win8: IE10 langsam / bleibt hängen; windows explorer langsam; system z.t. langsam

derfischmac · 16.03.2015, 14:23

Liebes Team,
PC wird zunehmend langsamer und instabiler. IE 10 bleibt z.t. hängen, Windowsexplorer dito.
Tech Data:
Win 8 Enterprise 64bit
AMD FX 6100 6 Core (x64)
RAM 8 GB
Kaspersky Internet Sec 15.0.1.415(c) --> ohne Befund
Logs:
defogger_disable

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:03 on 16/03/2015 (Markus)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Markus (administrator) on MARKUS-CSL on 16-03-2015 13:04:25
Running from C:\Users\Markus\Desktop
Loaded Profiles: Markus (Available profiles: Markus)
Platform: Windows 8 Enterprise (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Microsoft) C:\Program Files (x86)\Microsoft Office Labs\Speed Launch\SpeedLaunch.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(WinZip Computing, Inc.) C:\Program Files (x86)\WinZip\WZQKPICK.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE15\CSISYNCCLIENT.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)
HKU\S-1-5-21-1453455567-1448806520-3706449659-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-1453455567-1448806520-3706449659-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1453455567-1448806520-3706449659-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
HKU\S-1-5-21-1453455567-1448806520-3706449659-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
HKU\S-1-5-21-1453455567-1448806520-3706449659-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [761064 2014-12-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-1453455567-1448806520-3706449659-1001\...\Run: [Speed Launch] => C:\Program Files (x86)\Microsoft Office Labs\Speed Launch\SpeedLaunch.exe [529920 2008-08-11] (Microsoft)
HKU\S-1-5-21-1453455567-1448806520-3706449659-1001\...\Run: [GoogleChromeAutoLaunch_B7BAB472F6EC664C4B3EB3EEA8AE05F9] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-07] (Google Inc.)
HKU\S-1-5-21-1453455567-1448806520-3706449659-1001\...\Run: [OneDrive] => C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281248 2015-03-12] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll => C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
Startup: C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Markus\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Markus\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Markus\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Markus\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Markus\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Markus\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1453455567-1448806520-3706449659-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-1453455567-1448806520-3706449659-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.payback.de/pb/id/291958/paId/105556/prId/447584
https://portal.kreissparkasse-augsburg.de/portal/portal/StartenIPSTANDARD
https://kunde.comdirect.de/lp/wt/login?CIF_Check=true
hxxp://www.fc-koenigsbrunn.de/Junioren/CJunioren/C3-Junioren.aspx
hxxp://aesitelink.de/?autologin=53932ef0e0b8df423a0f1f537305ca59
hxxp://www.leo.org/
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=122&itype=n&ver=12349&tm=335&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=122&itype=n&ver=12349&tm=335&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1453455567-1448806520-3706449659-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = 
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-31] (Kaspersky Lab ZAO)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: No Name -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} ->  No File
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-31] (Kaspersky Lab ZAO)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-31] (Kaspersky Lab ZAO)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-31] (Kaspersky Lab ZAO)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-31] (Kaspersky Lab ZAO)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-31] (Kaspersky Lab ZAO)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-1453455567-1448806520-3706449659-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll [2013-12-04] (Skype)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-31] ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2014-12-31] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-31] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-11-15] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll [2013-12-04] (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-11-15] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-01-26]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-31]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-31]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2014-12-31]

