| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows7 64bit: "csc.exe - ungültiges Bild" blockiert UpdateWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.02.2015, 17:52
| #1 |
 |  Windows7 64bit: "csc.exe - ungültiges Bild" blockiert Update Moin zusammen, beim googeln nach meiner Fehlermeldung bin ich auf dieses Forum gestoßen, in dem einige Male bei ähnlichen Problemen geholfen wurde. Mir ist am Rechner nichts Ungewöhnliches aufgefallen. Nur, als ich heute ein gefordertes Update für mein WISO-Steuerprogramm durchführen wollte, wurde das Update mit der Fehlermeldung: "csc.exe - ungültiges Bild C:\Windows\Microsoft.NET\Framework\v2.0.50727\alink.dll ist entweder nicht für die Ausführung unter Windows vorgesehen oder enthält einen Fehler." abgebrochen. Ich habe das Steuerprogramm neu installiert, Microsoft.NET Framework neu installiert, den Rechner mit einem Systemabbild wiederhergestellt, einen kompletten Scan mittels Kaspersky laufen lassen (der nichts fand), danach das Steuerprogramm nochmals neu installiert - die Fehlermeldung bleibt. Hier die in der Anleitung für Hilfesuchende gewünschten Scan-Files - die Gmer.txt ist zu groß, die müsste ich zippen. |
|
10.02.2015, 17:53
| #2 |
| /// the machine /// TB-Ausbilder    | Windows7 64bit: "csc.exe - ungültiges Bild" blockiert Update Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
10.02.2015, 18:32
| #3 |
| | Windows7 64bit: "csc.exe - ungültiges Bild" blockiert Update Sorry, wusste ich nicht.
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by Roland (administrator) on ROLAND-PC on 10-02-2015 17:00:26
Running from R:\Downloads
Loaded Profiles: Roland (Available profiles: Roland)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe
(Dropbox, Inc.) C:\Users\Roland\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonUiAcc.exe
(Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
(VS Revo Group) C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DLPSP] => C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE [944104 2013-02-25] (Dell Inc.)
HKLM\...\Run: [DLQLU] => C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE [1244136 2013-02-25] (Dell Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKU\S-1-5-21-3009346515-3327974453-796363969-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2015-01-05] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3009346515-3327974453-796363969-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-3009346515-3327974453-796363969-1001\...\MountPoints2: {1fd36005-b128-11e4-be2c-806e6f6e6963} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3009346515-3327974453-796363969-1001\...\MountPoints2: {74b3d53b-d120-11e3-89d5-806e6f6e6963} - E:\start.exe /auto
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk
ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{9069EE0A-7615-4D86-AD80-CA263E936DA6}\IcoUltraMon.ico ()
Startup: C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Roland\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3009346515-3327974453-796363969-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
HKU\S-1-5-21-3009346515-3327974453-796363969-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-3009346515-3327974453-796363969-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3009346515-3327974453-796363969-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-25]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-25]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-25]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.ducatoforum-wohnmobile.de/forum/wbb/index.php", "hxxp://www.wohnmobilforum.de/wohnmobil-technik-f20.html", "hxxp://forum.milwaukee-vtwin.de/index.php", "hxxp://www.vrod-forum.eu/bbl/index.php?page=Index", "hxxp://www.naviboard.de/vb/forumdisplay.php?f=122", "hxxp://e30-talk.com/", "chrome://newtab/"
CHR DefaultSearchKeyword: Default -> google.com_
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Easy Auto Refresh) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2014-12-18]
CHR Extension: (Google Docs) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-01]
CHR Extension: (Google Drive) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-01]
CHR Extension: (Bookmark Sentry (scanner)) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdglbbcbmgnimogcmcdenggkpdmihlga [2014-05-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-17]
CHR Extension: (YouTube) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-01]
CHR Extension: (Google-Suche) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-01]
CHR Extension: (Kaspersky Protection) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-01-25]
CHR Extension: (iCloud-Lesezeichen) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2014-12-18]
CHR Extension: (WhatFont) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2014-12-18]
CHR Extension: (Dislike Button for Facebook) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbnljppimpdkhccmgflleoppbaaiglhl [2014-05-01]
CHR Extension: (Google Wallet) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-01]
CHR Extension: (Google Mail) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-01]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 DLPWD; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE [155496 2012-09-26] (Dell Inc.)
R2 DLSDB; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [343400 2012-09-26] (Dell Inc.)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [516952 2015-01-05] (Garmin Ltd or its subsidiaries)
S3 PrintNotify; C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [2899968 2013-08-22] (Microsoft Corporation) [File not signed]
R2 PSI_SVC_2_x64; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [79872 2009-06-10] (AVM GmbH)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R3 FPCIBASE; C:\Windows\System32\DRIVERS\fpcibase.sys [899328 2009-06-10] (AVM Berlin)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-01-25] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [818888 2015-01-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-01-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 TT1724ht; C:\Windows\System32\drivers\TT1724ht.sys [96096 2010-05-06] (TerraTec Electronic GmbH)
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-10 17:00 - 2015-02-10 17:00 - 00000000 ____D () C:\FRST
2015-02-10 16:52 - 2015-02-10 16:52 - 00001264 _____ () C:\Users\Roland\Desktop\Revo Uninstaller.lnk
2015-02-10 16:52 - 2015-02-10 16:52 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-10 15:46 - 2015-02-10 16:41 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\FastCopy
2015-02-10 15:46 - 2015-02-10 15:46 - 00000995 _____ () C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FastCopy.lnk
2015-02-10 15:46 - 2015-02-10 15:46 - 00000965 _____ () C:\Users\Roland\Desktop\FastCopy.lnk
2015-02-10 15:46 - 2015-02-10 15:46 - 00000000 ____D () C:\Program Files\FastCopy
2015-02-10 15:19 - 2015-02-10 15:17 - 04800980 _____ () C:\Users\Roland\Documents\CBS.log
2015-02-10 13:34 - 2015-02-10 13:34 - 00002095 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2015.lnk
2015-02-10 13:34 - 2015-02-10 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2015
2015-02-10 13:31 - 2015-02-10 13:31 - 00000000 ____D () C:\Program Files (x86)\WISO
2015-02-10 13:09 - 2014-04-02 06:26 - 00228352 _____ (Dell Inc.) C:\Windows\system32\DLPGMLAI-1.DLL
2015-02-10 12:57 - 2015-02-10 12:58 - 00001594 _____ () C:\Windows\VPNUnInstall.MIF
2015-02-10 12:56 - 2015-02-10 12:56 - 00003416 ____N () C:\bootsqm.dat
2015-02-10 12:54 - 2015-02-10 12:54 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-10 12:54 - 2015-02-10 12:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-10 12:53 - 2015-02-10 12:54 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-10 12:53 - 2015-02-10 12:54 - 00000000 ____D () C:\Program Files\iTunes
2015-02-10 12:53 - 2015-02-10 12:53 - 00000000 ____D () C:\Program Files\iPod
2015-02-10 12:53 - 2015-02-10 12:53 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-26 11:44 - 2015-01-26 11:46 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\Apple Computer
2015-01-26 11:44 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-01-26 11:43 - 2015-02-10 12:53 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-26 11:43 - 2015-01-26 11:43 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-01-26 11:43 - 2015-01-26 11:43 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-01-26 11:43 - 2015-01-26 11:43 - 00000000 ____D () C:\Program Files\Bonjour
2015-01-26 11:43 - 2015-01-26 11:43 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-01-26 11:43 - 2015-01-26 11:43 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-01-25 14:19 - 2015-01-25 14:21 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-01-25 11:37 - 2015-01-25 11:37 - 00000000 ____D () C:\Users\Roland\Documents\Steuer-Sparbuch
2015-01-25 08:45 - 2015-01-25 08:45 - 00000000 ____D () C:\ProgramData\Bitstream
2015-01-25 08:20 - 2015-01-25 08:26 - 00000000 ____D () C:\AdwCleaner
2015-01-25 08:14 - 2015-01-25 08:14 - 00000979 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2015-01-25 08:10 - 2015-01-25 08:10 - 00000000 ____D () C:\Windows\ELAMBKUP
2015-01-25 08:10 - 2015-01-25 08:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-01-25 08:10 - 2015-01-25 08:10 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-01-25 08:10 - 2014-08-12 18:33 - 00246456 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-01-25 08:10 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-01-25 03:00 - 2015-01-25 03:00 - 00000000 ____D () C:\Windows\CheckSur
2015-01-24 19:39 - 2015-02-10 16:39 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-24 19:25 - 2015-01-24 19:25 - 00000871 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-24 19:25 - 2015-01-24 19:25 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\vlc
2015-01-22 18:17 - 2015-01-22 18:20 - 00000000 ____D () C:\Users\Roland\Desktop\Vorlagen
2015-01-21 17:59 - 2015-01-21 17:59 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2015-01-21 17:59 - 2001-10-26 23:16 - 00016384 _____ () C:\Windows\SysWOW64\FileOps.exe
2015-01-21 17:58 - 2015-01-21 18:08 - 00000618 _____ () C:\Users\Roland\Desktop\Fiat Ducato.lnk
2015-01-21 17:58 - 2015-01-21 18:00 - 00000000 ____D () C:\eLearn
2015-01-21 17:58 - 2015-01-21 17:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLearn
2015-01-21 12:48 - 2015-01-21 12:48 - 00000000 ____D () C:\ProgramData\Sun
2015-01-21 12:47 - 2015-01-21 12:47 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-21 12:47 - 2015-01-21 12:47 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-21 12:47 - 2015-01-21 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-21 12:47 - 2015-01-21 12:47 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-20 16:28 - 2015-01-20 16:28 - 00001919 _____ () C:\Users\Public\Desktop\Design&Print.lnk
2015-01-20 16:28 - 2015-01-20 16:28 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\DesktopDPO-b590ce5c4fa12d0f57bf76ef54d1be94
2015-01-20 16:28 - 2015-01-20 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avery Zweckform
2015-01-20 16:27 - 2015-01-20 16:28 - 00000000 ____D () C:\Program Files (x86)\Design&Print
2015-01-19 20:00 - 2015-01-19 20:00 - 00000000 ____D () C:\Users\Roland\Documents\Garmin
2015-01-19 19:12 - 2015-01-19 19:12 - 00003554 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2015-01-19 19:12 - 2015-01-19 19:12 - 00001888 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2015-01-19 13:34 - 2015-01-19 13:34 - 00000000 ____D () C:\Windows\Log
2015-01-19 13:31 - 2015-01-19 13:32 - 00001594 _____ () C:\Windows\VPNInstall.MIF
2015-01-19 13:31 - 2015-01-19 13:31 - 00000000 ____D () C:\Program Files (x86)\Cisco Systems
2015-01-19 11:31 - 2015-01-24 19:24 - 00000000 ____D () C:\Program Files\VideoLAN
2015-01-18 19:23 - 2015-01-18 19:23 - 00000000 _____ () C:\Users\Roland\Sti_Trace.log
2015-01-18 19:13 - 2015-01-18 19:13 - 00000000 __SHD () C:\Users\Roland\AppData\Local\EmieUserList
2015-01-18 19:13 - 2015-01-18 19:13 - 00000000 __SHD () C:\Users\Roland\AppData\Local\EmieSiteList
2015-01-18 19:13 - 2015-01-18 19:13 - 00000000 __SHD () C:\Users\Roland\AppData\Local\EmieBrowserModeList
2015-01-18 18:45 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-18 18:45 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-18 18:45 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-18 18:45 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-18 18:45 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-18 18:45 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-18 18:45 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-18 18:45 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-18 18:45 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-18 18:45 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-18 18:45 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-18 18:45 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-18 18:45 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-18 14:04 - 2015-01-18 14:04 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-10 16:57 - 2014-05-01 17:58 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-10 16:47 - 2014-05-01 12:27 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-10 16:46 - 2009-07-14 05:45 - 00025696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-10 16:46 - 2009-07-14 05:45 - 00025696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-10 16:44 - 2014-05-01 22:03 - 00702972 _____ () C:\Windows\system32\perfh007.dat
2015-02-10 16:44 - 2014-05-01 22:03 - 00150612 _____ () C:\Windows\system32\perfc007.dat
2015-02-10 16:44 - 2009-07-14 06:13 - 01629476 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-10 16:42 - 2014-05-01 12:11 - 01086769 _____ () C:\Windows\WindowsUpdate.log
2015-02-10 16:39 - 2014-05-01 15:17 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\Dropbox
2015-02-10 16:39 - 2014-05-01 12:27 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-10 16:39 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-10 16:39 - 2009-07-14 05:51 - 00031018 _____ () C:\Windows\setupact.log
2015-02-10 15:39 - 2014-05-01 20:51 - 01602820 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-10 15:33 - 2010-11-21 04:47 - 00149884 _____ () C:\Windows\PFRO.log
2015-02-10 14:04 - 2014-12-17 16:26 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\Garmin
2015-02-10 13:34 - 2014-05-01 16:04 - 00000622 _____ () C:\Windows\wiso.ini
2015-02-10 13:31 - 2014-05-01 12:27 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-10 13:15 - 2014-05-01 17:18 - 00000000 ____D () C:\Users\Roland\Documents\Mein Steuer-Sparbuch Heute
2015-02-10 12:42 - 2014-05-01 12:27 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-10 12:42 - 2014-05-01 12:27 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-10 12:40 - 2014-05-01 12:11 - 00000000 ____D () C:\Users\Roland
2015-02-10 12:40 - 2010-11-21 08:17 - 00000000 ____D () C:\Windows\CSC
2015-01-26 11:43 - 2014-05-01 17:41 - 00000000 ____D () C:\ProgramData\Apple
2015-01-25 14:18 - 2009-07-14 05:45 - 00598936 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-25 11:36 - 2014-05-01 12:27 - 00192000 _____ () C:\Users\Roland\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-25 08:29 - 2014-08-20 18:04 - 00818888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-01-25 08:29 - 2014-08-18 14:43 - 00150536 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-01-25 08:29 - 2014-08-13 19:34 - 00077512 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klwtp.sys
2015-01-25 08:22 - 2014-05-01 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-25 08:14 - 2014-12-18 09:08 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\Mp3tag
2015-01-25 08:14 - 2014-05-01 16:44 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2015-01-24 19:29 - 2014-05-01 12:11 - 00001421 _____ () C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-20 18:49 - 2014-12-18 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-20 18:45 - 2014-05-02 13:25 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-20 18:17 - 2014-05-01 16:43 - 00000000 ____D () C:\ProgramData\MAGIX
2015-01-19 20:59 - 2014-12-17 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-01-19 19:12 - 2014-12-17 16:31 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-19 19:12 - 2014-12-17 16:26 - 00000000 ____D () C:\Users\Roland\AppData\Local\Garmin
2015-01-19 19:12 - 2014-12-17 16:26 - 00000000 ____D () C:\ProgramData\Garmin
2015-01-19 19:12 - 2014-12-17 16:26 - 00000000 ____D () C:\Program Files\DIFX
2015-01-19 19:12 - 2014-12-17 16:26 - 00000000 ____D () C:\Program Files (x86)\Garmin
Some content of TEMP:
====================
C:\Users\Roland\AppData\Local\Temp\BOMUpdate.exe
C:\Users\Roland\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgyrdqu.dll
C:\Users\Roland\AppData\Local\Temp\ose00000.exe
C:\Users\Roland\AppData\Local\Temp\tmpDD35.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-24 20:09
==================== End Of Log ============================
FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by Roland at 2015-02-10 17:00:47
Running from R:\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
1-Klick Duplikate Löschen für Outlook 4.06 (HKLM-x32\...\{CD423CE9-404E-4B5B-86CF-34AE8E01402D}_is1) (Version: 4.06 - ITSTH)
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
App-Manager – Dell C2665dnf (HKLM-x32\...\{B873FAEC-1627-4899-88C4-B8D0D0424F1D}) (Version: 1.00.000 - Dell Inc.)
