8 bytes {JMP QWORD [RIP-0xde7]}
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007feaa404251 8 bytes {JMP QWORD [RIP-0x166f]}
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\system32\wow64cpu.dll!CpuProcessInit + 616 00000000775215f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\system32\wow64cpu.dll!CpuProcessTerm + 3 00000000775215fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272 00000000775217d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\system32\wow64cpu.dll!CpuSetContext + 140 00000000775218c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000775218e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\system32\wow64cpu.dll!CpuSetStackPointer + 23 0000000077521903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000077521923 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 000000007752195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\system32\wow64cpu.dll!CpuProcessDebugEvent + 3 000000007752196b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4168] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000077521977 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007feaa40104d 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!RtlEnterCriticalSection + 39 000007feaa401087 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!RtlRestoreLastWin32Error + 34 000007feaa4010b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77 000007feaa40110d 24 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!_local_unwind + 36 000007feaa401184 64 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!memcmp + 199 000007feaa401297 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!strcat + 144 000007feaa401360 16 bytes {JMP 0xffffffffffffff8c}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!strcpy + 183 000007feaa401437 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!strlen + 168 000007feaa4015b8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!strncat + 405 000007feaa401765 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!strncmp + 181 000007feaa401835 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!strncpy + 354 000007feaa4019b2 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!RtlGetCurrentProcessorNumberEx + 52 000007feaa401a24 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!NtdllDialogWndProc_W + 601 000007feaa401dee 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 99 000007feaa401e73 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 118 000007feaa402096 48 bytes {JMP 0xffffffffffffffc0}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403 000007feaa4025b4 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!__chkstk + 77 000007feaa40261d 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!_setjmp + 160 000007feaa4026f0 16 bytes {JMP RAX}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!longjmp + 236 000007feaa40289c 32 bytes {JMP 0xffffffffffffffb9}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000007feaa402cb0 8 bytes {JMP QWORD [RIP-0x167]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007feaa402e30 8 bytes {JMP QWORD [RIP-0x2df]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007feaa402e60 8 bytes {JMP QWORD [RIP-0x4af]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007feaa402f80 2 bytes [FF, 25]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 3 000007feaa402f83 5 bytes [FA, FF, FF, 90, 90]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007feaa403030 8 bytes {JMP QWORD [RIP-0x677]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007feaa4036f1 8 bytes {JMP QWORD [RIP-0xaff]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 000007feaa4039d1 8 bytes {JMP QWORD [RIP-0xde7]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007feaa404251 8 bytes {JMP QWORD [RIP-0x166f]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\system32\wow64cpu.dll!CpuProcessInit + 616 00000000775215f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\system32\wow64cpu.dll!CpuProcessTerm + 3 00000000775215fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272 00000000775217d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\system32\wow64cpu.dll!CpuSetContext + 140 00000000775218c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000775218e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\system32\wow64cpu.dll!CpuSetStackPointer + 23 0000000077521903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000077521923 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 000000007752195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\system32\wow64cpu.dll!CpuProcessDebugEvent + 3 000000007752196b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[3380] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000077521977 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007feaa40104d 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!RtlEnterCriticalSection + 39 000007feaa401087 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!RtlRestoreLastWin32Error + 34 000007feaa4010b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77 000007feaa40110d 24 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!_local_unwind + 36 000007feaa401184 64 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!memcmp + 199 000007feaa401297 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!strcat + 144 000007feaa401360 16 bytes {JMP 0xffffffffffffff8c}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!strcpy + 183 000007feaa401437 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!strlen + 168 000007feaa4015b8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!strncat + 405 000007feaa401765 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!strncmp + 181 000007feaa401835 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!strncpy + 354 000007feaa4019b2 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!RtlGetCurrentProcessorNumberEx + 52 000007feaa401a24 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtdllDialogWndProc_W + 601 000007feaa401dee 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 99 000007feaa401e73 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 118 000007feaa402096 48 bytes {JMP 0xffffffffffffffc0}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403 000007feaa4025b4 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!