Chrome: 
=======
CHR Profile: C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-31]
CHR Extension: (Google Docs) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-31]
CHR Extension: (Google Drive) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-31]
CHR Extension: (YouTube) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-31]
CHR Extension: (Google Search) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-31]
CHR Extension: (Kaspersky Protection) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-01-31]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-01-31]
CHR Extension: (Google Sheets) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-31]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-31]
CHR Extension: (Gmail) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-31]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R2 EkaProt6; C:\Windows\system32\DRIVERS\ekaprot6.sys [27288 2012-03-23] (Ekahau Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [150536 2014-12-31] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [247480 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [800440 2015-03-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [68616 2014-12-31] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [77512 2014-12-31] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-05-19] ()
S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-05-19] ()
S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700296 2014-05-19] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-16 13:04 - 2015-03-16 13:04 - 00028615 _____ () C:\Users\Markus\Desktop\FRST.txt
2015-03-16 13:03 - 2015-03-16 13:03 - 00000474 _____ () C:\Users\Markus\Desktop\defogger_disable.log
2015-03-16 13:03 - 2015-03-16 13:03 - 00000000 _____ () C:\Users\Markus\defogger_reenable
2015-03-16 13:00 - 2015-03-16 13:00 - 00380416 _____ () C:\Users\Markus\Desktop\Gmer-19357.exe
2015-03-16 12:57 - 2015-03-16 12:57 - 00050477 _____ () C:\Users\Markus\Desktop\Defogger.exe
2015-03-16 10:44 - 2015-03-16 10:44 - 00423960 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-16 08:33 - 2015-03-16 13:04 - 00000000 ____D () C:\FRST
2015-03-16 08:32 - 2015-03-16 08:32 - 02095616 _____ (Farbar) C:\Users\Markus\Desktop\FRST64.exe
2015-03-15 17:38 - 2015-03-15 17:38 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-15 17:37 - 2015-03-15 17:37 - 02347384 _____ (ESET) C:\Users\Markus\Desktop\esetsmartinstaller_deu.exe
2015-03-15 14:17 - 2015-03-15 14:17 - 00000000 ___HD () C:\OneDriveTemp
2015-03-12 08:51 - 2015-02-23 11:52 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-12 08:51 - 2015-02-23 11:52 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-12 08:51 - 2015-02-23 11:51 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-12 08:51 - 2015-02-23 11:51 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2015-03-12 08:51 - 2015-02-23 11:51 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-12 08:51 - 2015-02-23 11:51 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-12 08:51 - 2015-02-23 11:51 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 19301888 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 15410688 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 02656256 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-12 08:51 - 2015-02-23 11:49 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-12 08:51 - 2015-02-23 10:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-12 08:51 - 2015-02-23 10:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2015-03-12 08:51 - 2015-02-23 09:51 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-12 08:51 - 2015-02-21 06:31 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-12 08:51 - 2015-02-21 06:31 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-12 08:51 - 2015-02-21 06:31 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-12 08:51 - 2015-02-21 06:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 14380544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 13768704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-12 08:51 - 2015-02-21 06:29 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-12 08:51 - 2015-02-21 06:29 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-12 08:51 - 2015-02-21 06:29 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-12 08:51 - 2015-02-21 06:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-12 08:51 - 2015-02-21 06:07 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2015-03-12 08:51 - 2015-02-21 05:42 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-03-12 08:51 - 2015-02-21 04:00 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2015-03-12 08:51 - 2015-02-20 14:59 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 08:51 - 2015-02-20 12:56 - 00366592 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 08:51 - 2015-02-20 09:10 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-12 08:51 - 2015-02-20 08:24 - 00304128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-12 08:51 - 2015-01-29 09:05 - 01627648 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 08:51 - 2015-01-29 07:19 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-12 08:51 - 2015-01-24 07:42 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-12 08:51 - 2015-01-24 06:00 - 00243712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-12 08:51 - 2015-01-20 07:41 - 01120256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 08:51 - 2015-01-20 06:10 - 00892416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-12 08:50 - 2015-03-06 08:39 - 00588800 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-03-12 08:50 - 2015-03-06 08:39 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-12 08:50 - 2015-03-06 06:48 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-03-12 08:50 - 2015-03-06 06:48 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-12 08:50 - 2015-02-26 05:35 - 04063232 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 08:50 - 2015-02-17 07:54 - 19777536 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-12 08:50 - 2015-02-17 06:13 - 17561600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-12 08:50 - 2015-02-13 00:18 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-03-12 08:50 - 2015-02-03 00:18 - 00569712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-12 08:50 - 2015-01-31 14:48 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-03-12 08:50 - 2015-01-31 06:55 - 00275712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-03-12 08:50 - 2015-01-29 09:45 - 06973248 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-12 08:50 - 2015-01-24 07:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 08:50 - 2015-01-24 06:00 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-12 08:50 - 2015-01-24 05:31 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-02-26 19:08 - 2015-01-09 07:43 - 00951808 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-02-26 19:08 - 2015-01-09 06:03 - 00601088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-02-26 19:08 - 2015-01-09 00:52 - 00478296 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-26 19:08 - 2015-01-09 00:52 - 00478296 _____ () C:\Windows\system32\locale.nls
2015-02-21 16:13 - 2015-02-21 16:13 - 00001758 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-21 16:13 - 2015-02-21 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-21 16:12 - 2015-02-21 16:12 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-21 16:12 - 2015-02-21 16:12 - 00000000 ____D () C:\Program Files\iTunes
2015-02-21 16:12 - 2015-02-21 16:12 - 00000000 ____D () C:\Program Files\iPod
2015-02-17 15:30 - 2015-02-17 15:30 - 01691808 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-16 13:03 - 2014-01-19 15:19 - 00000000 ____D () C:\Users\Markus
2015-03-16 13:01 - 2014-12-31 13:08 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-16 13:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2015-03-16 12:53 - 2014-03-12 08:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-16 12:37 - 2014-03-11 20:03 - 00000000 ____D () C:\Users\Markus\AppData\Local\85423F51-9E93-4B10-9C27-D81091799579.aplzod
2015-03-16 12:37 - 2013-04-09 14:55 - 00000000 ____D () C:\Users\Markus\Documents\Outlook-Dateien
2015-03-16 12:32 - 2015-01-31 12:21 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-16 12:24 - 2014-01-19 15:20 - 01862576 _____ () C:\Windows\WindowsUpdate.log
2015-03-16 11:32 - 2015-01-31 12:21 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-16 11:08 - 2014-01-19 15:29 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1453455567-1448806520-3706449659-1001
2015-03-16 11:00 - 2014-08-15 11:39 - 00001044 _____ () C:\Windows\Tasks\Paragon Archive name diff_150814103756306.job
2015-03-16 10:55 - 2014-04-13 09:12 - 00005132 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MARKUS-CSL-Markus Markus-CSL
2015-03-16 10:48 - 2012-07-26 11:27 - 00751892 _____ () C:\Windows\system32\perfh007.dat
2015-03-16 10:48 - 2012-07-26 11:27 - 00155620 _____ () C:\Windows\system32\perfc007.dat
2015-03-16 10:48 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-16 10:45 - 2014-09-23 19:32 - 00000000 ___RD () C:\Users\Markus\iCloudDrive
2015-03-16 10:45 - 2014-05-02 13:25 - 00000000 ___RD () C:\Users\Markus\OneDrive
2015-03-16 10:44 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-15 17:30 - 2012-07-26 08:21 - 00044132 _____ () C:\Windows\setupact.log
2015-03-14 15:24 - 2014-01-19 19:43 - 00000000 ____D () C:\SW DL
2015-03-14 10:37 - 2015-01-31 12:22 - 00002180 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-12 17:50 - 2013-04-06 10:07 - 00000000 ___RD () C:\Users\Markus\Podcasts
2015-03-12 10:46 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2015-03-12 10:18 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 10:18 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 10:18 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-12 10:18 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-12 10:18 - 2012-07-26 06:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-03-12 10:07 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-03-12 09:49 - 2014-01-19 20:51 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-12 09:49 - 2014-01-19 20:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-12 09:49 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ToastData
2015-03-12 09:49 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2015-03-12 09:49 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-03-12 09:43 - 2014-01-20 16:38 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 09:43 - 2012-07-26 06:26 - 00000202 _____ () C:\Windows\win.ini
2015-03-12 09:40 - 2014-01-20 16:38 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-12 09:21 - 2013-07-06 15:26 - 00000000 ____D () C:\Users\Markus\Documents\Eigene Scans
2015-03-12 08:31 - 2014-05-02 13:25 - 00002251 _____ () C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-03-10 19:21 - 2014-08-20 18:04 - 00800440 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-03-04 22:24 - 2014-10-18 12:17 - 00791496 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-04 22:24 - 2014-10-18 12:17 - 00177608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-23 20:35 - 2014-01-19 15:21 - 00000000 ____D () C:\Users\Markus\AppData\Local\VirtualStore
2015-02-22 17:09 - 2013-03-19 19:22 - 00000000 ____D () C:\Users\Markus\AppData\Local\Packages
2015-02-21 16:15 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-21 16:12 - 2014-01-28 16:54 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-21 16:12 - 2014-01-28 16:53 - 00000000 ____D () C:\Program Files\Common Files\Apple

==================== Files in the root of some directories =======

2014-01-27 13:17 - 2014-01-27 15:37 - 0000822 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Markus\AppData\Local\Temp\FoxySecuritySetup.exe
C:\Users\Markus\AppData\Local\Temp\ose00000.exe
C:\Users\Markus\AppData\Local\Temp\vlc-2.1.5-win64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-16 06:24

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Markus at 2015-03-16 13:05:18
Running from C:\Users\Markus\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