Aureon ControlPanel (HKLM-x32\...\{A5342322-663A-4391-884A-5950E91E2A95}) (Version: 1.00.000 - )
Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel Graphics - Windows Shell Extension (HKLM\...\_{2CDF0D0A-C58C-4136-9978-F029B2723B0D}) (Version: 16.4.0.1280 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.4.1280 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 16.4.1280 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - BR (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.7 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - DE (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.7 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - EN (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - ES (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.7 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FR (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.7 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM T3 (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IT (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - NL (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.7 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.7 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.7 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (64-Bit) (HKLM\...\_{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.4.1.1281 - Corel Corporation)
CorelDRAW Graphics Suite X6 (x64) (Version: 16.7 - Corel Corporation) Hidden
Dell C2665dnf Color MFP Adressbuch-Editor Ver.1.0.0.0 (HKLM-x32\...\{723B61D6-A73A-4DB7-B8E1-E2D2F7DC58F2}) (Version: 1.0.0.0 - Dell Inc.)
Dell C2665dnf Color MFP Scan Button Manager Ver.1.0.0.0 (HKLM-x32\...\{5C054E48-4070-4D22-BB5F-CC2294D76FD7}) (Version: 1.0.0.0 - Dell Inc.)
Dell C2665dnf Color MFP Scanner-Treiber (HKLM-x32\...\{AF194BFC-5C05-4408-B2DF-5CF30BC556D2}) (Version: 1.0.0.0 - Dell Inc.)
Dell Printer Software (HKLM-x32\...\{105F3CE5-FE55-408E-BF30-E78F85BA0B12}) (Version: 1.00.000 - Dell Inc.)
Design & Print (HKLM-x32\...\Design & Print 1.0.5) (Version: 1.0.5 - Avery Zweckform)
Dropbox (HKU\S-1-5-21-3009346515-3327974453-796363969-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
eflugbuch 2.0 (HKLM-x32\...\{962EB597-FBF1-4C89-8C80-8AD138CBBEB8}}_is1) (Version: - )
eLearn CDROM 1.0 (HKLM-x32\...\eLearn 1.2.1_is1) (Version: - FIAT Auto S.p.A.)
Elevated Installer (x32 Version: 3.2.28.0 - Garmin Ltd or its subsidiaries) Hidden
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Exifer (HKLM-x32\...\Exifer_is1) (Version: - Friedemann Schmidt)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Garmin BaseCamp (HKLM-x32\...\{31A67F6C-D79D-47B9-9F0B-13C0FCF3C3A8}) (Version: 4.4.6 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2015.20 (HKLM-x32\...\{EF144B2A-E433-45ED-959C-FD913ABCE5D8}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2015.30 (HKLM-x32\...\{0F0E68E9-9463-4087-B211-E80FAC5F9BC6}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{004f606f-18d9-45e0-aa8f-a033ec95dd5e}) (Version: 3.2.28.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.28.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.28.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin MapInstall (HKLM-x32\...\{F0D44E64-51EE-4888-A1FD-F13108B75A43}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}.KB947789) (Version: 1 - Microsoft Corporation)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
Konfigurationstool – Dell C2665dnf (HKLM-x32\...\{5AC049AB-E61B-45D4-A3DB-6A606FF38B90}) (Version: 1.00.000 - Dell Inc.)
Licensing Service (03000201) (x32 Version: 03.00.02.15 - Protexis Inc.) Hidden
MAGIX Foto Manager 12 (HKLM-x32\...\MX.{90A25A6E-AAFE-4438-956A-2711E7A3EA2D}) (Version: 10.0.0.271 - MAGIX Software GmbH)
MAGIX Foto Manager 12 (Version: 10.0.0.271 - MAGIX Software GmbH) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{1FF63306-EBC2-413D-927E-FA1323180AB1}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Plus (HKLM\...\MX.{0797C499-48E8-46E2-9C97-90034F46F5E6}) (Version: 14.0.0.140 - MAGIX Software GmbH)
MAGIX Video deluxe 2015 Plus (Version: 14.0.0.140 - MAGIX Software GmbH) Hidden
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (HKLM-x32\...\{76DAEC83-AF7B-333C-8A53-83D7C7D39199}) (Version: 9.0.30729 - Microsoft Corporation)
Mp3tag v2.66 (HKLM-x32\...\Mp3tag) (Version: v2.66 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NewBlue Titler EX for MAGIX (HKLM-x32\...\NewBlue Titler EX for MAGIX) (Version: 1.0 - NewBlue)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PINs 4 (HKLM-x32\...\PINs 4) (Version: 4.50.0.86 - Mirek Wojtowicz)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shrink O’Matic (HKLM-x32\...\net.tw.air.ShrinkOMatic.7C34F9BA9FAD6689FAABBE85F1F5B46BA5A32DE5.1) (Version: 2.0.3 - UNKNOWN)
Shrink O’Matic (x32 Version: 2.0.3 - UNKNOWN) Hidden
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.56 - Ghisler Software GmbH)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51 beta 3 - Ghisler Software GmbH)
UltraMon (HKLM\...\{9069EE0A-7615-4D86-AD80-CA263E936DA6}) (Version: 3.2.2 - Realtime Soft Ltd)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Vasco da Gama 7 HDPro (HKLM-x32\...\{5C3CDFD0-45B3-48D0-941F-E3F76F343765}) (Version: 7.00.0000 - MotionStudios)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{1E94BBFF-3564-44DD-82F4-F4EDF1122B15}) (Version: 22.00.8811 - Buhl Data Service GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3009346515-3327974453-796363969-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Roland\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3009346515-3327974453-796363969-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Roland\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3009346515-3327974453-796363969-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Roland\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3009346515-3327974453-796363969-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Roland\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3009346515-3327974453-796363969-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Roland\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3009346515-3327974453-796363969-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Roland\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3009346515-3327974453-796363969-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Roland\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3009346515-3327974453-796363969-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Roland\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3009346515-3327974453-796363969-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Roland\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
10-02-2015 12:47:09 Windows Update
10-02-2015 12:57:25 Removed Cisco Systems VPN Client 5.0.07.0290
10-02-2015 12:59:44 Windows Update
10-02-2015 13:09:22 Windows Update
10-02-2015 13:23:00 Entfernt WISO Steuer-Sparbuch 2014
10-02-2015 13:24:04 Entfernt WISO Steuer-Sparbuch 2015
10-02-2015 13:31:42 Installiert WISO Steuer-Sparbuch 2015
10-02-2015 14:27:16 Installiert WISO Steuer-Sparbuch 2015
10-02-2015 15:37:49 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {32BFC4FC-A2DE-4E2D-8A36-34432A3AFCE6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-01] (Google Inc.)
Task: {538E772E-5387-4A40-B0F8-5CAF1655F8E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-01] (Google Inc.)
Task: {83575384-2446-4C54-995A-CA25F44E1286} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {8A5FB8AA-E2FB-459A-B23A-FD1A66755B6C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A2B2D03E-EF6C-4F66-9A23-0EBD7067AD9B} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2015-01-05] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2013-03-28 21:31 - 2013-03-28 21:31 - 00210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-09-23 12:53 - 2012-09-23 12:53 - 00748544 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-09-23 12:53 - 2012-09-23 12:53 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-28 21:30 - 2013-03-28 21:30 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-08-30 17:12 - 2014-08-30 17:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kpcengine.2.3.dll
2014-12-17 20:03 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Roland\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-10 16:39 - 2015-02-10 16:39 - 00043008 _____ () c:\users\roland\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgyrdqu.dll
2014-12-17 20:03 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Roland\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-12-17 20:03 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Roland\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-12-17 20:03 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Roland\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-02-10 12:48 - 2015-02-04 10:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-10 12:48 - 2015-02-04 10:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-10 12:48 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
2015-02-10 12:48 - 2015-02-04 10:02 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll
2014-05-01 17:13 - 2014-03-13 15:09 - 00200704 _____ () C:\Program Files (x86)\1-Klick Duplikat Löschen für Outlook\DDOutlook.dll
2009-02-26 12:46 - 2009-02-26 12:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 10:46 - 2011-06-22 10:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:9FF7C773
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
HKU\S-1-5-21-3009346515-3327974453-796363969-1001\Software\Classes\.exe: => <===== ATTENTION!
==================== Other Registry Areas =====================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3009346515-3327974453-796363969-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Roland\AppData\Local\Realtime Soft\UltraMon\UltraMon Wallpaper.bmp
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-3009346515-3327974453-796363969-500 - Administrator - Disabled)
Gast (S-1-5-21-3009346515-3327974453-796363969-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3009346515-3327974453-796363969-1002 - Limited - Enabled)
Roland (S-1-5-21-3009346515-3327974453-796363969-1001 - Administrator - Enabled) => C:\Users\Roland
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/10/2015 04:40:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/10/2015 03:35:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/10/2015 03:31:54 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.Runtime.Remoting, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131040
Error: (02/10/2015 03:31:54 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.Dynamic, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070002
Error: (02/10/2015 03:31:54 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.Configuration.Install, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80131040
Error: (02/10/2015 03:31:53 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: Microsoft.CSharp, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070002
Error: (02/10/2015 03:07:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/10/2015 02:26:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/10/2015 01:32:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/10/2015 01:17:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (02/10/2015 03:50:06 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error: (02/10/2015 03:50:05 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error: (02/10/2015 03:33:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (02/10/2015 03:33:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Core Update Service erreicht.
Error: (02/10/2015 00:41:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (02/10/2015 00:41:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.
Error: (02/10/2015 00:41:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (02/10/2015 00:41:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.