__chkstk + 77 000007feaa40261d 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!_setjmp + 160 000007feaa4026f0 16 bytes {JMP RAX}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!longjmp + 236 000007feaa40289c 32 bytes {JMP 0xffffffffffffffb9}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000007feaa402cb0 8 bytes {JMP QWORD [RIP-0x167]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007feaa402e30 8 bytes {JMP QWORD [RIP-0x2df]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007feaa402e60 8 bytes {JMP QWORD [RIP-0x4af]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007feaa402f80 2 bytes [FF, 25]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 3 000007feaa402f83 5 bytes [FA, FF, FF, 90, 90]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007feaa403030 8 bytes {JMP QWORD [RIP-0x677]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007feaa4036f1 8 bytes {JMP QWORD [RIP-0xaff]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 000007feaa4039d1 8 bytes {JMP QWORD [RIP-0xde7]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007feaa404251 8 bytes {JMP QWORD [RIP-0x166f]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\system32\wow64cpu.dll!CpuProcessInit + 616 00000000775215f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\system32\wow64cpu.dll!CpuProcessTerm + 3 00000000775215fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272 00000000775217d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\system32\wow64cpu.dll!CpuSetContext + 140 00000000775218c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000775218e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\system32\wow64cpu.dll!CpuSetStackPointer + 23 0000000077521903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000077521923 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 000000007752195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\system32\wow64cpu.dll!CpuProcessDebugEvent + 3 000000007752196b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2448] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000077521977 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007feaa40104d 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!RtlEnterCriticalSection + 39 000007feaa401087 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!RtlRestoreLastWin32Error + 34 000007feaa4010b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77 000007feaa40110d 24 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!_local_unwind + 36 000007feaa401184 64 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!memcmp + 199 000007feaa401297 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!strcat + 144 000007feaa401360 16 bytes {JMP 0xffffffffffffff8c}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!strcpy + 183 000007feaa401437 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!strlen + 168 000007feaa4015b8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!strncat + 405 000007feaa401765 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!strncmp + 181 000007feaa401835 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!strncpy + 354 000007feaa4019b2 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!RtlGetCurrentProcessorNumberEx + 52 000007feaa401a24 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!NtdllDialogWndProc_W + 601 000007feaa401dee 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 99 000007feaa401e73 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 118 000007feaa402096 48 bytes {JMP 0xffffffffffffffc0}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403 000007feaa4025b4 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!__chkstk + 77 000007feaa40261d 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!_setjmp + 160 000007feaa4026f0 16 bytes {JMP RAX}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!longjmp + 236 000007feaa40289c 32 bytes {JMP 0xffffffffffffffb9}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000007feaa402cb0 8 bytes {JMP QWORD [RIP-0x167]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007feaa402e30 8 bytes {JMP QWORD [RIP-0x2df]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007feaa402e60 8 bytes {JMP QWORD [RIP-0x4af]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007feaa402f80 2 bytes [FF, 25]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 3 000007feaa402f83 5 bytes [FA, FF, FF, 90, 90]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007feaa403030 8 bytes {JMP QWORD [RIP-0x677]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007feaa4036f1 8 bytes {JMP QWORD [RIP-0xaff]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 000007feaa4039d1 8 bytes {JMP QWORD [RIP-0xde7]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007feaa404251 8 bytes {JMP QWORD [RIP-0x166f]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\system32\wow64cpu.dll!CpuProcessInit + 616 00000000775215f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\system32\wow64cpu.dll!CpuProcessTerm + 3 00000000775215fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272 00000000775217d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\system32\wow64cpu.dll!CpuSetContext + 140 