5600 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
5600_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
5600Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
AllDup 3.4.18 (HKLM-x32\...\AllDup_is1) (Version: 3.4.18 - Michael Thummerer Software Design)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Citrix Online Plug-in - Web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.3.0.8 - Citrix Systems, Inc.)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Ekahau HeatMapper (HKLM\...\Heatmapper-1.1.4.39795) (Version: 1.1.4.39795 - Ekahau Inc.)
eMule (HKLM-x32\...\eMule) (Version:  - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
FreeFileSync (HKLM\...\{C99B8C4B-F742-4691-BEA2-BFB0700822AB}) (Version: 5.11.0.0 - sourceforge.net)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software (HKLM\...\{6F5B70F0-EA6C-4A5B-BB16-8390BD66B251}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
InfraRecorder (HKLM-x32\...\InfraRecorder) (Version:  - Christian Kindahl)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
Last.fm Scrobbler 2.1.36 (HKLM-x32\...\LastFM_is1) (Version:  - Last.fm)
MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1453455567-1448806520-3706449659-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Nero CoverDesigner (HKLM-x32\...\{79BB6415-00A7-413A-B278-A7EAE69F1753}) (Version: 12.0.02700 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Prerequisite installer (x32 Version: 12.0.0005 - Nero AG) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype Web Plugin (HKLM-x32\...\{B51DD93B-3CB5-4D9D-BFF2-FD19DBBBFD9A}) (Version: 2.9.13008.18866 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Speed Launch from Microsoft Office Labs (HKLM-x32\...\{09710638-E0CD-4D60-92D3-CCC0080FB898}) (Version: 1.0.811.0 - Microsoft Office Labs)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Teekesselchen version 1.8 (HKLM-x32\...\{E20A5744-5ECD-49C5-8102-10CB0027DFCB}_is1) (Version: 1.8 - Michael Bungenstock)
ThumbsPlus 7x (deutsch) (HKLM-x32\...\ThumbsPlus7x) (Version:  - Atlantic Software Exchange, Inc.)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WinZip (HKLM-x32\...\WinZip) (Version:  9.0 SR-1 (6224) - WinZip Computing, Inc.)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1453455567-1448806520-3706449659-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Markus\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1453455567-1448806520-3706449659-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Markus\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1453455567-1448806520-3706449659-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Markus\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1453455567-1448806520-3706449659-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Markus\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1453455567-1448806520-3706449659-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Markus\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1453455567-1448806520-3706449659-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Markus\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1453455567-1448806520-3706449659-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Markus\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

26-02-2015 19:07:57 Windows Update
09-03-2015 19:57:22 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06DAB92B-210E-493C-9250-CD17518BA9EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-31] (Google Inc.)
Task: {0BB5A9FC-B16D-4F8A-AD36-D409D2981E8E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {0EC00788-1207-4537-BBAC-52D91F9A7763} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {4E67F06E-0908-47E2-9F4C-4BD27CF411E6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {6F78FB86-4488-441C-AF0B-69A96E025E68} - System32\Tasks\Paragon Archive name diff_150814103756306 => C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\scripts.exe
Task: {7752514C-9B5A-443C-A46A-103636003017} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2014-07-21] (Nero AG)
Task: {9072B737-4314-48E8-839E-A2C722998910} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {A26C34C1-CFE7-41A4-8F5D-3F5A3CE20A6D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AFCB0681-3568-43EE-8D75-C421E9A3F48D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-12] (Microsoft Corporation)
Task: {C173BA10-0BD3-4293-84BE-89AABA9F94D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-31] (Google Inc.)
Task: {CED7960E-26DC-498C-9BA5-91F4A391A938} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MARKUS-CSL-Markus Markus-CSL => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {D51578A9-FF82-43F1-AC97-931B8D9FBD95} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {FCD05497-2C80-41C9-BEF9-91B1CE585F36} - System32\Tasks\{844D6781-AE77-4080-9D97-3ECF96C436ED} => pcalua.exe -a D:\TP_install.exe -d D:\
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Paragon Archive name diff_150814103756306.job => C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\scripts.exeŒ--rebootonconfirm -Wno --graph --multiple C:/Program Files/Paragon Software/Backup and Recovery 2014 Free/scripts/scr_150814103928924.psl

==================== Loaded Modules (whitelisted) ==============

2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-01 08:42 - 2013-06-01 08:43 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-12-21 07:05 - 2013-12-21 07:05 - 00131072 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Locale\de_de\PDFMaker\PDFMOutlookAddin.DEU
2014-09-12 10:43 - 2014-09-12 10:43 - 04891040 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\X64\AdobePDFMakerX.dll
2013-12-21 07:05 - 2013-12-21 07:05 - 01446912 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Locale\de_DE\PDFMaker\AdobePDFMakerX.DEU
2014-09-25 12:33 - 2014-09-25 12:33 - 02210480 _____ () C:\Program Files\Microsoft Office\Office15\tmpod.dll
2014-01-23 16:05 - 2014-01-23 16:05 - 01424552 _____ () C:\Program Files\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2014-08-30 17:12 - 2014-08-30 17:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kpcengine.2.3.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 00010240 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu
2015-03-14 10:37 - 2015-03-07 07:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
2015-03-14 10:37 - 2015-03-07 07:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libegl.dll
2015-03-14 10:37 - 2015-03-07 07:13 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll
2013-12-21 07:05 - 2013-12-21 07:05 - 00031744 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Locale\de_de\AcroIEFavClient.DEU

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1453455567-1448806520-3706449659-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Markus\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\vghs03.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1453455567-1448806520-3706449659-500 - Administrator - Disabled)
Gast (S-1-5-21-1453455567-1448806520-3706449659-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1453455567-1448806520-3706449659-1004 - Limited - Enabled)
Markus (S-1-5-21-1453455567-1448806520-3706449659-1001 - Administrator - Enabled) => C:\Users\Markus

==================== Faulty Device Manager Devices =============

Name: Officejet 6500 E710a-f
Description: Officejet 6500 E710a-f
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/16/2015 10:45:23 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/16/2015 10:45:00 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (03/16/2015 06:25:46 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (03/15/2015 05:38:28 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (03/15/2015 05:38:23 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (03/15/2015 05:38:20 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (03/15/2015 05:38:20 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (03/15/2015 05:37:10 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (03/15/2015 02:17:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/14/2015 10:33:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (03/16/2015 00:40:49 PM) (Source: DCOM) (EventID: 10016) (User: MARKUS-CSL)
Description: AnwendungsspezifischLokalAktivierung{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}Markus-CSLMarkusS-1-5-21-1453455567-1448806520-3706449659-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (03/16/2015 00:40:49 PM) (Source: DCOM) (EventID: 10016) (User: MARKUS-CSL)
Description: AnwendungsspezifischLokalAktivierung{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}Markus-CSLMarkusS-1-5-21-1453455567-1448806520-3706449659-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (03/16/2015 10:44:13 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎16.‎03.‎2015 um 08:11:00 unerwartet heruntergefahren.