Error: (02/10/2015 00:41:11 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (02/10/2015 00:41:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-12-19 15:56:43.827
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-19 15:56:43.817
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-17 19:23:44.354
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-17 19:23:44.354
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-17 19:23:44.354
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-17 19:23:44.339
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-17 19:23:44.339
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-17 19:23:44.339
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-02 00:30:19.953
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-02 00:30:19.953
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: AMD Phenom(tm) II X4 965 Processor
Percentage of memory in use: 30%
Total physical RAM: 8191.18 MB
Available physical RAM: 5679.29 MB
Total Pagefile: 16380.54 MB
Available Pagefile: 13224.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:119.14 GB) (Free:55.85 GB) NTFS
Drive h: (Carola) (Fixed) (Total:60.15 GB) (Free:43.95 GB) NTFS
Drive m: (Musik) (Fixed) (Total:976.56 GB) (Free:262.52 GB) NTFS
Drive r: (Roland) (Fixed) (Total:195.31 GB) (Free:57.47 GB) NTFS
Drive v: (Videos) (Fixed) (Total:1562.5 GB) (Free:160.32 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 831A72C8)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=42)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 6F5FB6C4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 831A72CF)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=42)
==================== End Of Log ============================
|
|
10.02.2015, 18:39
| #4 |
| | Windows7 64bit: "csc.exe - ungültiges Bild" blockiert UpdateCode:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-10 17:12:35
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-5 FM-25S2I-128GBFII rev.1881 119,24GB
Running: Gmer-19357.exe; Driver: C:\Users\Roland\AppData\Local\Temp\awdiqpow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076931465 2 bytes [93, 76]
.text C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769314bb 2 bytes [93, 76]
.text ... * 2
.text C:\Users\Roland\AppData\Roaming\Dropbox\bin\Dropbox.exe[2324] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076931465 2 bytes [93, 76]
.text C:\Users\Roland\AppData\Roaming\Dropbox\bin\Dropbox.exe[2324] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000769314bb 2 bytes [93, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077611398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007761143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077611594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007761191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077611bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077611d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077611edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077611fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776127b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776127d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007761282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077612898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077612d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077612d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007761323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000776133c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077613a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077613ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077613b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077614190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077614241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776142b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776143f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077614434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000776145d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000776146d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077614a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077614b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077614c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077614d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077614ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077614ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000776150f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000776152f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000776153f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000776155e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000776164d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007761668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007761687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776168bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776168d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007761692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077617166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077617dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077617e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077661380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077661500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077661530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077661650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077661700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077661d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077661f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776627e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d6146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[3648] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077611398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007761143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077611594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007761191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077611bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077611d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077611edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077611fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776127b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776127d2 8 bytes {JMP 0x10}
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007761282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077612898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077612d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077612d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007761323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000776133c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077613a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077613ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077613b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077614190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077614241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776142b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776143f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077614434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000776145d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000776146d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077614a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077614b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077614c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077614d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077614ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077614ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000776150f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000776152f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000776153f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000776155e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000776164d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007761668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007761687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776168bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776168d4 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007761692c 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077617166 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077617dd1 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077617e57 8 bytes [00, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077661380 8 bytes JMP 3f3f3f3f
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077661500 8 bytes JMP 3f3f3f3f
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077661530 8 bytes JMP 3f3f3f3f
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077661650 8 bytes JMP 3f3f3f3f
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077661700 8 bytes JMP 3f3f3f3f
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077661d30 8 bytes JMP 3f3f3f3f
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077661f80 8 bytes JMP 3f3f3f3f
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776627e0 8 bytes JMP 3f3f3f3f
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d6146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077611398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007761143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077611594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007761191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077611bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077611d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077611edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077611fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776127b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776127d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007761282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077612898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077612d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077612d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007761323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000776133c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077613a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077613ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077613b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077614190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077614241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776142b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776143f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077614434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000776145d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000776146d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077614a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077614b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077614c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077614d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077614ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077614ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000776150f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000776152f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000776153f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000776155e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000776164d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007761668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007761687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776168bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776168d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007761692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077617166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077617dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077617e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077661380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077661500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077661530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077661650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077661700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077661d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077661f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776627e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d6146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1492] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077611398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007761143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077611594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007761191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077611bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077611d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077611edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077611fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776127b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776127d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007761282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077612898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077612d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077612d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007761323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000776133c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077613a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077613ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077613b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077614190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077614241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776142b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776143f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077614434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000776145d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000776146d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077614a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077614b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077614c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077614d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077614ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077614ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000776150f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000776152f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000776153f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000776155e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000776164d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007761668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007761687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776168bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776168d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007761692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077617166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077617dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077617e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077661380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077661500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077661530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077661650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077661700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077661d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077661f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776627e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d6146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[1644] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077611398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007761143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077611594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007761191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077611bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077611d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077611edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077611fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776127b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776127d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007761282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077612898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077612d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077612d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007761323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000776133c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077613a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077613ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077613b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077614190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077614241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776142b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776143f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077614434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000776145d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000776146d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077614a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077614b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077614c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518
|
|
10.02.2015, 18:41
| #5 |
| | Gmer 02Code:
ATTFilter .text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077614ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077614ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000776150f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000776152f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000776153f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000776155e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000776164d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007761668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007761687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776168bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776168d4 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007761692c 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077617166 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077617dd1 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077617e57 8 bytes [00, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077661380 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077661500 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077661530 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077661650 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077661700 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077661d30 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077661f80 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776627e0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d6146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4520] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077611398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007761143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077611594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007761191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077611bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077611d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077611edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077611fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776127b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776127d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007761282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077612898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077612d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077612d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007761323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000776133c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077613a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077613ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077613b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077614190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077614241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776142b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776143f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077614434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000776145d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000776146d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077614a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077614b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077614c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077614d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077614ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077614ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000776150f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000776152f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000776153f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000776155e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000776164d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007761668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007761687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776168bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776168d4 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007761692c 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077617166 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077617dd1 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077617e57 8 bytes [00, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077661380 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077661500 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077661530 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077661650 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077661700 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077661d30 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077661f80 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776627e0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d6146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1380] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077611398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007761143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077611594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007761191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077611bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077611d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077611edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077611fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776127b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776127d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007761282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077612898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077612d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077612d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007761323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000776133c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077613a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077613ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077613b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077614190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077614241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776142b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776143f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077614434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000776145d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000776146d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077614a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077614b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077614c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077614d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077614ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077614ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000776150f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000776152f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000776153f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000776155e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000776164d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007761668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007761687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776168bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776168d4 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007761692c 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077617166 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077617dd1 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077617e57 8 bytes [00, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077661380 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077661500 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077661530 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077661650 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077661700 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077661d30 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077661f80 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776627e0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d6146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077611398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007761143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077611594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007761191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077611bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077611d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077611edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077611fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776127b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776127d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007761282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077612898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077612d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077612d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007761323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000776133c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077613a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077613ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077613b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077614190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077614241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776142b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776143f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077614434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000776145d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000776146d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077614a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077614b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077614c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077614d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077614ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077614ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000776150f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000776152f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000776153f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000776155e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000776164d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007761668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007761687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776168bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776168d4 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007761692c 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077617166 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077617dd1 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077617e57 8 bytes [00, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077661380 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077661500 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077661530 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077661650 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077661700 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077661d30 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077661f80 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776627e0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d6146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077611398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007761143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077611594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007761191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077611bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077611d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077611edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077611fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776127b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776127d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007761282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077612898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077612d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077612d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007761323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000776133c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077613a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077613ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077613b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077614190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077614241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776142b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776143f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077614434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000776145d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000776146d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077614a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077614b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077614c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077614d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077614ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077614ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000776150f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000776152f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000776153f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000776155e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000776164d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007761668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007761687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776168bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776168d4 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007761692c 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077617166 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077617dd1 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077617e57 8 bytes [00, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077661380 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077661500 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077661530 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077661650 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077661700 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077661d30 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077661f80 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776627e0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d6146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077611398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007761143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077611594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007761191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077611bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077611d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077611edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077611fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776127b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776127d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007761282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077612898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077612d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077612d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007761323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000776133c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077613a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077613ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077613b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077614190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077614241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776142b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776143f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077614434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000776145d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000776146d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077614a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077614b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077614c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077614d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077614ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077614ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000776150f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000776152f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000776153f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000776155e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000776164d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007761668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007761687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776168bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776168d4 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007761692c 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077617166 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077617dd1 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077617e57 8 bytes [00, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077661380 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077661500 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077661530 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077661650 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077661700 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077661d30 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077661f80 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776627e0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d6146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3196] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077611398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007761143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077611594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007761191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077611bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077611d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077611edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077611fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776127b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776127d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007761282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077612898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077612d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077612d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007761323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000776133c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077613a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077613ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077613b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077614190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077614241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776142b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776143f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077614434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000776145d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000776146d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077614a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077614b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077614c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077614d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
|
|
10.02.2015, 18:42
| #6 |
| | Gmer 03Code:
ATTFilter .text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077614ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077614ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000776150f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000776152f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000776153f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000776155e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000776164d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007761668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007761687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776168bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776168d4 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007761692c 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077617166 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077617dd1 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077617e57 8 bytes [00, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077661380 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077661500 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077661530 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077661650 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077661700 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077661d30 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077661f80 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776627e0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d6146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4052] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077611398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007761143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077611594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007761191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077611bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077611d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077611edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077611fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776127b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776127d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007761282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077612898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077612d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077612d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007761323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000776133c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077613a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077613ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077613b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077614190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077614241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776142b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776143f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077614434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000776145d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000776146d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077614a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077614b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077614c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077614d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077614ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077614ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000776150f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000776152f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000776153f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000776155e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000776164d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007761668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007761687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776168bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776168d4 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007761692c 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077617166 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077617dd1 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077617e57 8 bytes [00, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077661380 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077661500 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077661530 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077661650 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077661700 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077661d30 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077661f80 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776627e0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d6146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077611398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007761143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077611594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007761191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077611bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077611d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077611edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077611fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776127b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776127d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007761282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077612898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077612d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077612d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007761323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000776133c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077613a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077613ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077613b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077614190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077614241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776142b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776143f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077614434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000776145d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000776146d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077614a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077614b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077614c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077614d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077614ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077614ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000776150f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000776152f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000776153f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000776155e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000776164d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007761668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007761687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776168bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776168d4 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007761692c 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077617166 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077617dd1 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077617e57 8 bytes [00, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077661380 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077661500 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077661530 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077661650 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077661700 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077661d30 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077661f80 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776627e0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d6146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1360] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077611398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007761143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077611594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007761191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077611bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077611d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077611edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077611fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776127b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776127d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007761282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077612898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077612d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077612d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007761323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000776133c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077613a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077613ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077613b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077614190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077614241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776142b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776143f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077614434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000776145d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000776146d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077614a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077614b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077614c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077614d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