00000000775218c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000775218e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\system32\wow64cpu.dll!CpuSetStackPointer + 23 0000000077521903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000077521923 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 000000007752195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\system32\wow64cpu.dll!CpuProcessDebugEvent + 3 000000007752196b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[3152] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000077521977 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007feaa40104d 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!RtlEnterCriticalSection + 39 000007feaa401087 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!RtlRestoreLastWin32Error + 34 000007feaa4010b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77 000007feaa40110d 24 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!_local_unwind + 36 000007feaa401184 64 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!memcmp + 199 000007feaa401297 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!strcat + 144 000007feaa401360 16 bytes {JMP 0xffffffffffffff8c}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!strcpy + 183 000007feaa401437 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!strlen + 168 000007feaa4015b8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!strncat + 405 000007feaa401765 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!strncmp + 181 000007feaa401835 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!strncpy + 354 000007feaa4019b2 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!RtlGetCurrentProcessorNumberEx + 52 000007feaa401a24 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!NtdllDialogWndProc_W + 601 000007feaa401dee 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 99 000007feaa401e73 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 118 000007feaa402096 48 bytes {JMP 0xffffffffffffffc0}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403 000007feaa4025b4 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!__chkstk + 77 000007feaa40261d 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!_setjmp + 160 000007feaa4026f0 16 bytes {JMP RAX}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!longjmp + 236 000007feaa40289c 32 bytes {JMP 0xffffffffffffffb9}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000007feaa402cb0 8 bytes {JMP QWORD [RIP-0x167]}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007feaa402e30 8 bytes {JMP QWORD [RIP-0x2df]}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007feaa402e60 8 bytes {JMP QWORD [RIP-0x4af]}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007feaa402f80 2 bytes [FF, 25]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 3 000007feaa402f83 5 bytes [FA, FF, FF, 90, 90]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007feaa403030 8 bytes {JMP QWORD [RIP-0x677]}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007feaa4036f1 8 bytes {JMP QWORD [RIP-0xaff]}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 000007feaa4039d1 8 bytes {JMP QWORD [RIP-0xde7]}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007feaa404251 8 bytes {JMP QWORD [RIP-0x166f]}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\system32\wow64cpu.dll!CpuProcessInit + 616 00000000775215f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\system32\wow64cpu.dll!CpuProcessTerm + 3 00000000775215fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272 00000000775217d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\system32\wow64cpu.dll!CpuSetContext + 140 00000000775218c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000775218e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\system32\wow64cpu.dll!CpuSetStackPointer + 23 0000000077521903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000077521923 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 000000007752195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\system32\wow64cpu.dll!CpuProcessDebugEvent + 3 000000007752196b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[1760] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000077521977 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007feaa40104d 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!RtlEnterCriticalSection + 39 000007feaa401087 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!RtlRestoreLastWin32Error + 34 000007feaa4010b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77 000007feaa40110d 24 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!_local_unwind + 36 000007feaa401184 64 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!memcmp + 199 000007feaa401297 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!strcat + 144 000007feaa401360 16 bytes {JMP 0xffffffffffffff8c}
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!strcpy + 183 000007feaa401437 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!strlen + 168 000007feaa4015b8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!strncat + 405 000007feaa401765 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!strncmp + 181 000007feaa401835 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!strncpy + 354 000007feaa4019b2 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!RtlGetCurrentProcessorNumberEx + 52 000007feaa401a24 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!NtdllDialogWndProc_W + 601 000007feaa401dee 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 99 000007feaa401e73 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 118 000007feaa402096 48 bytes {JMP 0xffffffffffffffc0}
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403 000007feaa4025b4 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!__chkstk + 77 000007feaa40261d 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!_setjmp + 160 000007feaa4026f0 16 bytes {JMP RAX}