Error: (03/12/2015 09:49:22 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Kumulatives Sicherheitsupdate für Internet Explorer 10 für Windows 8 für x64-Systeme (KB3032359)

Error: (03/12/2015 09:48:47 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Sicherheitsupdate für Windows 8 für x64-basierte Systeme (KB3030377)

Error: (03/12/2015 09:48:47 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Sicherheitsupdate für Windows 8 für x64-basierte Systeme (KB3046049)

Error: (03/12/2015 09:48:46 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Sicherheitsupdate für Windows 8 für x64-basierte Systeme (KB3034344)

Error: (03/12/2015 09:47:17 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Sicherheitsupdate für Windows 8 für x64-basierte Systeme (KB3032323)

Error: (03/12/2015 09:46:58 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Update für Windows 8 für x64-Systeme (KB3025417)

Error: (03/12/2015 09:46:15 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Sicherheitsupdate für Windows 8 für x64-basierte Systeme (KB3035132)


Microsoft Office Sessions:
=========================
Error: (03/16/2015 10:45:23 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL

Error: (03/16/2015 10:45:00 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Markus\Desktop\esetsmartinstaller_deu.exe

Error: (03/16/2015 06:25:46 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (03/15/2015 05:38:28 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Markus\Desktop\esetsmartinstaller_deu.exe

Error: (03/15/2015 05:38:23 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Markus\Desktop\esetsmartinstaller_deu.exe

Error: (03/15/2015 05:38:20 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Markus\Desktop\esetsmartinstaller_deu.exe

Error: (03/15/2015 05:38:20 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Markus\Desktop\esetsmartinstaller_deu.exe

Error: (03/15/2015 05:37:10 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Markus\Desktop\esetsmartinstaller_deu.exe

Error: (03/15/2015 02:17:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL

Error: (03/14/2015 10:33:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL


==================== Memory info =========================== 

Processor: AMD FX(tm)-6100 Six-Core Processor 
Percentage of memory in use: 27%
Total physical RAM: 7934.18 MB
Available physical RAM: 5766.79 MB
Total Pagefile: 9150.18 MB
Available Pagefile: 6738.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (C_std) (Fixed) (Total:931.17 GB) (Free:507.06 GB) NTFS
Drive j: (500GB) (Fixed) (Total:465.65 GB) (Free:389.59 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F68B69A7)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 08CA8B99)
Partition 1: (Active) - (Size=465.8 GB) - (Type=0C)