0000000077614d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077614ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077614ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000776150f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000776152f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000776153f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000776155e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000776164d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007761668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007761687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776168bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776168d4 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007761692c 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077617166 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077617dd1 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077617e57 8 bytes [00, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077661380 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077661500 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077661530 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077661650 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077661700 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077661d30 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077661f80 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776627e0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d6146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1364] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077611398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007761143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077611594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007761191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077611bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077611d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077611edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077611fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776127b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776127d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007761282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077612898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077612d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077612d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007761323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000776133c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077613a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077613ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077613b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077614190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077614241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776142b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776143f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077614434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000776145d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000776146d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077614a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077614b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077614c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077614d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077614ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077614ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000776150f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000776152f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000776153f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000776155e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000776164d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007761668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007761687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776168bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776168d4 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007761692c 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077617166 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077617dd1 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077617e57 8 bytes [00, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077661380 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077661500 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077661530 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077661650 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077661700 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077661d30 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077661f80 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776627e0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d6146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5992] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077611398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007761143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077611594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007761191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077611bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077611d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077611edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077611fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776127b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776127d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007761282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077612898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077612d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077612d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007761323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000776133c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077613a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077613ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077613b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077614190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077614241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776142b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776143f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077614434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000776145d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000776146d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077614a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077614b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077614c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077614d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077614ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077614ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000776150f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000776152f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000776153f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000776155e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000776164d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007761668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007761687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776168bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776168d4 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007761692c 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077617166 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077617dd1 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077617e57 8 bytes [00, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077661380 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077661500 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077661530 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077661650 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077661700 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077661d30 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077661f80 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776627e0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d6146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077611398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007761143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077611594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007761191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077611bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077611d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077611edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077611fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776127b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776127d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007761282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077612898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077612d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077612d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007761323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000776133c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077613a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077613ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077613b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077614190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077614241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776142b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776143f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077614434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000776145d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000776146d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077614a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077614b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077614c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077614d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
|
|
10.02.2015, 18:43
| #7 |
| | Gmer 04Code:
ATTFilter .text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077614ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077614ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000776150f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000776152f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000776153f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000776155e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000776164d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007761668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007761687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776168bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776168d4 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007761692c 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077617166 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077617dd1 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077617e57 8 bytes [00, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077661380 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077661500 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077661530 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077661650 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077661700 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077661d30 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077661f80 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776627e0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d6146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077611398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007761143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077611594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007761191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077611bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077611d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077611edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077611fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776127b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776127d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007761282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077612898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077612d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077612d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007761323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000776133c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077613a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077613ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077613b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077614190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077614241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776142b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776143f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077614434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000776145d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000776146d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077614a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077614b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077614c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077614d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077614ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077614ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000776150f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000776152f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000776153f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000776155e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000776164d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007761668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007761687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776168bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776168d4 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007761692c 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077617166 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077617dd1 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077617e57 8 bytes [00, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077661380 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077661500 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077661530 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077661650 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077661700 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077661d30 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077661f80 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776627e0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d6146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5812] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077611398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007761143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077611594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007761191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077611bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077611d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077611edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077611fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776127b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776127d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007761282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077612898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077612d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077612d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007761323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000776133c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077613a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077613ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077613b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077614190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077614241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776142b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776143f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077614434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000776145d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000776146d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077614a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077614b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077614c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077614d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077614ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077614ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000776150f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000776152f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000776153f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000776155e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000776164d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007761668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007761687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776168bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776168d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007761692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077617166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077617dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077617e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077661380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077661500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077661530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077661650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077661700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077661d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077661f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776627e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d6146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[1240] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[1240] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d6146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[1240] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[1240] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[1240] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[1240] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[1240] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000770e8791 5 bytes JMP 0000000151ae53fc
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[1240] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076626143 5 bytes JMP 00000001525af68e
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[1240] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000075923e59 5 bytes JMP 0000000151b110b7
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[1240] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000075923eae 5 bytes JMP 0000000151b1b0be
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[1240] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000075924731 5 bytes JMP 0000000151b4b5dc
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[1240] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000075925dee 5 bytes JMP 0000000151b4c50f
? C:\Windows\system32\mssprxy.dll [1240] entry point in ".rdata" section 0000000071c371e6
.text C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE[1240] C:\Program Files (x86)\Common Files\SYSTEM\MSMAPI\1031\MSMAPI32.DLL!HrDispatchNotifications@4 + 112 0000000060fc1b80 4 bytes [FD, 9B, 31, E2]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077611398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007761143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077611594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007761191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077611bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077611d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077611edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077611fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776127b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776127d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007761282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077612898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077612d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077612d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007761323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000776133c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077613a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077613ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077613b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077614190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077614241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776142b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776143f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077614434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000776145d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000776146d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077614a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077614b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077614c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077614d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077614ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077614ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000776150f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000776152f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000776153f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000776155e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000776164d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007761668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007761687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776168bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776168d4 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007761692c 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077617166 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077617dd1 8 bytes [10, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077617e57 8 bytes [00, 6C, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077661380 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077661500 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077661530 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077661650 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077661700 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077661d30 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077661f80 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776627e0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d6146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2468] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 424 0000000077611398 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 000000007761143f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077611594 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 000000007761191e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077611bf8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077611d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077611edf 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077611fc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776127b0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776127d2 8 bytes {JMP 0x10}
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007761282f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 0000000077612898 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077612d1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077612d67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 000000007761323b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000776133c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 0000000077613a5e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 0000000077613ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077613b85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077614190 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077614241 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000776142b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000776143f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077614434 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 408 00000000776145d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 657 00000000776146d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 0000000077614a9c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077614b63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077614c57 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077614d76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077614ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077614ef3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000776150f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000776152f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000776153f7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 484 00000000776155e4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000776164d6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 000000007761668e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 000000007761687c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000776168bd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000776168d4 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007761692c 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077617166 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241 0000000077617dd1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119 0000000077617e57 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077661380 8 bytes {JMP QWORD [RIP-0x4a220]}
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077661500 8 bytes {JMP QWORD [RIP-0x49cef]}
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077661530 8 bytes {JMP QWORD [RIP-0x4ac62]}
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077661650 8 bytes {JMP QWORD [RIP-0x4a80f]}
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077661700 8 bytes {JMP QWORD [RIP-0x4adda]}
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077661d30 8 bytes {JMP QWORD [RIP-0x49edf]}
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077661f80 8 bytes {JMP QWORD [RIP-0x4a1b5]}
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776627e0 8 bytes {JMP QWORD [RIP-0x4ab13]}
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073d613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073d6146b 8 bytes {JMP 0xffffffffffffffb0}
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073d616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073d619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073d619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text R:\Downloads\Gmer-19357.exe[6472] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073d61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
---- Threads - GMER 2.1 ----
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3436:5200] 0000000076b17587
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3436:5204] 000000005ce68aa6
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3436:5492] 0000000077842e65
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3436:4548] 0000000077843e85
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3436:6676] 0000000077843e85
Thread C:\Windows\sysWow64\SearchProtocolHost.exe [2040:5672] 000000007181876d
Thread C:\Windows\sysWow64\SearchProtocolHost.exe [2040:5588] 0000000051af2ab2
Thread C:\Windows\sysWow64\SearchProtocolHost.exe [2040:5024] 0000000051af2ab2
---- Processes - GMER 2.1 ----
Library C:\Users\Roland\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Roland\AppData\Roaming\Dropbox\bin\Dropbox.exe [2324] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-12-17 19:03:50) 000000006ac70000
Library C:\Users\Roland\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Roland\AppData\Roaming\Dropbox\bin\Dropbox.exe [2324] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-12-17 19:03:49) 000000006a970000
Library C:\Users\Roland\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\Roland\AppData\Roaming\Dropbox\bin\Dropbox.exe [2324](2014-12-17 19:03:50) 000000006a8b0000
Library C:\Users\Roland\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Roland\AppData\Roaming\Dropbox\bin\Dropbox.exe [2324] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-12-17 19:03:49) 000000006a230000
Library C:\Users\Roland\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\Roland\AppData\Roaming\Dropbox\bin\Dropbox.exe [2324] (ICU I18N DLL/The ICU Project)(2014-12-17 19:03:50) 000000004a900000
Library C:\Users\Roland\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\Roland\AppData\Roaming\Dropbox\bin\Dropbox.exe [2324] (ICU Common DLL/The ICU Project)(2014-12-17 19:03:50) 00000000045b0000
Library C:\Users\Roland\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\Roland\AppData\Roaming\Dropbox\bin\Dropbox.exe [2324] (ICU Data DLL/The ICU Project)(2014-12-17 19:03:50) 000000004ad00000
Library c:\users\roland\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgyrdqu.dll (*** suspicious ***) @ C:\Users\Roland\AppData\Roaming\Dropbox\bin\Dropbox.exe [2324](2015-02-10 15:39:41) 0000000003310000
Library C:\Users\Roland\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Roland\AppData\Roaming\Dropbox\bin\Dropbox.exe [2324] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-12-17 19:03:49) 0000000064a70000
Library C:\Users\Roland\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Roland\AppData\Roaming\Dropbox\bin\Dropbox.exe [2324] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-12-17 19:03:49) 00000000631d0000
Library C:\Users\Roland\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Roland\AppData\Roaming\Dropbox\bin\Dropbox.exe [2324] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-12-17 19:03:49) 00000000647e0000
Library C:\Users\Roland\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Roland\AppData\Roaming\Dropbox\bin\Dropbox.exe [2324] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-12-17 19:03:49) 0000000064580000
Library C:\Users\Roland\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Roland\AppData\Roaming\Dropbox\bin\Dropbox.exe [2324] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-12-17 19:03:49) 0000000064550000
Library C:\Users\Roland\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\Roland\AppData\Roaming\Dropbox\bin\Dropbox.exe [2324](2014-12-17 19:03:50) 0000000064540000
Library C:\Users\Roland\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Roland\AppData\Roaming\Dropbox\bin\Dropbox.exe [2324] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-12-17 19:03:50) 0000000064510000
Library C:\Users\Roland\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Roland\AppData\Roaming\Dropbox\bin\Dropbox.exe [2324] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-12-17 19:03:49) 00000000644d0000
Library C:\Users\Roland\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Roland\AppData\Roaming\Dropbox\bin\Dropbox.exe [2324] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-12-17 19:03:49) 0000000064480000
Library C:\Users\Roland\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Roland\AppData\Roaming\Dropbox\bin\Dropbox.exe [2324](2014-12-17 19:03:50) 0000000064360000
Library C:\Users\Roland\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Roland\AppData\Roaming\Dropbox\bin\Dropbox.exe [2324](2014-12-17 19:03:50) 0000000064320000
Library C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{166D0585-C3D8-4C65-9E8A-35726858CF80}\offreg.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [5536](2015-02-10 16:01:53) 000007fef1560000
---- EOF - GMER 2.1 ----
|
|
11.02.2015, 07:12
| #8 |
| /// the machine /// TB-Ausbilder | Windows7 64bit: "csc.exe - ungültiges Bild" blockiert Update hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.02.2015, 12:53
| #9 |
| | Windows7 64bit: "csc.exe - ungültiges Bild" blockiert UpdateCode:
ATTFilter ComboFix 15-02-09.01 - Roland 12.02.2015 12:36:13.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8191.5963 [GMT 1:00]
ausgeführt von:: c:\users\Roland\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Roland\Documents\CBS.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
V:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-01-12 bis 2015-02-12 ))))))))))))))))))))))))))))))
.
.
2015-02-12 11:43 . 2015-02-12 11:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-12 11:42 . 2015-02-12 11:42 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{166D0585-C3D8-4C65-9E8A-35726858CF80}\offreg.dll
2015-02-10 16:16 . 2015-02-10 16:18 -------- d-----w- c:\users\Roland\AppData\Local\Diagnostics
2015-02-10 16:00 . 2015-02-10 16:01 -------- d-----w- C:\FRST
2015-02-10 15:52 . 2015-02-10 15:52 -------- d-----w- c:\program files (x86)\VS Revo Group
2015-02-10 14:46 . 2015-02-10 16:19 -------- d-----w- c:\users\Roland\AppData\Roaming\FastCopy
2015-02-10 14:46 . 2015-02-10 16:19 -------- d-----w- c:\program files\FastCopy
2015-02-10 14:39 . 2015-02-10 14:39 -------- d-----w- c:\windows\Migration
2015-02-10 12:31 . 2015-02-10 12:31 -------- d-----w- c:\program files (x86)\WISO
2015-02-10 12:09 . 2014-04-02 05:26 228352 ----a-w- c:\windows\system32\DLPGMLAI-1.DLL
2015-02-10 11:53 . 2015-02-10 11:54 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-10 11:53 . 2015-02-10 11:54 -------- d-----w- c:\program files\iTunes
2015-02-10 11:53 . 2015-02-10 11:53 -------- d-----w- c:\program files (x86)\iTunes
2015-02-10 11:53 . 2015-02-10 11:53 -------- d-----w- c:\program files\iPod
2015-02-10 11:47 . 2014-12-15 03:13 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{166D0585-C3D8-4C65-9E8A-35726858CF80}\mpengine.dll
2015-01-26 10:44 . 2015-01-26 10:46 -------- d-----w- c:\users\Roland\AppData\Roaming\Apple Computer
2015-01-26 10:44 . 2012-10-03 15:14 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2015-01-26 10:43 . 2015-01-26 10:43 -------- d-----w- c:\program files (x86)\Apple Software Update
2015-01-26 10:43 . 2015-02-10 11:53 -------- d-----w- c:\program files\Common Files\Apple
2015-01-26 10:43 . 2015-01-26 10:43 -------- d-----w- c:\program files\Bonjour
2015-01-26 10:43 . 2015-01-26 10:43 -------- d-----w- c:\program files (x86)\Bonjour
2015-01-26 10:43 . 2015-01-26 10:43 -------- d-----w- c:\program files (x86)\Common Files\Apple
2015-01-25 13:19 . 2015-01-25 13:21 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-01-25 07:45 . 2015-01-25 07:45 -------- d-----w- c:\programdata\Bitstream
2015-01-25 07:20 . 2015-01-25 07:26 -------- d-----w- C:\AdwCleaner
2015-01-25 07:10 . 2013-05-06 08:13 110176 ----a-w- c:\windows\system32\klfphc.dll
2015-01-25 07:10 . 2015-01-25 07:10 -------- d-----w- c:\windows\ELAMBKUP
2015-01-25 07:10 . 2015-01-25 07:10 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2015-01-25 07:10 . 2014-08-12 17:33 246456 ----a-w- c:\windows\system32\drivers\klhk.sys
2015-01-25 02:00 . 2015-01-25 02:00 -------- d-----w- c:\windows\CheckSur
2015-01-24 18:39 . 2015-02-12 11:29 -------- d-----w- c:\programdata\Kaspersky Lab
2015-01-24 18:25 . 2015-01-24 18:25 -------- d-----w- c:\users\Roland\AppData\Roaming\vlc
2015-01-21 16:59 . 2015-01-21 16:59 -------- d-----w- c:\windows\SysWow64\Adobe
2015-01-21 16:59 . 2001-10-26 22:16 16384 ----a-w- c:\windows\SysWow64\FileOps.exe
2015-01-21 16:58 . 2015-01-21 17:00 -------- d-----w- C:\eLearn
2015-01-21 11:48 . 2015-01-21 11:48 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-01-21 11:47 . 2015-01-21 11:47 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-21 11:47 . 2015-01-21 11:47 -------- d-----w- c:\programdata\Oracle
2015-01-21 11:47 . 2015-01-21 11:47 -------- d-----w- c:\program files (x86)\Java
2015-01-20 15:28 . 2015-01-20 15:28 -------- d-----w- c:\users\Roland\AppData\Roaming\DesktopDPO-b590ce5c4fa12d0f57bf76ef54d1be94
2015-01-20 15:27 . 2015-01-20 15:28 -------- d-----w- c:\program files (x86)\Design&Print
2015-01-19 12:34 . 2015-01-19 12:34 -------- d-----w- c:\windows\Log
2015-01-19 12:31 . 2015-01-19 12:31 -------- d-----w- c:\program files (x86)\Cisco Systems
2015-01-19 10:31 . 2015-01-24 18:24 -------- d-----w- c:\program files\VideoLAN
2015-01-18 18:13 . 2015-01-18 18:13 -------- d-sh--w- c:\users\Roland\AppData\Local\EmieUserList
2015-01-18 18:13 . 2015-01-18 18:13 -------- d-sh--w- c:\users\Roland\AppData\Local\EmieSiteList
2015-01-18 18:13 . 2015-01-18 18:13 -------- d-sh--w- c:\users\Roland\AppData\Local\EmieBrowserModeList
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-25 07:29 . 2014-08-13 18:34 77512 ----a-w- c:\windows\system32\drivers\klwtp.sys
2015-01-25 07:29 . 2014-08-20 17:04 818888 ----a-w- c:\windows\system32\drivers\klif.sys
2015-01-25 07:29 . 2014-08-18 13:43 150536 ----a-w- c:\windows\system32\drivers\klflt.sys
2015-01-20 17:45 . 2014-05-02 12:25 113365784 ----a-w- c:\windows\system32\MRT.exe
2014-12-22 23:41 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-13 05:09 . 2014-12-18 16:36 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-18 16:36 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-04 02:50 . 2014-12-17 19:06 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-17 19:06 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-17 19:06 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-17 19:06 830976 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-17 19:06 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 02:50 . 2014-12-17 19:06 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 02:44 . 2014-12-17 19:06 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-17 19:06 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-17 15:52 389296 ----a-w- c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-17 15:52 25059840 ----a-w- c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-17 15:52 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-17 15:52 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-17 15:52 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-17 15:52 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-17 15:52 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-17 15:52 2885120 ----a-w- c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-17 15:52 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-17 15:52 54784 ----a-w- c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-17 15:52 34304 ----a-w- c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-17 15:52 633856 ----a-w- c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-17 15:52 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-17 15:52 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-17 15:52 6039552 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-17 15:52 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-17 15:52 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-17 15:52 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-17 15:52 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-17 15:52 199680 ----a-w- c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-17 15:52 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-17 15:52 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-17 15:52 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-17 15:52 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-17 15:52 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-17 15:52 316928 ----a-w- c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-17 15:52 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-17 15:52 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-17 15:52 800768 ----a-w- c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-17 15:52 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-17 15:52 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-17 15:52 14412800 ----a-w- c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-17 15:52 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-17 15:52 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-17 15:52 2358272 ----a-w- c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-17 15:52 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-17 15:52 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-17 15:52 1548288 ----a-w- c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-17 15:52 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-17 15:52 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2014-11-18 13:56 . 2014-11-18 13:56 1202848 ----a-w- c:\windows\SysWow64\FM20.DLL
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2015-01-05 688984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-12-17 508800]
.