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!longjmp + 236 000007feaa40289c 32 bytes {JMP 0xffffffffffffffb9}
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000007feaa402cb0 8 bytes {JMP QWORD [RIP-0x167]}
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007feaa402e30 8 bytes {JMP QWORD [RIP-0x2df]}
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007feaa402e60 8 bytes {JMP QWORD [RIP-0x4af]}
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007feaa402f80 2 bytes [FF, 25]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 3 000007feaa402f83 5 bytes [FA, FF, FF, 90, 90]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007feaa403030 8 bytes {JMP QWORD [RIP-0x677]}
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007feaa4036f1 8 bytes {JMP QWORD [RIP-0xaff]}
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 000007feaa4039d1 8 bytes {JMP QWORD [RIP-0xde7]}
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007feaa404251 8 bytes {JMP QWORD [RIP-0x166f]}
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\system32\wow64cpu.dll!CpuProcessInit + 616 00000000775215f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\system32\wow64cpu.dll!CpuProcessTerm + 3 00000000775215fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272 00000000775217d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\system32\wow64cpu.dll!CpuSetContext + 140 00000000775218c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000775218e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\system32\wow64cpu.dll!CpuSetStackPointer + 23 0000000077521903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000077521923 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 000000007752195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\system32\wow64cpu.dll!CpuProcessDebugEvent + 3 000000007752196b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Opera\opera.exe[5404] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000077521977 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61 000007feaa40104d 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!RtlEnterCriticalSection + 39 000007feaa401087 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!RtlRestoreLastWin32Error + 34 000007feaa4010b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77 000007feaa40110d 24 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!_local_unwind + 36 000007feaa401184 64 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!memcmp + 199 000007feaa401297 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!strcat + 144 000007feaa401360 16 bytes {JMP 0xffffffffffffff8c}
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!strcpy + 183 000007feaa401437 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!strlen + 168 000007feaa4015b8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!strncat + 405 000007feaa401765 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!strncmp + 181 000007feaa401835 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!strncpy + 354 000007feaa4019b2 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!RtlGetCurrentProcessorNumberEx + 52 000007feaa401a24 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!NtdllDialogWndProc_W + 601 000007feaa401dee 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 99 000007feaa401e73 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 118 000007feaa402096 48 bytes {JMP 0xffffffffffffffc0}
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403 000007feaa4025b4 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!__chkstk + 77 000007feaa40261d 40 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!_setjmp + 160 000007feaa4026f0 16 bytes {JMP RAX}
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!longjmp + 236 000007feaa40289c 32 bytes {JMP 0xffffffffffffffb9}
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000007feaa402cb0 8 bytes {JMP QWORD [RIP-0x167]}
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000007feaa402e30 8 bytes {JMP QWORD [RIP-0x2df]}
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007feaa402e60 8 bytes {JMP QWORD [RIP-0x4af]}
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007feaa402f80 2 bytes [FF, 25]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 3 000007feaa402f83 5 bytes [FA, FF, FF, 90, 90]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007feaa403030 8 bytes {JMP QWORD [RIP-0x677]}
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007feaa4036f1 8 bytes {JMP QWORD [RIP-0xaff]}
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 000007feaa4039d1 8 bytes {JMP QWORD [RIP-0xde7]}
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007feaa404251 8 bytes {JMP QWORD [RIP-0x166f]}
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\system32\wow64cpu.dll!CpuProcessInit + 616 00000000775215f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\system32\wow64cpu.dll!CpuProcessTerm + 3 00000000775215fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272 00000000775217d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\system32\wow64cpu.dll!CpuSetContext + 140 00000000775218c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000775218e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\system32\wow64cpu.dll!CpuSetStackPointer + 23 0000000077521903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000077521923 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23 000000007752195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\system32\wow64cpu.dll!CpuProcessDebugEvent + 3 000000007752196b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Entenrechner\Desktop\Gmer-19357.exe[3360] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000077521977 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