==================== End Of Log ============================

GMER 1 der Rest kommt extra

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-16 13:18:42
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000033 TOSHIBA_DT01ACA100 rev.MS2OA750 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Markus\AppData\Local\Temp\kxloyuoc.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1640] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742                           000007fc917d1b32 4 bytes [7D, 91, FC, 07]
.text   C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1640] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750                           000007fc917d1b3a 4 bytes [7D, 91, FC, 07]
.text   C:\Windows\System32\svchost.exe[1828] c:\windows\system32\WSOCK32.dll!recvfrom + 742                                                                                  000007fc917d1b32 4 bytes [7D, 91, FC, 07]
.text   C:\Windows\System32\svchost.exe[1828] c:\windows\system32\WSOCK32.dll!recvfrom + 750                                                                                  000007fc917d1b3a 4 bytes [7D, 91, FC, 07]
.text   C:\Windows\System32\svchost.exe[1896] c:\windows\system32\WSOCK32.dll!recvfrom + 742                                                                                  000007fc917d1b32 4 bytes [7D, 91, FC, 07]
.text   C:\Windows\System32\svchost.exe[1896] c:\windows\system32\WSOCK32.dll!recvfrom + 750                                                                                  000007fc917d1b3a 4 bytes [7D, 91, FC, 07]
.text   C:\Program Files\iTunes\iTunesHelper.exe[5108] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742                                                                         000007fc917d1b32 4 bytes [7D, 91, FC, 07]
.text   C:\Program Files\iTunes\iTunesHelper.exe[5108] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750                                                                         000007fc917d1b3a 4 bytes [7D, 91, FC, 07]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61                       000007fc9a64104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77                        000007fc9a6410dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 93                        000007fc9a6410ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 36                                 000007fc9a641164 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 52                                 000007fc9a641174 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!strcat + 152                                       000007fc9a641308 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!strcpy + 183                                       000007fc9a6413d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!strlen + 168                                       000007fc9a641558 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!strncat + 405                                      000007fc9a641705 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!strncmp + 189                                      000007fc9a6417dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 354                                      000007fc9a641952 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 370                                      000007fc9a641962 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 107                            000007fc9a641e3b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 126                  000007fc9a64205e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 142                  000007fc9a64206e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403                 000007fc9a642574 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 77                                      000007fc9a6425dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 93                                      000007fc9a6425ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!_setjmp + 168                                      000007fc9a6426b8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 244                                      000007fc9a642864 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 260                                      000007fc9a642874 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                             000007fc9a642c70 5 bytes [FF, 25, CD, 5F, 00]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 6                         000007fc9a642c76 2 bytes [90, 90]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                           000007fc9a642df0 5 bytes [FF, 25, 6F, 61, 00]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread + 6                       000007fc9a642df6 2 bytes [90, 90]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                 000007fc9a642e20 5 bytes [FF, 25, 5E, 5A, 00]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 6                             000007fc9a642e26 2 bytes [90, 90]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                               000007fc9a642f40 5 bytes [FF, 25, 6D, 5C, 00]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6                           000007fc9a642f46 2 bytes [90, 90]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                   000007fc9a642ff0 5 bytes [FF, 25, F0, 5A, 00]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 6                               000007fc9a642ff6 2 bytes [90, 90]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                   000007fc9a6436b1 5 bytes [FF, 25, EF, 5B, 00]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6                               000007fc9a6436b7 2 bytes [90, 90]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                 000007fc9a643991 5 bytes [FF, 25, 75, 56, 00]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread + 6                             000007fc9a643997 2 bytes [90, 90]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                 000007fc9a644211 8 bytes {JMP QWORD [RIP+0x4dcd]}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtWaitLowEventPair + 19                            000007fc9a644694 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 73                000007fc9a644c08 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 89                000007fc9a644c18 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 3
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlRestoreLastWin32Error + 34                      000007fc9a645272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 261     000007fc9a645385 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextUnsafeFast + 167       000007fc9a645437 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockExclusive + 19                    000007fc9a645453 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 350                              000007fc9a64571e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 908                              000007fc9a64594c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedFlushSList + 116                     000007fc9a6459c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlAcquireSRWLockShared + 54                       000007fc9a645a76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockShared + 34                       000007fc9a645aa2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryPerformanceCounter + 68                    000007fc9a645af4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCriticalSectionRecursionCount + 35           000007fc9a645b23 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeConditionVariable + 72                000007fc9a645ca8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 222                                     000007fc9a646c8e 8 bytes {JMP 0xffffffffffffffd9}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 315                                     000007fc9a646ceb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlNtStatusToDosError + 213                        000007fc9a646dd5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteCriticalSection + 116                     000007fc9a646e94 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlTryEnterCriticalSection + 462                   000007fc9a64706e 8 bytes {JMP 0xffffffffffffffd8}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlRbInsertNodeEx + 195                            000007fc9a648bb3 8 bytes [50, 6C, 75, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 135                              000007fc9a648c43 8 bytes [40, 6C, 75, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 937                              000007fc9a648f65 8 bytes [30, 6C, 75, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 116                        000007fc9a648fe4 8 bytes [20, 6C, 75, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlSetCurrentTransaction + 32                      000007fc9a64900c 8 bytes [10, 6C, 75, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeSListHead + 466                       000007fc9a6492a6 8 bytes [00, 6C, 75, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 616                            00000000775915f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272                 00000000775917d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 140                             00000000775918c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                         00000000775918e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\system32\wow64cpu.dll!CpuSetStackPointer + 23                         0000000077591903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[3984] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23                   000000007759195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61                    000007fc9a64104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77                     000007fc9a6410dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 93                     000007fc9a6410ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 36                              000007fc9a641164 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 52                              000007fc9a641174 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!strcat + 152                                    000007fc9a641308 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!strcpy + 183                                    000007fc9a6413d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!strlen + 168                                    000007fc9a641558 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!strncat + 405                                   000007fc9a641705 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!strncmp + 189                                   000007fc9a6417dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 354                                   000007fc9a641952 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 370                                   000007fc9a641962 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 107                         000007fc9a641e3b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 126               000007fc9a64205e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 142               000007fc9a64206e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403              000007fc9a642574 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 77                                   000007fc9a6425dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 93                                   000007fc9a6425ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!_setjmp + 168                                   000007fc9a6426b8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 244                                   000007fc9a642864 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 260                                   000007fc9a642874 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                          000007fc9a642c70 5 bytes [FF, 25, CD, 5F, 00]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 6                      000007fc9a642c76 2 bytes [90, 90]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                        000007fc9a642df0 5 bytes [FF, 25, 6F, 61, 00]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread + 6                    000007fc9a642df6 2 bytes [90, 90]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                              000007fc9a642e20 5 bytes [FF, 25, 5E, 5A, 00]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 6                          000007fc9a642e26 2 bytes [90, 90]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                            000007fc9a642f40 5 bytes [FF, 25, 6D, 5C, 00]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6                        000007fc9a642f46 2 bytes [90, 90]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                000007fc9a642ff0 5 bytes [FF, 25, F0, 5A, 00]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 6                            000007fc9a642ff6 2 bytes [90, 90]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                000007fc9a6436b1 5 bytes [FF, 25, EF, 5B, 00]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6                            000007fc9a6436b7 2 bytes [90, 90]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                              000007fc9a643991 5 bytes [FF, 25, 75, 56, 00]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread + 6                          000007fc9a643997 2 bytes [90, 90]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                              000007fc9a644211 8 bytes {JMP QWORD [RIP+0x4dcd]}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!NtWaitLowEventPair + 19                         000007fc9a644694 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 73             000007fc9a644c08 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 89             000007fc9a644c18 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 3
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlRestoreLastWin32Error + 34                   000007fc9a645272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 261  000007fc9a645385 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextUnsafeFast + 167    000007fc9a645437 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockExclusive + 19                 000007fc9a645453 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 350                           000007fc9a64571e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 908                           000007fc9a64594c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedFlushSList + 116                  000007fc9a6459c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlAcquireSRWLockShared + 54                    000007fc9a645a76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockShared + 34                    000007fc9a645aa2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryPerformanceCounter + 68                 000007fc9a645af4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCriticalSectionRecursionCount + 35        000007fc9a645b23 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeConditionVariable + 72             000007fc9a645ca8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 222                                  000007fc9a646c8e 8 bytes {JMP 0xffffffffffffffd9}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 315                                  000007fc9a646ceb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlNtStatusToDosError + 213                     000007fc9a646dd5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteCriticalSection + 116                  000007fc9a646e94 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlTryEnterCriticalSection + 462                000007fc9a64706e 8 bytes {JMP 0xffffffffffffffd8}

bin für jede Hilfe dankbar

schrauber · 16.03.2015, 14:41

hi,

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

derfischmac · 16.03.2015, 14:48

Restliche GMER:

Code:

ATTFilter

.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlRbInsertNodeEx + 195                         000007fc9a648bb3 8 bytes [50, 6C, 6A, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 135                           000007fc9a648c43 8 bytes [40, 6C, 6A, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 937                           000007fc9a648f65 8 bytes [30, 6C, 6A, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 116                     000007fc9a648fe4 8 bytes [20, 6C, 6A, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlSetCurrentTransaction + 32                   000007fc9a64900c 8 bytes [10, 6C, 6A, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeSListHead + 466                    000007fc9a6492a6 8 bytes [00, 6C, 6A, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 616                         00000000775915f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272              00000000775917d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 140                          00000000775918c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                      00000000775918e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\system32\wow64cpu.dll!CpuSetStackPointer + 23                      0000000077591903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4012] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23                000000007759195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61                                            000007fc9a64104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77                                             000007fc9a6410dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 93                                             000007fc9a6410ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 36                                                      000007fc9a641164 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 52                                                      000007fc9a641174 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!strcat + 152                                                            000007fc9a641308 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!strcpy + 183                                                            000007fc9a6413d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!strlen + 168                                                            000007fc9a641558 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!strncat + 405                                                           000007fc9a641705 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!strncmp + 189                                                           000007fc9a6417dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 354                                                           000007fc9a641952 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 370                                                           000007fc9a641962 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 107                                                 000007fc9a641e3b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 126                                       000007fc9a64205e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 142                                       000007fc9a64206e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403                                      000007fc9a642574 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 77                                                           000007fc9a6425dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 93                                                           000007fc9a6425ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!_setjmp + 168                                                           000007fc9a6426b8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 244                                                           000007fc9a642864 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 260                                                           000007fc9a642874 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                  000007fc9a642c70 5 bytes [FF, 25, CD, 5F, 00]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 6                                              000007fc9a642c76 2 bytes [90, 90]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                000007fc9a642df0 5 bytes [FF, 25, 6F, 61, 00]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread + 6                                            000007fc9a642df6 2 bytes [90, 90]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                      000007fc9a642e20 5 bytes [FF, 25, 5E, 5A, 00]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 6                                                  000007fc9a642e26 2 bytes [90, 90]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                    000007fc9a642f40 5 bytes [FF, 25, 6D, 5C, 00]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6                                                000007fc9a642f46 2 bytes [90, 90]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                        000007fc9a642ff0 5 bytes [FF, 25, F0, 5A, 00]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 6                                                    000007fc9a642ff6 2 bytes [90, 90]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                        000007fc9a6436b1 5 bytes [FF, 25, EF, 5B, 00]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6                                                    000007fc9a6436b7 2 bytes [90, 90]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                      000007fc9a643991 5 bytes [FF, 25, 75, 56, 00]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread + 6                                                  000007fc9a643997 2 bytes [90, 90]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                      000007fc9a644211 8 bytes {JMP QWORD [RIP+0x4dcd]}
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!NtWaitLowEventPair + 19                                                 000007fc9a644694 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 73                                     000007fc9a644c08 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 89                                     000007fc9a644c18 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 3
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!RtlRestoreLastWin32Error + 34                                           000007fc9a645272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 261                          000007fc9a645385 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextUnsafeFast + 167                            000007fc9a645437 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockExclusive + 19                                         000007fc9a645453 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 350                                                   000007fc9a64571e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 908                                                   000007fc9a64594c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedFlushSList + 116                                          000007fc9a6459c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!RtlAcquireSRWLockShared + 54                                            000007fc9a645a76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockShared + 34                                            000007fc9a645aa2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryPerformanceCounter + 68                                         000007fc9a645af4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCriticalSectionRecursionCount + 35                                000007fc9a645b23 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeConditionVariable + 72                                     000007fc9a645ca8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 222                                                          000007fc9a646c8e 8 bytes {JMP 0xffffffffffffffd9}
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 315                                                          000007fc9a646ceb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!RtlNtStatusToDosError + 213                                             000007fc9a646dd5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteCriticalSection + 116                                          000007fc9a646e94 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!RtlTryEnterCriticalSection + 462                                        000007fc9a64706e 8 bytes {JMP 0xffffffffffffffd8}
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!RtlRbInsertNodeEx + 195                                                 000007fc9a648bb3 8 bytes [50, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 135                                                   000007fc9a648c43 8 bytes [40, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 937                                                   000007fc9a648f65 8 bytes [30, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 116                                             000007fc9a648fe4 8 bytes [20, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!RtlSetCurrentTransaction + 32                                           000007fc9a64900c 8 bytes [10, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeSListHead + 466                                            000007fc9a6492a6 8 bytes [00, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 616                                                 00000000775915f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272                                      00000000775917d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 140                                                  00000000775918c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                              00000000775918e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\system32\wow64cpu.dll!CpuSetStackPointer + 23                                              0000000077591903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe[4204] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23                                        000000007759195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61                          000007fc9a64104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77                           000007fc9a6410dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 93                           000007fc9a6410ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 36                                    000007fc9a641164 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 52                                    000007fc9a641174 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!strcat + 152                                          000007fc9a641308 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!strcpy + 183                                          000007fc9a6413d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!strlen + 168                                          000007fc9a641558 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!strncat + 405                                         000007fc9a641705 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!strncmp + 189                                         000007fc9a6417dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 354                                         000007fc9a641952 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 370                                         000007fc9a641962 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 107                               000007fc9a641e3b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 126                     000007fc9a64205e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 142                     000007fc9a64206e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403                    000007fc9a642574 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 77                                         000007fc9a6425dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 93                                         000007fc9a6425ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!_setjmp + 168                                         000007fc9a6426b8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 244                                         000007fc9a642864 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 260                                         000007fc9a642874 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                000007fc9a642c70 5 bytes [FF, 25, CD, 5F, 00]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 6                            000007fc9a642c76 2 bytes [90, 90]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                              000007fc9a642df0 5 bytes [FF, 25, 6F, 61, 00]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread + 6                          000007fc9a642df6 2 bytes [90, 90]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                    000007fc9a642e20 5 bytes [FF, 25, 5E, 5A, 00]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 6                                000007fc9a642e26 2 bytes [90, 90]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                  000007fc9a642f40 5 bytes [FF, 25, 6D, 5C, 00]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6                              000007fc9a642f46 2 bytes [90, 90]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                      000007fc9a642ff0 5 bytes [FF, 25, F0, 5A, 00]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 6                                  000007fc9a642ff6 2 bytes [90, 90]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                      000007fc9a6436b1 5 bytes [FF, 25, EF, 5B, 00]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6                                  000007fc9a6436b7 2 bytes [90, 90]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                    000007fc9a643991 5 bytes [FF, 25, 75, 56, 00]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread + 6                                000007fc9a643997 2 bytes [90, 90]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                    000007fc9a644211 8 bytes {JMP QWORD [RIP+0x4dcd]}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtWaitLowEventPair + 19                               000007fc9a644694 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 73                   000007fc9a644c08 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 89                   000007fc9a644c18 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 3
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlRestoreLastWin32Error + 34                         000007fc9a645272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 261        000007fc9a645385 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextUnsafeFast + 167          000007fc9a645437 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockExclusive + 19                       000007fc9a645453 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 350                                 000007fc9a64571e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 908                                 000007fc9a64594c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedFlushSList + 116                        000007fc9a6459c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlAcquireSRWLockShared + 54                          000007fc9a645a76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockShared + 34                          000007fc9a645aa2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryPerformanceCounter + 68                       000007fc9a645af4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCriticalSectionRecursionCount + 35              000007fc9a645b23 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeConditionVariable + 72                   000007fc9a645ca8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 222                                        000007fc9a646c8e 8 bytes {JMP 0xffffffffffffffd9}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 315                                        000007fc9a646ceb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlNtStatusToDosError + 213                           000007fc9a646dd5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteCriticalSection + 116                        000007fc9a646e94 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlTryEnterCriticalSection + 462                      000007fc9a64706e 8 bytes {JMP 0xffffffffffffffd8}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlRbInsertNodeEx + 195                               000007fc9a648bb3 8 bytes [50, 6C, AC, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 135                                 000007fc9a648c43 8 bytes [40, 6C, AC, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 937                                 000007fc9a648f65 8 bytes [30, 6C, AC, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 116                           000007fc9a648fe4 8 bytes [20, 6C, AC, 7E, 00, 00, 00, ...]