c:\users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Roland\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 39207112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - c:\windows\Installer\{9069EE0A-7615-4D86-AD80-CA263E936DA6}\IcoUltraMon.ico /auto [2014-5-1 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AVP15.0.1;Kaspersky Anti-Virus Service 15.0.1;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 PrintNotify;Druckererweiterungen und -benachrichtigungen;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 cm_km_w;Kaspersky Lab Crypto Module (FDE PDK);c:\windows\system32\DRIVERS\cm_km_w.sys;c:\windows\SYSNATIVE\DRIVERS\cm_km_w.sys [x]
S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 Klwtp;Klwtp;c:\windows\system32\DRIVERS\klwtp.sys;c:\windows\SYSNATIVE\DRIVERS\klwtp.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys;c:\windows\SYSNATIVE\DRIVERS\kldisk.sys [x]
S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 AVMCOWAN;AVM ISDN CoNDIS WAN CAPI Driver;c:\windows\system32\DRIVERS\AVMCOWAN.sys;c:\windows\SYSNATIVE\DRIVERS\AVMCOWAN.sys [x]
S3 FPCIBASE;AVM FRITZ!Card PCI;c:\windows\system32\DRIVERS\fpcibase.sys;c:\windows\SYSNATIVE\DRIVERS\fpcibase.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TT1724ht;AureonWDM;c:\windows\system32\drivers\TT1724ht.sys;c:\windows\SYSNATIVE\drivers\TT1724ht.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-10 11:47 1086280 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-01 11:27]
.
2015-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-01 11:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22 164760 ----a-w- c:\users\Roland\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22 164760 ----a-w- c:\users\Roland\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22 164760 ----a-w- c:\users\Roland\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22 164760 ----a-w- c:\users\Roland\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22 164760 ----a-w- c:\users\Roland\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22 164760 ----a-w- c:\users\Roland\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22 164760 ----a-w- c:\users\Roland\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-18 17:22 164760 ----a-w- c:\users\Roland\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLPSP"="c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2013-02-25 944104]
"DLQLU"="c:\program files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE" [2013-02-25 1244136]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-01-27 169768]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{09A10376-994C-4BBF-9121-F50CF7BA237E} - {F2A56BFE-7911-451A-BC74-A9C3C2E95126} - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll
TCP: DhcpNameServer = 192.168.178.1
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManagerDeluxe.10.alb"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.eps"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.gif"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.iff"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.pcd"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.png"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.psd"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tga"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tif"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tiff"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-02-12 12:51:01
ComboFix-quarantined-files.txt 2015-02-12 11:50
.
Vor Suchlauf: 12 Verzeichnis(se), 57.621.794.816 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 58.964.762.624 Bytes frei
.
- - End Of File - - E117B55F1B3D197F188305D74D0DD521
A36C5E4F47E84449FF07ED3517B43A31
|
|
12.02.2015, 20:26
| #10 |
| /// the machine /// TB-Ausbilder | Windows7 64bit: "csc.exe - ungültiges Bild" blockiert Update Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.02.2015, 09:24
| #11 |
| | Windows7 64bit: "csc.exe - ungültiges Bild" blockiert UpdateCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 13.02.2015 Suchlauf-Zeit: 09:05:31 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.02.13.02 Rootkit Datenbank: v2015.02.03.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Roland Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 358213 Verstrichene Zeit: 4 Min, 49 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Warnen PUM: Warnen Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.110 - Bericht erstellt 13/02/2015 um 09:16:10
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-13.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Roland - ROLAND-PC
# Gestarted von : R:\Downloads\AdwCleaner_4.110.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Google Chrome v40.0.2214.111
*************************
AdwCleaner[R0].txt - [2307 Bytes] - [25/01/2015 08:20:51]
AdwCleaner[R1].txt - [882 Bytes] - [25/01/2015 08:25:09]
AdwCleaner[R2].txt - [1882 Bytes] - [13/02/2015 09:11:58]
AdwCleaner[R3].txt - [1072 Bytes] - [13/02/2015 09:15:01]
AdwCleaner[S0].txt - [2551 Bytes] - [25/01/2015 08:22:46]
AdwCleaner[S1].txt - [1943 Bytes] - [13/02/2015 09:14:18]
AdwCleaner[S2].txt - [996 Bytes] - [13/02/2015 09:16:10]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1054 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Professional x64
Ran by Roland on 13.02.2015 at 9:18:54,68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.02.2015 at 9:21:19,15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
13.02.2015, 17:42
| #12 |
| /// the machine /// TB-Ausbilder | Windows7 64bit: "csc.exe - ungültiges Bild" blockiert UpdateESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.02.2015, 09:34
| #13 |
| | Windows7 64bit: "csc.exe - ungültiges Bild" blockiert Update Sorry, war übers Wochenende im Kölner Sumpf verschwunden... Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8392983ee9891f43ae445df7dbb1542b
# engine=22509
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-17 12:06:27
# local_time=2015-02-17 01:06:27 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1299 16777213 100 100 3609 51746417 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 10025 175804637 0 0
# scanned=25074
# found=1
# cleaned=0
# scan_time=202
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Roland\AppData\Local\Temp\OCS\ocs_v71a.exe.vir"
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8392983ee9891f43ae445df7dbb1542b
# engine=22515
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-17 04:22:07
# local_time=2015-02-17 05:22:07 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1299 16777213 100 100 4679 51761757 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 4072 175819977 0 0
# scanned=1181
# found=1
# cleaned=0
# scan_time=9
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Roland\AppData\Local\Temp\OCS\ocs_v71a.exe.vir"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8392983ee9891f43ae445df7dbb1542b
# engine=22515
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-17 04:58:22
# local_time=2015-02-17 05:58:22 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1299 16777213 100 100 1743 51763932 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 2647 175822152 0 0
# scanned=197802
# found=5
# cleaned=0
# scan_time=1438
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Roland\AppData\Local\Temp\OCS\ocs_v71a.exe.vir"
sh=40CE0A58E99858007E5DCD0BB5BF6A122686A917 ft=1 fh=f92770b35775886c vn="Win32/Somoto.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Roland\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1JVXHSEF\BiTool[1].dll"
sh=E0313533B0C6E316F78490796A2C969587F58A2C ft=1 fh=9155363a2ff91402 vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Roland\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\43APCXG8\setup[1].exe"
sh=40CE0A58E99858007E5DCD0BB5BF6A122686A917 ft=1 fh=f92770b35775886c vn="Win32/Somoto.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Roland\AppData\Local\Temp\bitool.dll"
sh=E0313533B0C6E316F78490796A2C969587F58A2C ft=1 fh=9155363a2ff91402 vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Roland\AppData\Local\Temp\nsp77E0.tmp"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8392983ee9891f43ae445df7dbb1542b
# engine=22515
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-17 08:59:22
# local_time=2015-02-17 09:59:22 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1299 16777213 100 100 19803 51778392 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 20707 175836612 0 0
# scanned=994677
# found=53
# cleaned=0
# scan_time=14190
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Roland\AppData\Local\Temp\OCS\ocs_v71a.exe.vir"
sh=40CE0A58E99858007E5DCD0BB5BF6A122686A917 ft=1 fh=f92770b35775886c vn="Win32/Somoto.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Roland\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1JVXHSEF\BiTool[1].dll"
sh=E0313533B0C6E316F78490796A2C969587F58A2C ft=1 fh=9155363a2ff91402 vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Roland\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\43APCXG8\setup[1].exe"
sh=40CE0A58E99858007E5DCD0BB5BF6A122686A917 ft=1 fh=f92770b35775886c vn="Win32/Somoto.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Roland\AppData\Local\Temp\bitool.dll"
sh=E0313533B0C6E316F78490796A2C969587F58A2C ft=1 fh=9155363a2ff91402 vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Roland\AppData\Local\Temp\nsp77E0.tmp"
sh=520BEAD5FEE88B16F7FFFCE99B202FA4C9D3D68C ft=1 fh=a4aa744e47bc6ab9 vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="R:\Downloads\download_audiograbber.exe"
sh=214C1CB9988A9E549654852F678F4B53BA57DF18 ft=1 fh=02b0c5717f486857 vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="R:\Downloads\download_videograbber.exe"
sh=82D1B4EBA74DB6DC3E93BB83EBFA3D9D9912C130 ft=1 fh=cb8e095e95327e80 vn="Variante von Win32/WinloadSDA.I evtl. unerwünschte Anwendung" ac=I fn="R:\Downloads\Easy-Video-Splitter-lnstall.exe"
sh=73C98F1721958026BEB496BFCF15FB9A28B3B7A0 ft=1 fh=9a28cb911a364095 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="R:\Downloads\Unlocker1.9.2.exe"
sh=73734A528FE340FA5748FEBDE219A6286B3623E0 ft=1 fh=c71c0011d0b98983 vn="Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung" ac=I fn="R:\Software\asus-update.exe"
sh=53F62179A8C09D775A91CFA4DE78DCBA557C2231 ft=1 fh=28f8b39db5682573 vn="Variante von Win32/InstallCore.IO evtl. unerwünschte Anwendung" ac=I fn="R:\Software\flashplayer.exe"
sh=13FE084506C202B667BCADDF2A7D1575F21D5B64 ft=1 fh=8a8ff7b648299869 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="R:\Software\FreeVideoDub17.exe"
sh=DC9294BBD936C768B817BAADBAFE3B1D8193759C ft=1 fh=5bf68cbb91a75c64 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="R:\Software\FreeVideoToiPhoneConverter.exe"
sh=CAF97958B03A2FA0161CEB4927CC1573EBF7C72D ft=1 fh=f4636a25dde6b8dd vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="R:\Software\FreeYouTubeToMp3Converter.exe"
sh=768AB00622964AF093AE369C2098265984CA583C ft=1 fh=76149a3fdcd44d15 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="R:\Software\FreeYouTubeToMP3Converter_3.11.25.exe"