---- Threads - GMER 2.1 ----
Thread C:\windows\system32\csrss.exe [756:780] fffff960008665e8
---- Processes - GMER 2.1 ----
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\uds.dll.0515e0460dae083d96b12ede5e1305a8 (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 000000006d8d0000
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\avengine.dll.3fe58f414aa3dfe528ddb4fd35396bdd (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 000000006d5a0000
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\kavbase.kdl.7aa539a1cbbfb4baa644b9866f4bcf4b (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 000000006d4d0000
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\klavemu.kdl.6e86633e63e607038cfa66d3f88c5d60 (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 000000006b780000
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\kjim.kdl.4d87815dc55a0ea5f712a61bb640573a (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 000000006a9c0000
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\mark.kdl.439cd9b41ec8d21b1586f50936d6c9c7 (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 000000006a950000
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\qscan.kdl.6f421f0667a2208fb2f4dc2a03912f82 (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 000000006a820000
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\kavsys.kdl.ba76be53c8245ddbd0e2864e74f8f638 (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 000000006aef0000
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\arkmon.kdl.2a7e20d80dc85bffd099a5ec75d43665 (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 0000000065510000
Library c:\programdata\kaspersky lab\avp14.0.0\data\wlengine.dll (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 0000000064280000
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\swmon.kdl.8bcd44f16c753932967d5433cb79247b (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 0000000064050000
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\swmon_drv.kdl.925e67a10a7c0746eefbbcb37d1db516 (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 0000000064010000
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\vlns.kdl.75bc7021d19dabc13b3578597a15f843 (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 0000000062890000
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\pbs.kdl.855e976d16841a9bbaa528a886998eee (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 0000000062730000
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\metascan.kdl.44098c3d85ae01dc961a5bb462ce80cf (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 0000000062480000
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\klavasyswatch.dll.cbcfd9fa6b6b6cd2bb04bd4017408b7b (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 0000000061f70000
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\pdm.kdl.3e8b21cf357ecefe6529658c1ae62636 (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 00000000619f0000
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\heurap.dll.0ce84b1af150e117a14d119f99292f28 (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 0000000061890000
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\sys_critical_obj.dll (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 0000000060080000
Library C:\ProgramData\Kaspersky Lab\AVP14.0.0\Bases\Cache\bsshlp2.kdl.7b5ed3ca6d3d7225b866af3c09484fec (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [1936] (FILE NOT FOUND) 000000005d480000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior
---- EOF - GMER 2.1 ----
Geändert von Myriam84 (07.07.2014 um 12:04 Uhr) |
|
07.07.2014, 12:03
| #3 |
| | HEUR:Exploit.Script.Generic durch Kaspersky entdeckt - ist der Befall wirklich bereinigt? Addition
__________________Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2014 01
Ran by Entenrechner at 2014-07-07 12:11:05
Running from C:\Users\Entenrechner\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.1430 - Adobe Systems Incorporated) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.2.1.260 - Adobe Systems Incorporated)
Adobe Fireworks CS6 (HKLM-x32\...\{CA7C485C-7A89-11E1-B2C8-CD54B377BC52}) (Version: 12.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe InDesign CC (HKLM-x32\...\{BC448016-6F11-1014-B0EA-97CEE6E26CB6}) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.3.0 - Adobe Systems Incorporated)
Adobe® Content Viewer (x32 Version: 3.3.0 - Adobe Systems Incorporated) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
ALDI NORD Bestellsoftware 4.12.2 (HKLM-x32\...\ALDI NORD Bestellsoftware) (Version: 4.12.2 - ORWO Net)
Birder's Diary 3.7 (HKLM-x32\...\Birder's Diary 3.7) (Version: 3.7 - Jones Technologies LLC)
Birder's Diary to eBird Toolkit (HKLM-x32\...\Birder's Diary to eBird Toolkit) (Version: v2.0 - jones technologies llc)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
Classic Shell (HKLM\...\{7F34ADBE-77C0-47A0-BBC6-B3DA16CE8E68}) (Version: 3.6.7 - IvoSoft)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1912 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DJ_AIO_NS_LP_DocCD (x32 Version: 90.0.222.000 - Hewlett-Packard) Hidden
DJ_AIO_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Easy Poster Printer (HKLM-x32\...\{1B5979B5-FE79-405A-A023-592DCE48C522}) (Version: 6.0.0 - GD Software)
ETDWare PS/2-X64 11.7.2.1_WHQL (HKLM\...\Elantech) (Version: 11.7.2.1 - ELAN Microelectronic Corp.)
F4100 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
F4100_Help (x32 Version: 90.0.222.000 - Hewlett-Packard) Hidden
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Free YouTube to MP3 Converter version 3.12.16.1030 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.16.1030 - DVDVideoSoft Ltd.)