Code:

ATTFilter

.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlSetCurrentTransaction + 32                         000007fc9a64900c 8 bytes [10, 6C, AC, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeSListHead + 466                          000007fc9a6492a6 8 bytes [00, 6C, AC, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 616                               00000000775915f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272                    00000000775917d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 140                                00000000775918c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                            00000000775918e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\system32\wow64cpu.dll!CpuSetStackPointer + 23                            0000000077591903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[4428] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23                      000000007759195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61                                          000007fc9a64104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77                                           000007fc9a6410dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 93                                           000007fc9a6410ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 36                                                    000007fc9a641164 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 52                                                    000007fc9a641174 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!strcat + 152                                                          000007fc9a641308 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!strcpy + 183                                                          000007fc9a6413d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!strlen + 168                                                          000007fc9a641558 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!strncat + 405                                                         000007fc9a641705 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!strncmp + 189                                                         000007fc9a6417dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 354                                                         000007fc9a641952 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 370                                                         000007fc9a641962 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 107                                               000007fc9a641e3b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 126                                     000007fc9a64205e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 142                                     000007fc9a64206e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403                                    000007fc9a642574 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 77                                                         000007fc9a6425dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 93                                                         000007fc9a6425ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!_setjmp + 168                                                         000007fc9a6426b8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 244                                                         000007fc9a642864 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 260                                                         000007fc9a642874 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                000007fc9a642c70 5 bytes [FF, 25, CD, 5F, 00]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 6                                            000007fc9a642c76 2 bytes [90, 90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                              000007fc9a642df0 5 bytes [FF, 25, 6F, 61, 00]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread + 6                                          000007fc9a642df6 2 bytes [90, 90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                    000007fc9a642e20 5 bytes [FF, 25, 5E, 5A, 00]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 6                                                000007fc9a642e26 2 bytes [90, 90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                  000007fc9a642f40 5 bytes [FF, 25, 6D, 5C, 00]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6                                              000007fc9a642f46 2 bytes [90, 90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                      000007fc9a642ff0 5 bytes [FF, 25, F0, 5A, 00]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 6                                                  000007fc9a642ff6 2 bytes [90, 90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                      000007fc9a6436b1 5 bytes [FF, 25, EF, 5B, 00]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6                                                  000007fc9a6436b7 2 bytes [90, 90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                    000007fc9a643991 5 bytes [FF, 25, 75, 56, 00]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread + 6                                                000007fc9a643997 2 bytes [90, 90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                    000007fc9a644211 8 bytes {JMP QWORD [RIP+0x4dcd]}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtWaitLowEventPair + 19                                               000007fc9a644694 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 73                                   000007fc9a644c08 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 89                                   000007fc9a644c18 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 3
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!RtlRestoreLastWin32Error + 34                                         000007fc9a645272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 261                        000007fc9a645385 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextUnsafeFast + 167                          000007fc9a645437 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockExclusive + 19                                       000007fc9a645453 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 350                                                 000007fc9a64571e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 908                                                 000007fc9a64594c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedFlushSList + 116                                        000007fc9a6459c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!RtlAcquireSRWLockShared + 54                                          000007fc9a645a76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockShared + 34                                          000007fc9a645aa2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryPerformanceCounter + 68                                       000007fc9a645af4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCriticalSectionRecursionCount + 35                              000007fc9a645b23 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeConditionVariable + 72                                   000007fc9a645ca8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 222                                                        000007fc9a646c8e 8 bytes {JMP 0xffffffffffffffd9}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 315                                                        000007fc9a646ceb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!RtlNtStatusToDosError + 213                                           000007fc9a646dd5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteCriticalSection + 116                                        000007fc9a646e94 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!RtlTryEnterCriticalSection + 462                                      000007fc9a64706e 8 bytes {JMP 0xffffffffffffffd8}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!RtlRbInsertNodeEx + 195                                               000007fc9a648bb3 8 bytes [50, 6C, 91, FF, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 135                                                 000007fc9a648c43 8 bytes [40, 6C, 91, FF, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 937                                                 000007fc9a648f65 8 bytes [30, 6C, 91, FF, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 116                                           000007fc9a648fe4 8 bytes [20, 6C, 91, FF, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!RtlSetCurrentTransaction + 32                                         000007fc9a64900c 8 bytes [10, 6C, 91, FF, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeSListHead + 466                                          000007fc9a6492a6 8 bytes [00, 6C, 91, FF, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 616                                               00000000775915f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272                                    00000000775917d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 140                                                00000000775918c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                            00000000775918e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\system32\wow64cpu.dll!CpuSetStackPointer + 23                                            0000000077591903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1552] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23                                      000000007759195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61                                        000007fc9a64104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77                                         000007fc9a6410dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 93                                         000007fc9a6410ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 36                                                  000007fc9a641164 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 52                                                  000007fc9a641174 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!strcat + 152                                                        000007fc9a641308 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!strcpy + 183                                                        000007fc9a6413d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!strlen + 168                                                        000007fc9a641558 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!strncat + 405                                                       000007fc9a641705 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!strncmp + 189                                                       000007fc9a6417dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 354                                                       000007fc9a641952 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 370                                                       000007fc9a641962 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 107                                             000007fc9a641e3b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 126                                   000007fc9a64205e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 142                                   000007fc9a64206e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403                                  000007fc9a642574 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 77                                                       000007fc9a6425dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 93                                                       000007fc9a6425ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!_setjmp + 168                                                       000007fc9a6426b8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 244                                                       000007fc9a642864 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 260                                                       000007fc9a642874 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                              000007fc9a642c70 5 bytes [FF, 25, CD, 5F, 00]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 6                                          000007fc9a642c76 2 bytes [90, 90]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                            000007fc9a642df0 5 bytes [FF, 25, 6F, 61, 00]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread + 6                                        000007fc9a642df6 2 bytes [90, 90]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                  000007fc9a642e20 5 bytes [FF, 25, 5E, 5A, 00]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 6                                              000007fc9a642e26 2 bytes [90, 90]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                000007fc9a642f40 5 bytes [FF, 25, 6D, 5C, 00]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6                                            000007fc9a642f46 2 bytes [90, 90]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                    000007fc9a642ff0 5 bytes [FF, 25, F0, 5A, 00]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 6                                                000007fc9a642ff6 2 bytes [90, 90]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                    000007fc9a6436b1 5 bytes [FF, 25, EF, 5B, 00]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6                                                000007fc9a6436b7 2 bytes [90, 90]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                  000007fc9a643991 5 bytes [FF, 25, 75, 56, 00]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread + 6                                              000007fc9a643997 2 bytes [90, 90]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                  000007fc9a644211 8 bytes {JMP QWORD [RIP+0x4dcd]}
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtWaitLowEventPair + 19                                             000007fc9a644694 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 73                                 000007fc9a644c08 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 89                                 000007fc9a644c18 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 3
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!RtlRestoreLastWin32Error + 34                                       000007fc9a645272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 261                      000007fc9a645385 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextUnsafeFast + 167                        000007fc9a645437 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockExclusive + 19                                     000007fc9a645453 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 350                                               000007fc9a64571e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 908                                               000007fc9a64594c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedFlushSList + 116                                      000007fc9a6459c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!RtlAcquireSRWLockShared + 54                                        000007fc9a645a76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockShared + 34                                        000007fc9a645aa2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryPerformanceCounter + 68                                     000007fc9a645af4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCriticalSectionRecursionCount + 35                            000007fc9a645b23 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeConditionVariable + 72                                 000007fc9a645ca8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 222                                                      000007fc9a646c8e 8 bytes {JMP 0xffffffffffffffd9}
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 315                                                      000007fc9a646ceb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!RtlNtStatusToDosError + 213                                         000007fc9a646dd5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteCriticalSection + 116                                      000007fc9a646e94 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!RtlTryEnterCriticalSection + 462                                    000007fc9a64706e 8 bytes {JMP 0xffffffffffffffd8}
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!RtlRbInsertNodeEx + 195                                             000007fc9a648bb3 8 bytes [50, 6C, 2B, 7F, 00, 00, 00, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 135                                               000007fc9a648c43 8 bytes [40, 6C, 2B, 7F, 00, 00, 00, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 937                                               000007fc9a648f65 8 bytes [30, 6C, 2B, 7F, 00, 00, 00, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 116                                         000007fc9a648fe4 8 bytes [20, 6C, 2B, 7F, 00, 00, 00, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!RtlSetCurrentTransaction + 32                                       000007fc9a64900c 8 bytes [10, 6C, 2B, 7F, 00, 00, 00, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeSListHead + 466                                        000007fc9a6492a6 8 bytes [00, 6C, 2B, 7F, 00, 00, 00, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 616                                             00000000775915f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272                                  00000000775917d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 140                                              00000000775918c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                          00000000775918e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\system32\wow64cpu.dll!CpuSetStackPointer + 23                                          0000000077591903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe[3176] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23                                    000000007759195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61                                           000007fc9a64104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77                                            000007fc9a6410dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 93                                            000007fc9a6410ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 36                                                     000007fc9a641164 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 52                                                     000007fc9a641174 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!strcat + 152                                                           000007fc9a641308 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!strcpy + 183                                                           000007fc9a6413d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!strlen + 168                                                           000007fc9a641558 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!strncat + 405                                                          000007fc9a641705 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!strncmp + 189                                                          000007fc9a6417dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 354                                                          000007fc9a641952 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 370                                                          000007fc9a641962 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 107                                                000007fc9a641e3b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 126                                      000007fc9a64205e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 142                                      000007fc9a64206e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403                                     000007fc9a642574 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 77                                                          000007fc9a6425dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 93                                                          000007fc9a6425ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!_setjmp + 168                                                          000007fc9a6426b8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 244                                                          000007fc9a642864 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 260                                                          000007fc9a642874 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                 000007fc9a642c70 5 bytes [FF, 25, CD, 5F, 00]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 6                                             000007fc9a642c76 2 bytes [90, 90]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                               000007fc9a642df0 5 bytes [FF, 25, 6F, 61, 00]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread + 6                                           000007fc9a642df6 2 bytes [90, 90]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                     000007fc9a642e20 5 bytes [FF, 25, 5E, 5A, 00]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 6                                                 000007fc9a642e26 2 bytes [90, 90]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                   000007fc9a642f40 5 bytes [FF, 25, 6D, 5C, 00]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6                                               000007fc9a642f46 2 bytes [90, 90]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                       000007fc9a642ff0 5 bytes [FF, 25, F0, 5A, 00]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 6                                                   000007fc9a642ff6 2 bytes [90, 90]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                       000007fc9a6436b1 5 bytes [FF, 25, EF, 5B, 00]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6                                                   000007fc9a6436b7 2 bytes [90, 90]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                     000007fc9a643991 5 bytes [FF, 25, 75, 56, 00]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread + 6                                                 000007fc9a643997 2 bytes [90, 90]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                     000007fc9a644211 8 bytes {JMP QWORD [RIP+0x4dcd]}
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtWaitLowEventPair + 19                                                000007fc9a644694 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 73                                    000007fc9a644c08 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 89                                    000007fc9a644c18 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 3
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!RtlRestoreLastWin32Error + 34                                          000007fc9a645272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 261                         000007fc9a645385 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]