sh=B017681FCEB58717231AFFB3FB905AEF8691A6B8 ft=1 fh=e4973408196558cd vn="Variante von Win32/Toolbar.SearchSuite.V evtl. unerwünschte Anwendung" ac=I fn="R:\Software\jZipSetup-r182-n-bc.exe"
sh=E2C028A886AA7352539DEE32CBB38770C529A76E ft=1 fh=d2aeb2930bcba9f7 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="R:\Software\PDFCreator-1_7_3_setup.exe"
sh=739EABF661AE6C22DD97601DD741B2C3C6DBAD56 ft=1 fh=c71c00117aed0bca vn="Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung" ac=I fn="R:\Software\PDFWriterSetup.exe"
sh=DA07B01C084059A27B3CC1C0DCED88742BE69F62 ft=1 fh=fcb267ab15cdd4a2 vn="Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="R:\Software\ProductKeyFinder23.exe"
sh=3469919FD9EAB9957B18D7503ACD157AAE68FA6E ft=1 fh=1435021d5f6f807d vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="R:\Software\SereneScreen Marine Aquarium - CHIP-Downloader.exe"
sh=CF28A90A604164C6D5397999D5D90280E293A2B0 ft=1 fh=250619b7bcd7cedf vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="R:\Software\Setup_FreeFlvConverter.exe"
sh=1094E31788BDC2238A40C28A874E7471B9E6170F ft=1 fh=32b3e6431ddd6067 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="R:\Software\SoftonicDownloader27335.exe"
sh=75F4FD01430A3272F80F333F4C00E1F08E501BE2 ft=1 fh=f22d50ca4b09c9aa vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="R:\Software\SoftonicDownloader68622.exe"
sh=734A5AB823C7F588BDA1123356729D121F8FA67A ft=1 fh=261b81f8ec732841 vn="Variante von Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="R:\Software\SoftonicDownloader79404.exe"
sh=65A697E28C3F09B93792F7FB55A4F8367C79657B ft=1 fh=1ffbd79d7ad3c782 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="R:\Software\SoftonicDownloader_fuer_einestoppuhr.exe"
sh=C2649B25CE93BCB5CB86B2DCFD5A49BFA220D082 ft=1 fh=bb761b2e7e111c17 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="R:\Software\Thunderbird - CHIP-Downloader.exe"
sh=8F1A1CF218E97CADF7A6435A87023AE2B4F617F1 ft=1 fh=b7a61758cf0db521 vn="Variante von Win32/Toolbar.SearchSuite.W evtl. unerwünschte Anwendung" ac=I fn="R:\Software\TorchSetup.exe"
sh=21825C03CB1A667D80033F0E3B10EADC3F4EB847 ft=1 fh=4d81a715f53ac34e vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="R:\Software\YTD483Setup.exe"
sh=FB7FC59BEB9B5C3480AD5DAA25E8DD8754035E9A ft=1 fh=be0a036e9bfb8ce9 vn="Variante von Win32/SweetIM.C evtl. unerwünschte Anwendung" ac=I fn="R:\Software\DVD Software\VideoConverterSDM.exe"
sh=600A0295369F89C300038D770E5E114F2E25A3AF ft=1 fh=df0838ff15738a3a vn="Win32/DownloadAdmin.G evtl. unerwünschte Anwendung" ac=I fn="R:\Software\MP3\cbsidlm-tr1_9-Free_MP3WMAOGG_Converter-ORG2-10793572.exe"
sh=A55563931B3222930E2E1218CEFD0ABC43519790 ft=1 fh=9d7e683e959bbbb4 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="R:\Software\MP3\FreeVideoToMP3Converter.exe"
sh=07CF040FEFA25DFDA4287BAB632EAB806E294695 ft=1 fh=0db8f293d4a19d8f vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="R:\Software\MP3\FreeYouTubeToMP3Converter.exe"
sh=E8CD33623287C08C7CC3662A042E45522654BB30 ft=1 fh=7cd3b160b0dbd4bd vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="R:\Software\MP3\FreeYouTubeToMP3Converter37.exe"
sh=4988661805BDD8EC99D19985B27A75A24E9CD179 ft=1 fh=c71c001119b6a674 vn="Variante von Win32/InstallCore.PZ evtl. unerwünschte Anwendung" ac=I fn="R:\Software\MP3\MP3Tag\ImageEditorSetup.exe"
sh=F43725D5ECA3D0F48C4677E2E96D1C986B3ADDC0 ft=1 fh=c71c001110b3f691 vn="Variante von Win32/Injected.F Trojaner" ac=I fn="R:\Software\Outlook\COMPUTER_BILD-Download-Manager_fuer_DuplicateDeleteOutlook_D.exe"
sh=6CF8A9F031B45F70BE3E66E7ACC7449CDA15FA34 ft=1 fh=2de4b6f517306153 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="R:\Software\pdf\PDFCreator-1_2_3_setup.exe"
sh=BCF43267B4416C6DDEFAAD5AE0A63E3F682C5BB0 ft=1 fh=905be375e5c80006 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="R:\Software\pdf\PDFCreator-1_6_2_setup.exe"
sh=D0357617961BF3D526BEFAAB0048CBB983EA4DF9 ft=1 fh=c604c933e8b9509f vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="R:\Software\pdf\PDFCreator-1_7_0_setup.exe"
sh=9434866971DD357600C9F2B1E31B7893C3A070F0 ft=1 fh=4f14aeb246e47811 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="R:\Software\pdf\PDFCreator-1_7_1_setup.exe"
sh=1447092BA29779C726829611180994E17718C412 ft=1 fh=23f22b72eb3a5b90 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="R:\Software\pdf\PDFCreator-1_7_2_setup_offline.exe"
sh=47DA0A4A23B5F6FA4C8DD6BD9B6055691E4339EB ft=1 fh=2ec24482c96e1f8f vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="R:\Software\pdf\PDFCreator-1_9_3-setup.exe"
sh=FCDC48707066F599DFC101E4D65498B52062A573 ft=1 fh=1b790cc9c1a68901 vn="NSIS/StartPage.CC Trojaner" ac=I fn="R:\Software\VLC Media PLayer\vlc-2.1.5-win64.exe"
sh=A24D3DED62755F32F0AE08892960561A68B21C23 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="V:\Backup Wohnzimmer\C - Boot\WINDOWS\Installer\bbf59.msi"
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="V:\Ex Neuinstallation\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="V:\Ex Neuinstallation\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
sh=738A06CFA5916F0E65BE9B34269464112F13F64D ft=1 fh=02170ed71572fbfe vn="Win32/Toolbar.Conduit.AC evtl. unerwünschte Anwendung" ac=I fn="V:\Ex Neuinstallation\Program Files (x86)\Conduit\CT3312806\plugins\TBVerifier.dll"
sh=86374AFC3EF28F57ADA6900F0CDDA6433CE4E26C ft=1 fh=aa4653bc87a1d34a vn="Variante von Win32/Toolbar.Conduit.AM evtl. unerwünschte Anwendung" ac=I fn="V:\Ex Neuinstallation\Program Files (x86)\Conduit\CT3317892\plugins\TBVerifier.dll"
sh=3D065D5DC41C6F0C685E8B100823BF7D335480C8 ft=1 fh=492810c88585534f vn="Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="V:\Ex Neuinstallation\Program Files (x86)\RadioTotal1\hk64tbRadi.dll"
sh=1C7104C8E6DF9AB4FB57A46CBF11DF546ACC9027 ft=1 fh=01484eaa5d1a1195 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="V:\Ex Neuinstallation\Program Files (x86)\RadioTotal1\hktbRadi.dll"
sh=9BDAB8DE3A3D55C080822AC62C9D9C9040144A91 ft=1 fh=79b16062eef966aa vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="V:\Ex Neuinstallation\Program Files (x86)\RadioTotal1\ldrtbRadi.dll"
sh=51AA3E2E41BB64C6F1D6070624E497992BDD782A ft=1 fh=d0c46c54906a2518 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="V:\Ex Neuinstallation\Program Files (x86)\RadioTotal1\prxtbRadi.dll"
sh=C58417722C0B741EA8D55D06914E692180900885 ft=1 fh=f4976c33c2ff8570 vn="Win32/Toolbar.Conduit.V evtl. unerwünschte Anwendung" ac=I fn="V:\Ex Neuinstallation\Program Files (x86)\RadioTotal1\RadioTotal1ToolbarHelper.exe"
sh=59A47A417F6470CCB1248CC9A88492C9DF8F0725 ft=1 fh=5b50becaddff672c vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="V:\Ex Neuinstallation\Program Files (x86)\RadioTotal1\tbRadi.dll"
Code:
ATTFilter Results of screen317's Security Check version 0.99.96
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 31
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Reader XI
Google Chrome (40.0.2214.111)
Google Chrome (40.0.2214.91)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Roland (administrator) on ROLAND-PC on 18-02-2015 09:25:51
Running from R:\Downloads
Loaded Profiles: Roland (Available profiles: Roland)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe
(Dropbox, Inc.) C:\Users\Roland\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonUiAcc.exe
(Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) R:\Downloads\FRST64 (1).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DLPSP] => C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE [944104 2013-02-25] (Dell Inc.)
HKLM\...\Run: [DLQLU] => C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE [1244136 2013-02-25] (Dell Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKU\S-1-5-21-3009346515-3327974453-796363969-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2015-01-05] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3009346515-3327974453-796363969-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk
ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{9069EE0A-7615-4D86-AD80-CA263E936DA6}\IcoUltraMon.ico ()
Startup: C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Roland\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Roland\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Roland\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Roland\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Roland\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Roland\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Roland\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Roland\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Roland\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3009346515-3327974453-796363969-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3009346515-3327974453-796363969-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3009346515-3327974453-796363969-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3009346515-3327974453-796363969-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-25]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-25]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-25]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.ducatoforum-wohnmobile.de/forum/wbb/index.php", "hxxp://www.wohnmobilforum.de/wohnmobil-technik-f20.html", "hxxp://forum.milwaukee-vtwin.de/index.php", "hxxp://www.vrod-forum.eu/bbl/index.php?page=Index", "hxxp://www.naviboard.de/vb/forumdisplay.php?f=122", "hxxp://e30-talk.com/", "chrome://newtab/"
CHR DefaultSearchKeyword: Default -> google.com_
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Easy Auto Refresh) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2014-12-18]
CHR Extension: (Google Docs) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-01]
CHR Extension: (Google Drive) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-01]
CHR Extension: (Bookmark Sentry (scanner)) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdglbbcbmgnimogcmcdenggkpdmihlga [2014-05-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-17]
CHR Extension: (YouTube) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-01]
CHR Extension: (Google-Suche) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-01]
CHR Extension: (Kaspersky Protection) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-01-25]
CHR Extension: (iCloud-Lesezeichen) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2014-12-18]
CHR Extension: (WhatFont) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2014-12-18]
CHR Extension: (Dislike Button for Facebook) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbnljppimpdkhccmgflleoppbaaiglhl [2014-05-01]
CHR Extension: (Google Wallet) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-01]
CHR Extension: (Google Mail) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-01]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 DLPWD; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE [155496 2012-09-26] (Dell Inc.)