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Garmin Communicator Plugin (HKLM-x32\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{237D687E-9E50-4A30-B810-262764CC491B}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Gpg4win (2.1.1) (HKLM-x32\...\GPG4Win) (Version: 2.1.1 - The Gpg4win Project)
HP Deskjet All-In-One Software (HKLM\...\{2CB8566A-8EA6-417A-BAB1-1B10A88C79BB}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
LauschAngriff (HKLM-x32\...\LauschAngriff) (Version: - )
Lernout & Hauspie TruVoice American English TTS Engine (HKLM-x32\...\tv_enua) (Version: - )
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
NVIDIA GeForce Experience 1.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.6 - NVIDIA Corporation)
NVIDIA Grafiktreiber 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.131.854 - NVIDIA Corporation) Hidden
NVIDIA Optimus 7.2.17 (Version: 7.2.17 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Systemsteuerung 320.49 (Version: 320.49 - NVIDIA Corporation) Hidden
NVIDIA Update 7.2.17 (Version: 7.2.17 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 7.2.17 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.1 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.6.5 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.0.7 - Samsung Electronics CO., LTD.) Hidden
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Scribus 1.4.3 (HKLM-x32\...\Scribus 1.4.3) (Version: 1.4.3 - The Scribus Team)
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
SHIELD Streaming (Version: 1.05.19 - NVIDIA Corporation) Hidden
Skype™ 6.5 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.5.158 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.19 - Safer-Networking Ltd.)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Support Center (HKLM\...\{73280CF7-9471-4FB6-B018-E5FD7A09F1AF}) (Version: 2.0.13 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.5 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{403BBE15-C64E-429A-9652-1C4EFF327457}) (Version: 2.0.20 - Samsung Electronics CO., LTD.)
Tomb Raider II (HKLM-x32\...\Tomb Raider II) (Version: - )
Tomb Raider II Gold (HKLM-x32\...\Tomb Raider II Gold) (Version: - )
Tomb Raider III (HKLM-x32\...\Tomb Raider III) (Version: - )
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
User Guide (HKLM-x32\...\{9914AD8E-C0D6-420D-BEF6-40BF4DEDE3BA}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Xerox PhotoCafe (HKLM-x32\...\Xerox PhotoCafe) (Version: 1.0.0.6162 - Xerox)
==================== Restore Points =========================
15-06-2014 19:00:40 Geplanter Prüfpunkt
23-06-2014 11:30:53 Geplanter Prüfpunkt
30-06-2014 17:59:54 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {05DFB97D-D085-45CA-8620-EA8479BC828A} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1C119B4B-D9BA-4711-A1D1-B14264D6B564} - System32\Tasks\AdobeAAMUpdater-1.0-Ente-Entenrechner => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-09-25] (Adobe Systems Incorporated)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2E9D9AEF-10BB-48FE-BC5A-AD65E6C00AF5} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {4285C36F-B071-4297-995C-B210F405BA86} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-09-05] (Samsung Electronics CO., LTD.)
Task: {59700CF0-C59E-42B9-9FC8-DE9F8E6DE425} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {7EE0F5C2-274D-4682-82BE-97E128156A8A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {97EC930E-BAE5-462B-912D-DF2E77D48530} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-08-17] (Samsung Electronics CO., LTD.)
Task: {9E226C84-7B8B-4EEE-8913-37C8AF7DB8B2} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-09-18] (Samsung Electronics CO., LTD.)
Task: {A654CDB9-9CE8-4D2D-BEDC-888CA43A2896} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {A69D916B-7E91-46EF-9F3A-125BECA1087F} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] ()
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\windows\system32\dism.exe [2012-07-26] (Microsoft Corporation)
Task: {BDDDCAB7-B139-48AF-B168-98327A7E95AD} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-09-17] (SEC)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {E49F3DFA-F9DE-473C-ADBB-E00D7CF91A7A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\windows\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe
==================== Loaded Modules (whitelisted) =============
2013-07-01 16:33 - 2013-06-21 14:06 - 00004096 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-05-28 18:50 - 2013-05-28 18:50 - 00218112 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2013-07-30 18:26 - 2013-07-27 10:48 - 00267040 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libzmq.dll
2012-09-05 09:50 - 2012-09-05 09:50 - 00085112 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2013-10-16 19:02 - 2013-10-16 19:02 - 03358064 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2012-08-10 11:28 - 2012-08-10 11:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-08-10 11:23 - 2012-08-10 11:23 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2012-08-16 04:26 - 2012-08-16 04:26 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-10-16 19:01 - 2013-10-16 19:01 - 04624240 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2012-10-14 17:08 - 2012-10-14 17:08 - 04237944 _____ () C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
2013-11-12 16:30 - 2013-10-31 19:39 - 06239727 _____ () C:\Users\Entenrechner\Desktop\Tor Browser\App\vidalia.exe
2013-11-12 16:30 - 2013-10-31 19:39 - 02897432 _____ () C:\Users\Entenrechner\Desktop\Tor Browser\App\tor.exe
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-05-28 18:44 - 2013-05-28 18:44 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2013-05-28 18:41 - 2013-05-28 18:41 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2013-05-28 18:44 - 2013-05-28 18:44 - 00069632 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2013-05-28 18:45 - 2013-05-28 18:45 - 00627712 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll
2013-05-28 18:42 - 2013-05-28 18:42 - 00037888 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2013-07-28 16:02 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-07-28 16:02 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-07-28 16:02 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-07-28 16:02 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-07-28 16:02 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-09-05 09:50 - 2012-09-05 09:50 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-09-05 09:50 - 2012-09-05 09:50 - 01012856 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-09-05 09:50 - 2012-09-05 09:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-09-05 09:50 - 2012-09-05 09:50 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-09-05 09:50 - 2012-09-05 09:50 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-09-05 09:50 - 2012-09-05 09:50 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-09-05 09:50 - 2012-09-05 09:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-09-05 09:50 - 2012-09-05 09:50 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-09-05 09:50 - 2012-09-05 09:50 - 00103544 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-10-20 07:55 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 04:34 - 2012-06-08 04:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-10-17 17:45 - 2013-10-17 17:45 - 32726528 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2013-06-05 15:10 - 2013-06-05 15:21 - 00071560 _____ () C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\zlib1.dll
2013-07-01 16:33 - 2013-06-21 14:06 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-06-11 14:39 - 2014-06-11 14:39 - 03022960 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-06-11 14:39 - 2014-06-11 14:39 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-06-11 14:39 - 2014-06-11 14:39 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2012-10-20 07:35 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-06-11 14:37 - 2014-06-11 14:37 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-11-12 16:30 - 2013-10-31 19:39 - 00043008 _____ () C:\Users\Entenrechner\Desktop\Tor Browser\App\libgcc_s_dw2-1.dll
2013-11-12 16:30 - 2013-10-31 19:39 - 00047972 _____ () C:\Users\Entenrechner\Desktop\Tor Browser\App\mingwm10.dll
2013-11-12 16:30 - 2013-10-31 19:39 - 00031758 _____ () C:\Users\Entenrechner\Desktop\Tor Browser\App\libssp-0.dll
2013-11-12 16:30 - 2013-10-31 19:39 - 02845184 _____ () C:\Users\Entenrechner\Desktop\Tor Browser\FirefoxPortable\App\Firefox\mozjs.dll
2014-05-11 13:52 - 2014-05-11 13:52 - 00835584 _____ () C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll
2014-05-11 13:52 - 2014-05-11 13:52 - 00093696 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll
2014-05-11 13:52 - 2014-05-11 13:52 - 00094208 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll
2014-05-11 13:52 - 2014-05-11 13:52 - 00057344 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll
2014-05-11 13:52 - 2014-05-11 13:52 - 00096256 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll
2014-05-11 13:52 - 2014-05-11 13:52 - 00062976 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll
2014-05-11 13:52 - 2014-05-11 13:52 - 00067072 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll
2014-05-11 13:52 - 2014-05-11 13:52 - 00158208 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
2014-05-11 13:52 - 2014-05-11 13:52 - 00312832 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll
2014-05-11 13:52 - 2014-05-11 13:52 - 00038912 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll
2014-05-11 13:52 - 2014-05-11 13:52 - 00073728 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll
2014-05-11 13:52 - 2014-05-11 13:52 - 00101888 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/07/2014 11:48:01 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]
Error: (07/07/2014 11:48:00 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]
Error: (07/07/2014 03:16:32 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Ente)
Description: Die App „windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.