R2 DLSDB; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [343400 2012-09-26] (Dell Inc.)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [516952 2015-01-05] (Garmin Ltd or its subsidiaries)
S3 PrintNotify; C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [2899968 2013-08-22] (Microsoft Corporation) [File not signed]
R2 PSI_SVC_2_x64; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [79872 2009-06-10] (AVM GmbH)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R3 FPCIBASE; C:\Windows\System32\DRIVERS\fpcibase.sys [899328 2009-06-10] (AVM Berlin)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-01-25] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [818888 2015-01-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-01-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 TT1724ht; C:\Windows\System32\drivers\TT1724ht.sys [96096 2010-05-06] (TerraTec Electronic GmbH)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-18 09:23 - 2015-02-18 09:23 - 00000855 _____ () C:\Users\Roland\Desktop\checkup.txt
2015-02-17 17:38 - 2015-02-13 09:11 - 02112512 _____ () C:\Users\Roland\Desktop\AdwCleaner_4.110.exe
2015-02-17 17:14 - 2015-02-17 12:16 - 01813356 _____ () C:\Users\Roland\Desktop\CBS.log
2015-02-13 10:37 - 2015-02-13 10:37 - 00002095 _____ () C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2015.lnk
2015-02-13 10:37 - 2015-02-13 10:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2015
2015-02-13 10:31 - 2015-02-13 10:31 - 00003092 _____ () C:\Windows\System32\Tasks\{B2D7EFFF-981F-4ABB-A018-F969EF0E3E4A}
2015-02-13 09:53 - 2015-02-13 09:48 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll
2015-02-13 09:48 - 2015-02-13 09:48 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2015-02-13 09:45 - 2015-02-13 10:25 - 00000000 ____D () C:\Program Files\Unlocker
2015-02-13 09:45 - 2015-02-13 09:50 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2015-02-13 09:45 - 2015-02-13 09:45 - 00000848 _____ () C:\Users\Roland\Desktop\Start Unlocker.lnk
2015-02-13 09:35 - 2015-02-13 09:29 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\alink.dll
2015-02-13 09:33 - 2015-02-17 17:34 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-13 09:02 - 2015-02-13 09:02 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-13 09:01 - 2015-02-13 09:01 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-13 09:01 - 2015-02-13 09:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-02-13 09:01 - 2015-02-13 09:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-13 09:01 - 2015-02-13 09:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-02-13 09:01 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-13 09:01 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-13 09:01 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-12 20:17 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-12 20:17 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-12 20:17 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-12 20:17 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-12 15:22 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-12 15:22 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-12 15:22 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-12 15:22 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-12 15:22 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-12 15:22 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-12 15:22 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-12 15:22 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-12 15:22 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-12 15:22 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 15:22 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-12 15:22 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-12 15:22 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-12 15:22 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-12 15:22 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-12 15:22 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-12 15:22 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-12 15:22 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-12 15:22 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-12 15:22 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-12 15:22 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-12 15:22 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-12 15:22 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-12 15:22 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-12 15:22 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-12 15:22 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-12 15:22 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 15:22 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-12 15:22 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-12 15:22 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-12 15:22 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 15:22 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-12 15:22 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-12 15:22 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-12 15:22 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-12 15:22 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-12 15:21 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-12 15:21 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-12 15:21 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-12 15:21 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-12 15:21 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-12 15:21 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-12 15:21 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-12 15:21 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 15:21 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-12 15:21 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-12 12:51 - 2015-02-12 12:51 - 00023763 _____ () C:\ComboFix.txt
2015-02-12 12:35 - 2015-02-12 12:51 - 00000000 ____D () C:\Qoobox
2015-02-12 12:35 - 2015-02-12 12:48 - 00000000 ____D () C:\Windows\erdnt
2015-02-12 12:35 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-12 12:35 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-12 12:35 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-12 12:35 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-12 12:35 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-12 12:35 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-12 12:35 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-12 12:35 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-10 17:05 - 2015-02-10 17:05 - 00000000 _____ () C:\Users\Roland\defogger_reenable
2015-02-10 17:00 - 2015-02-18 09:25 - 00000000 ____D () C:\FRST
2015-02-10 16:52 - 2015-02-10 16:52 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-10 15:46 - 2015-02-10 17:19 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\FastCopy
2015-02-10 15:46 - 2015-02-10 17:19 - 00000000 ____D () C:\Program Files\FastCopy
2015-02-10 13:31 - 2015-02-13 10:34 - 00000000 ____D () C:\Program Files (x86)\WISO
2015-02-10 13:09 - 2014-04-02 06:26 - 00228352 _____ (Dell Inc.) C:\Windows\system32\DLPGMLAI-1.DLL
2015-02-10 12:57 - 2015-02-10 12:58 - 00001594 _____ () C:\Windows\VPNUnInstall.MIF
2015-02-10 12:54 - 2015-02-10 12:54 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-10 12:54 - 2015-02-10 12:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-10 12:53 - 2015-02-10 12:54 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-10 12:53 - 2015-02-10 12:54 - 00000000 ____D () C:\Program Files\iTunes
2015-02-10 12:53 - 2015-02-10 12:53 - 00000000 ____D () C:\Program Files\iPod
2015-02-10 12:53 - 2015-02-10 12:53 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-26 11:44 - 2015-01-26 11:46 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\Apple Computer
2015-01-26 11:44 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-01-26 11:43 - 2015-02-10 12:53 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-26 11:43 - 2015-01-26 11:43 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-01-26 11:43 - 2015-01-26 11:43 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-01-26 11:43 - 2015-01-26 11:43 - 00000000 ____D () C:\Program Files\Bonjour
2015-01-26 11:43 - 2015-01-26 11:43 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-01-26 11:43 - 2015-01-26 11:43 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-01-25 14:19 - 2015-01-25 14:21 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-01-25 11:37 - 2015-01-25 11:37 - 00000000 ____D () C:\Users\Roland\Documents\Steuer-Sparbuch
2015-01-25 08:45 - 2015-01-25 08:45 - 00000000 ____D () C:\ProgramData\Bitstream
2015-01-25 08:20 - 2015-02-17 18:01 - 00000000 ____D () C:\AdwCleaner
2015-01-25 08:14 - 2015-01-25 08:14 - 00000979 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2015-01-25 08:10 - 2015-01-25 08:10 - 00000000 ____D () C:\Windows\ELAMBKUP
2015-01-25 08:10 - 2015-01-25 08:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-01-25 08:10 - 2015-01-25 08:10 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-01-25 08:10 - 2014-08-12 18:33 - 00246456 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-01-25 08:10 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-01-25 03:00 - 2015-01-25 03:00 - 00000000 ____D () C:\Windows\CheckSur
2015-01-24 19:39 - 2015-02-18 07:33 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-24 19:25 - 2015-01-24 19:25 - 00000871 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-24 19:25 - 2015-01-24 19:25 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\vlc
2015-01-22 18:17 - 2015-01-22 18:20 - 00000000 ____D () C:\Users\Roland\Desktop\Vorlagen
2015-01-21 17:59 - 2015-01-21 17:59 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2015-01-21 17:59 - 2001-10-26 23:16 - 00016384 _____ () C:\Windows\SysWOW64\FileOps.exe
2015-01-21 17:58 - 2015-01-21 18:08 - 00000618 _____ () C:\Users\Roland\Desktop\Fiat Ducato.lnk
2015-01-21 17:58 - 2015-01-21 18:00 - 00000000 ____D () C:\eLearn
2015-01-21 17:58 - 2015-01-21 17:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLearn
2015-01-21 12:48 - 2015-01-21 12:48 - 00000000 ____D () C:\ProgramData\Sun
2015-01-21 12:47 - 2015-01-21 12:47 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-21 12:47 - 2015-01-21 12:47 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-21 12:47 - 2015-01-21 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-21 12:47 - 2015-01-21 12:47 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-20 16:28 - 2015-01-20 16:28 - 00001919 _____ () C:\Users\Public\Desktop\Design&Print.lnk
2015-01-20 16:28 - 2015-01-20 16:28 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\DesktopDPO-b590ce5c4fa12d0f57bf76ef54d1be94
2015-01-20 16:28 - 2015-01-20 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avery Zweckform
2015-01-20 16:27 - 2015-01-20 16:28 - 00000000 ____D () C:\Program Files (x86)\Design&Print
2015-01-19 20:00 - 2015-01-19 20:00 - 00000000 ____D () C:\Users\Roland\Documents\Garmin
2015-01-19 19:12 - 2015-01-19 19:12 - 00003554 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2015-01-19 19:12 - 2015-01-19 19:12 - 00001888 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2015-01-19 13:31 - 2015-01-19 13:32 - 00001594 _____ () C:\Windows\VPNInstall.MIF
2015-01-19 13:31 - 2015-01-19 13:31 - 00000000 ____D () C:\Program Files (x86)\Cisco Systems
2015-01-19 11:31 - 2015-01-24 19:24 - 00000000 ____D () C:\Program Files\VideoLAN
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-18 09:18 - 2014-05-01 17:58 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-18 09:17 - 2014-05-01 12:11 - 01883638 _____ () C:\Windows\WindowsUpdate.log
2015-02-18 08:47 - 2014-05-01 12:27 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-18 03:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-18 03:26 - 2009-07-14 05:45 - 00025696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-18 03:26 - 2009-07-14 05:45 - 00025696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-18 03:23 - 2014-05-01 22:03 - 00702730 _____ () C:\Windows\system32\perfh007.dat
2015-02-18 03:23 - 2014-05-01 22:03 - 00150370 _____ () C:\Windows\system32\perfc007.dat
2015-02-18 03:23 - 2009-07-14 06:13 - 01628492 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-18 03:16 - 2014-05-01 15:17 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\Dropbox
2015-02-18 03:16 - 2014-05-01 12:27 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-18 03:16 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-18 03:16 - 2009-07-14 05:51 - 00032138 _____ () C:\Windows\setupact.log
2015-02-18 03:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-16 12:15 - 2010-11-21 04:47 - 00151384 _____ () C:\Windows\PFRO.log
2015-02-13 10:58 - 2014-05-01 20:51 - 01601156 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-13 10:41 - 2014-05-01 16:04 - 00000623 _____ () C:\Windows\wiso.ini
2015-02-13 10:34 - 2014-05-01 12:27 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-13 09:50 - 2014-05-01 15:18 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-13 09:28 - 2014-05-01 12:40 - 00000000 ____D () C:\Program Files\totalcmd
2015-02-12 20:17 - 2014-12-18 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 20:17 - 2014-05-02 13:25 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-12 20:12 - 2014-12-17 20:28 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 20:12 - 2014-05-02 15:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 20:12 - 2009-07-14 05:45 - 00598936 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 20:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-12 17:20 - 2014-05-01 12:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-12 12:43 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-10 17:20 - 2014-05-01 12:11 - 00000000 ____D () C:\Users\Roland
2015-02-10 17:19 - 2014-05-01 17:58 - 00000000 ____D () C:\ProgramData\Licenses
2015-02-10 17:19 - 2014-05-01 12:40 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\GHISLER
2015-02-10 17:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-02-10 14:04 - 2014-12-17 16:26 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\Garmin
2015-02-10 13:15 - 2014-05-01 17:18 - 00000000 ____D () C:\Users\Roland\Documents\Mein Steuer-Sparbuch Heute
2015-02-10 12:42 - 2014-05-01 12:27 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-10 12:42 - 2014-05-01 12:27 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-10 12:40 - 2010-11-21 08:17 - 00000000 ____D () C:\Windows\CSC
2015-01-26 11:43 - 2014-05-01 17:41 - 00000000 ____D () C:\ProgramData\Apple
2015-01-25 11:36 - 2014-05-01 12:27 - 00192000 _____ () C:\Users\Roland\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-25 08:29 - 2014-08-20 18:04 - 00818888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-01-25 08:29 - 2014-08-18 14:43 - 00150536 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-01-25 08:29 - 2014-08-13 19:34 - 00077512 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klwtp.sys
2015-01-25 08:22 - 2014-05-01 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-25 08:14 - 2014-12-18 09:08 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\Mp3tag
2015-01-25 08:14 - 2014-05-01 16:44 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2015-01-24 19:29 - 2014-05-01 12:11 - 00001421 _____ () C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-20 18:17 - 2014-05-01 16:43 - 00000000 ____D () C:\ProgramData\MAGIX
2015-01-19 20:59 - 2014-12-17 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-01-19 19:12 - 2014-12-17 16:31 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-19 19:12 - 2014-12-17 16:26 - 00000000 ____D () C:\Users\Roland\AppData\Local\Garmin
2015-01-19 19:12 - 2014-12-17 16:26 - 00000000 ____D () C:\ProgramData\Garmin
2015-01-19 19:12 - 2014-12-17 16:26 - 00000000 ____D () C:\Program Files\DIFX
2015-01-19 19:12 - 2014-12-17 16:26 - 00000000 ____D () C:\Program Files (x86)\Garmin
Some content of TEMP:
====================
C:\Users\Roland\AppData\Local\Temp\bitool.dll
C:\Users\Roland\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxosral.dll
C:\Users\Roland\AppData\Local\Temp\Quarantine.exe
C:\Users\Roland\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-18 03:46
==================== End Of Log ============================
--- --- --- Ja, das Problem besteht weiterhin. Ich habe aufgrund des Supports vom Steuerprogramm einen sfc-scan laufen lassen. Der wurde nicht korrekt beendet. Vielleicht kannst Du mit dem CBS-log was anfangen - das ist aber als CODE-Text zu lang für einen Post. Soll ich das zippen? |
|
18.02.2015, 18:08
| #14 |
| /// the machine /// TB-Ausbilder | Windows7 64bit: "csc.exe - ungültiges Bild" blockiert Update Was heisst nicht korrekt beendet? Wurden Dateien nicht repariert? Nee mit dem LOg kann ich nix anfangen. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter
C:\AdwCleaner\Quarantine\C\Users\Roland\AppData\Local\Temp\OCS\ocs_v71a.exe.vir
C:\Users\Roland\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1JVXHSEF\BiTool[1].dll
C:\Users\Roland\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\43APCXG8\setup[1].exe
C:\Users\Roland\AppData\Local\Temp\bitool.dll
C:\Users\Roland\AppData\Local\Temp\nsp77E0.tmp
R:\Downloads\download_audiograbber.exe
R:\Downloads\download_videograbber.exe
R:\Downloads\Easy-Video-Splitter-lnstall.exe
R:\Downloads\Unlocker1.9.2.exe
R:\Software\asus-update.exe
R:\Software\flashplayer.exe
R:\Software\FreeVideoDub17.exe
R:\Software\FreeVideoToiPhoneConverter.exe
R:\Software\FreeYouTubeToMp3Converter.exe
R:\Software\FreeYouTubeToMP3Converter_3.11.25.exe
R:\Software\jZipSetup-r182-n-bc.exe
R:\Software\PDFCreator-1_7_3_setup.exe
R:\Software\PDFWriterSetup.exe
R:\Software\ProductKeyFinder23.exe
R:\Software\SereneScreen Marine Aquarium - CHIP-Downloader.exe
R:\Software\Setup_FreeFlvConverter.exe
R:\Software\SoftonicDownloader27335.exe
R:\Software\SoftonicDownloader68622.exe
R:\Software\SoftonicDownloader79404.exe
R:\Software\SoftonicDownloader_fuer_einestoppuhr.exe
R:\Software\Thunderbird - CHIP-Downloader.exe
R:\Software\TorchSetup.exe
R:\Software\YTD483Setup.exe
R:\Software\DVD Software\VideoConverterSDM.exe
R:\Software\MP3\cbsidlm-tr1_9-Free_MP3WMAOGG_Converter-ORG2-10793572.exe
R:\Software\MP3\FreeVideoToMP3Converter.exe
R:\Software\MP3\FreeYouTubeToMP3Converter.exe
R:\Software\MP3\FreeYouTubeToMP3Converter37.exe
R:\Software\MP3\MP3Tag\ImageEditorSetup.exe
R:\Software\Outlook\COMPUTER_BILD-Download-Manager_fuer_DuplicateDeleteOutlook_D.exe
R:\Software\pdf\PDFCreator-1_2_3_setup.exe
R:\Software\pdf\PDFCreator-1_6_2_setup.exe
R:\Software\pdf\PDFCreator-1_7_0_setup.exe
R:\Software\pdf\PDFCreator-1_7_1_setup.exe
R:\Software\pdf\PDFCreator-1_7_2_setup_offline.exe
R:\Software\pdf\PDFCreator-1_9_3-setup.exe
R:\Software\VLC Media PLayer\vlc-2.1.5-win64.exe
V:\Backup Wohnzimmer\C - Boot\WINDOWS\Installer\bbf59.msi
V:\Ex Neuinstallation\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe
V:\Ex Neuinstallation\Program Files (x86)\Conduit\Community Alerts\Alert.dll
V:\Ex Neuinstallation\Program Files (x86)\Conduit\CT3312806\plugins\TBVerifier.dll
V:\Ex Neuinstallation\Program Files (x86)\Conduit\CT3317892\plugins\TBVerifier.dll
V:\Ex Neuinstallation\Program Files (x86)\RadioTotal1\hk64tbRadi.dll
V:\Ex Neuinstallation\Program Files (x86)\RadioTotal1\hktbRadi.dll
V:\Ex Neuinstallation\Program Files (x86)\RadioTotal1\ldrtbRadi.dll
V:\Ex Neuinstallation\Program Files (x86)\RadioTotal1\prxtbRadi.dll
V:\Ex Neuinstallation\Program Files (x86)\RadioTotal1\RadioTotal1ToolbarHelper.exe
V:\Ex Neuinstallation\Program Files (x86)\RadioTotal1\tbRadi.dll
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Hast du schon mal den Support von WISO kontaktiert? Ich meine ich hätte das auch mal gehabt (bin dort auch Kunde) und da gab es von denen einen Hotfix.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.02.2015, 10:41
| #15 |
| | Windows7 64bit: "csc.exe - ungültiges Bild" blockiert UpdateCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2015 01
Ran by Roland at 2015-02-19 10:30:49 Run:1
Running from R:\Downloads
Loaded Profiles: Roland (Available profiles: Roland)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\AdwCleaner\Quarantine\C\Users\Roland\AppData\Local\Temp\OCS\ocs_v71a.exe.vir
C:\Users\Roland\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1JVXHSEF\BiTool[1].dll
C:\Users\Roland\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\43APCXG8\setup[1].exe
C:\Users\Roland\AppData\Local\Temp\bitool.dll
C:\Users\Roland\AppData\Local\Temp\nsp77E0.tmp
R:\Downloads\download_audiograbber.exe
R:\Downloads\download_videograbber.exe
R:\Downloads\Easy-Video-Splitter-lnstall.exe
R:\Downloads\Unlocker1.9.2.exe
R:\Software\asus-update.exe
R:\Software\flashplayer.exe
R:\Software\FreeVideoDub17.exe
R:\Software\FreeVideoToiPhoneConverter.exe
R:\Software\FreeYouTubeToMp3Converter.exe
R:\Software\FreeYouTubeToMP3Converter_3.11.25.exe
R:\Software\jZipSetup-r182-n-bc.exe
R:\Software\PDFCreator-1_7_3_setup.exe
R:\Software\PDFWriterSetup.exe
R:\Software\ProductKeyFinder23.exe
R:\Software\SereneScreen Marine Aquarium - CHIP-Downloader.exe
R:\Software\Setup_FreeFlvConverter.exe
R:\Software\SoftonicDownloader27335.exe
R:\Software\SoftonicDownloader68622.exe
R:\Software\SoftonicDownloader79404.exe
R:\Software\SoftonicDownloader_fuer_einestoppuhr.exe
R:\Software\Thunderbird - CHIP-Downloader.exe
R:\Software\TorchSetup.exe
R:\Software\YTD483Setup.exe
R:\Software\DVD Software\VideoConverterSDM.exe
R:\Software\MP3\cbsidlm-tr1_9-Free_MP3WMAOGG_Converter-ORG2-10793572.exe
R:\Software\MP3\FreeVideoToMP3Converter.exe
R:\Software\MP3\FreeYouTubeToMP3Converter.exe
R:\Software\MP3\FreeYouTubeToMP3Converter37.exe
R:\Software\MP3\MP3Tag\ImageEditorSetup.exe
R:\Software\Outlook\COMPUTER_BILD-Download-Manager_fuer_DuplicateDeleteOutlook_D.exe
R:\Software\pdf\PDFCreator-1_2_3_setup.exe
R:\Software\pdf\PDFCreator-1_6_2_setup.exe
R:\Software\pdf\PDFCreator-1_7_0_setup.exe
R:\Software\pdf\PDFCreator-1_7_1_setup.exe
R:\Software\pdf\PDFCreator-1_7_2_setup_offline.exe
R:\Software\pdf\PDFCreator-1_9_3-setup.exe
R:\Software\VLC Media PLayer\vlc-2.1.5-win64.exe
V:\Backup Wohnzimmer\C - Boot\WINDOWS\Installer\bbf59.msi
V:\Ex Neuinstallation\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe
V:\Ex Neuinstallation\Program Files (x86)\Conduit\Community Alerts\Alert.dll
V:\Ex Neuinstallation\Program Files (x86)\Conduit\CT3312806\plugins\TBVerifier.dll
V:\Ex Neuinstallation\Program Files (x86)\Conduit\CT3317892\plugins\TBVerifier.dll
V:\Ex Neuinstallation\Program Files (x86)\RadioTotal1\hk64tbRadi.dll
V:\Ex Neuinstallation\Program Files (x86)\RadioTotal1\hktbRadi.dll
V:\Ex Neuinstallation\Program Files (x86)\RadioTotal1\ldrtbRadi.dll
V:\Ex Neuinstallation\Program Files (x86)\RadioTotal1\prxtbRadi.dll
V:\Ex Neuinstallation\Program Files (x86)\RadioTotal1\RadioTotal1ToolbarHelper.exe
V:\Ex Neuinstallation\Program Files (x86)\RadioTotal1\tbRadi.dll
Emptytemp:
*****************
C:\AdwCleaner\Quarantine\C\Users\Roland\AppData\Local\Temp\OCS\ocs_v71a.exe.vir => Moved successfully.
C:\Users\Roland\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1JVXHSEF\BiTool[1].dll => Moved successfully.
C:\Users\Roland\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\43APCXG8\setup[1].exe => Moved successfully.
C:\Users\Roland\AppData\Local\Temp\bitool.dll => Moved successfully.
C:\Users\Roland\AppData\Local\Temp\nsp77E0.tmp => Moved successfully.
R:\Downloads\download_audiograbber.exe => Moved successfully.
R:\Downloads\download_videograbber.exe => Moved successfully.
R:\Downloads\Easy-Video-Splitter-lnstall.exe => Moved successfully.
R:\Downloads\Unlocker1.9.2.exe => Moved successfully.
R:\Software\asus-update.exe => Moved successfully.
R:\Software\flashplayer.exe => Moved successfully.
R:\Software\FreeVideoDub17.exe => Moved successfully.
R:\Software\FreeVideoToiPhoneConverter.exe => Moved successfully.
R:\Software\FreeYouTubeToMp3Converter.exe => Moved successfully.
R:\Software\FreeYouTubeToMP3Converter_3.11.25.exe => Moved successfully.
R:\Software\jZipSetup-r182-n-bc.exe => Moved successfully.
R:\Software\PDFCreator-1_7_3_setup.exe => Moved successfully.
R:\Software\PDFWriterSetup.exe => Moved successfully.
R:\Software\ProductKeyFinder23.exe => Moved successfully.
R:\Software\SereneScreen Marine Aquarium - CHIP-Downloader.exe => Moved successfully.
R:\Software\Setup_FreeFlvConverter.exe => Moved successfully.
R:\Software\SoftonicDownloader27335.exe => Moved successfully.
R:\Software\SoftonicDownloader68622.exe => Moved successfully.
R:\Software\SoftonicDownloader79404.exe => Moved successfully.
R:\Software\SoftonicDownloader_fuer_einestoppuhr.exe => Moved successfully.
R:\Software\Thunderbird - CHIP-Downloader.exe => Moved successfully.
R:\Software\TorchSetup.exe => Moved successfully.
R:\Software\YTD483Setup.exe => Moved successfully.
R:\Software\DVD Software\VideoConverterSDM.exe => Moved successfully.
R:\Software\MP3\cbsidlm-tr1_9-Free_MP3WMAOGG_Converter-ORG2-10793572.exe => Moved successfully.
R:\Software\MP3\FreeVideoToMP3Converter.exe => Moved successfully.
R:\Software\MP3\FreeYouTubeToMP3Converter.exe => Moved successfully.
R:\Software\MP3\FreeYouTubeToMP3Converter37.exe => Moved successfully.
R:\Software\MP3\MP3Tag\ImageEditorSetup.exe => Moved successfully.
R:\Software\Outlook\COMPUTER_BILD-Download-Manager_fuer_DuplicateDeleteOutlook_D.exe => Moved successfully.
R:\Software\pdf\PDFCreator-1_2_3_setup.exe => Moved successfully.
R:\Software\pdf\PDFCreator-1_6_2_setup.exe => Moved successfully.
R:\Software\pdf\PDFCreator-1_7_0_setup.exe => Moved successfully.
R:\Software\pdf\PDFCreator-1_7_1_setup.exe => Moved successfully.
R:\Software\pdf\PDFCreator-1_7_2_setup_offline.exe => Moved successfully.
R:\Software\pdf\PDFCreator-1_9_3-setup.exe => Moved successfully.
R:\Software\VLC Media PLayer\vlc-2.1.5-win64.exe => Moved successfully.
V:\Backup Wohnzimmer\C - Boot\WINDOWS\Installer\bbf59.msi => Moved successfully.
V:\Ex Neuinstallation\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe => Moved successfully.
V:\Ex Neuinstallation\Program Files (x86)\Conduit\Community Alerts\Alert.dll => Moved successfully.
V:\Ex Neuinstallation\Program Files (x86)\Conduit\CT3312806\plugins\TBVerifier.dll => Moved successfully.
V:\Ex Neuinstallation\Program Files (x86)\Conduit\CT3317892\plugins\TBVerifier.dll => Moved successfully.
V:\Ex Neuinstallation\Program Files (x86)\RadioTotal1\hk64tbRadi.dll => Moved successfully.
V:\Ex Neuinstallation\Program Files (x86)\RadioTotal1\hktbRadi.dll => Moved successfully.
V:\Ex Neuinstallation\Program Files (x86)\RadioTotal1\ldrtbRadi.dll => Moved successfully.
V:\Ex Neuinstallation\Program Files (x86)\RadioTotal1\prxtbRadi.dll => Moved successfully.
V:\Ex Neuinstallation\Program Files (x86)\RadioTotal1\RadioTotal1ToolbarHelper.exe => Moved successfully.
V:\Ex Neuinstallation\Program Files (x86)\RadioTotal1\tbRadi.dll => Moved successfully.
EmptyTemp: => Removed 465.7 MB temporary data.
The system needed a reboot.
==== End of Fixlog 10:31:06 ====
|
|
| Themen zu Windows7 64bit: "csc.exe - ungültiges Bild" blockiert Update |
| 64bit, anleitung, ausführung, bild, blockiert, enthält, fehlermeldung, forum, googeln, heute, hilfesuche, installiert, kaspersky, komplette, laufen, neu, nichts, nochmals, probleme, rechner, scan, ungewöhnliches, update, windows, zusammen |
Linear-Darstellung