Error: (07/07/2014 03:11:26 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]
Error: (07/07/2014 03:11:24 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]
Error: (07/07/2014 03:07:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Ente)
Description: Die App „windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.
Error: (07/07/2014 03:05:01 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]
Error: (07/07/2014 03:04:59 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]
Error: (07/07/2014 03:01:01 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]
Error: (07/07/2014 03:00:58 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]
System errors:
=============
Error: (07/07/2014 03:23:20 AM) (Source: DCOM) (EventID: 10005) (User: Ente)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (07/07/2014 03:22:31 AM) (Source: DCOM) (EventID: 10005) (User: Ente)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (07/07/2014 03:22:23 AM) (Source: DCOM) (EventID: 10005) (User: Ente)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (07/07/2014 03:21:18 AM) (Source: DCOM) (EventID: 10005) (User: Ente)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (07/07/2014 03:20:58 AM) (Source: DCOM) (EventID: 10005) (User: Ente)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (07/07/2014 03:20:45 AM) (Source: DCOM) (EventID: 10005) (User: Ente)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (07/07/2014 03:20:39 AM) (Source: DCOM) (EventID: 10005) (User: Ente)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (07/07/2014 03:20:30 AM) (Source: DCOM) (EventID: 10005) (User: Ente)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (07/07/2014 03:20:02 AM) (Source: DCOM) (EventID: 10005) (User: Ente)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (07/07/2014 03:19:55 AM) (Source: DCOM) (EventID: 10005) (User: Ente)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Microsoft Office Sessions:
=========================
Error: (07/07/2014 11:48:01 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]
Error: (07/07/2014 11:48:00 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]
Error: (07/07/2014 03:16:32 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Ente)
Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel
Error: (07/07/2014 03:11:26 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]
Error: (07/07/2014 03:11:24 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]
Error: (07/07/2014 03:07:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Ente)
Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel
Error: (07/07/2014 03:05:01 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]
Error: (07/07/2014 03:04:59 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]
Error: (07/07/2014 03:01:01 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcUnregistering VAD endpoint [0]
Error: (07/07/2014 03:00:58 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registered successfully [0]
==================== Memory info ===========================
Percentage of memory in use: 67%
Total physical RAM: 3795.53 MB
Available physical RAM: 1245.62 MB
Total Pagefile: 5203.54 MB
Available Pagefile: 2473.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:439.18 GB) (Free:367.68 GB) NTFS
Drive d: (TR4) (CDROM) (Total:2.05 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
==================== End Of Log ============================
Vielen, vielen Dank! Edit. ich habe beim Querlesen gesehen, dass ihr von CCleaner abratet. Ich werde ihn löschen. |
|
07.09.2014, 14:45
| #4 |
| Administrator /// technical service   | HEUR:Exploit.Script.Generic durch Kaspersky entdeckt - ist der Befall wirklich bereinigt? Hallo, leider wurde Dein Thema aus (technischen Gründen) übersehen. Da mehrere Antworten in Deinem Thema vorhanden waren, wurde es versehentlich als 'bereits in Arbeit' eingestuft. Dies bitten wir zu entschuldigen. Wir versuchen jedem Hilfesuchenden binnen kurzer Zeit zu antworten und Lösungen für das Problem anzubieten. Bitte erstelle ggf. ein neues Thema, damit sich ein Teammitglied deinem Problem annehmen kann. Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten? Vielen Dank für Dein Verständnis. |
|
| Themen zu HEUR:Exploit.Script.Generic durch Kaspersky entdeckt - ist der Befall wirklich bereinigt? |
| adobe, avira, browser, defender, ebanking, fehler, firefox, frage, heur, internet, kaspersky, langsam, logfile, malware, mozilla, prozess, realtek, registry, scan, security, services.exe, software, system, trojaner, windows, wlan |
Linear-Darstellung