Code:

ATTFilter

.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextUnsafeFast + 167                           000007fc9a645437 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockExclusive + 19                                        000007fc9a645453 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 350                                                  000007fc9a64571e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 908                                                  000007fc9a64594c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedFlushSList + 116                                         000007fc9a6459c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!RtlAcquireSRWLockShared + 54                                           000007fc9a645a76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockShared + 34                                           000007fc9a645aa2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryPerformanceCounter + 68                                        000007fc9a645af4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCriticalSectionRecursionCount + 35                               000007fc9a645b23 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeConditionVariable + 72                                    000007fc9a645ca8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 222                                                         000007fc9a646c8e 8 bytes {JMP 0xffffffffffffffd9}
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 315                                                         000007fc9a646ceb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!RtlNtStatusToDosError + 213                                            000007fc9a646dd5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteCriticalSection + 116                                         000007fc9a646e94 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!RtlTryEnterCriticalSection + 462                                       000007fc9a64706e 8 bytes {JMP 0xffffffffffffffd8}
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!RtlRbInsertNodeEx + 195                                                000007fc9a648bb3 8 bytes [50, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 135                                                  000007fc9a648c43 8 bytes [40, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 937                                                  000007fc9a648f65 8 bytes [30, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 116                                            000007fc9a648fe4 8 bytes [20, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!RtlSetCurrentTransaction + 32                                          000007fc9a64900c 8 bytes [10, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeSListHead + 466                                           000007fc9a6492a6 8 bytes [00, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 616                                                00000000775915f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272                                     00000000775917d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 140                                                 00000000775918c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                             00000000775918e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\system32\wow64cpu.dll!CpuSetStackPointer + 23                                             0000000077591903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4940] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23                                       000000007759195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61                                                           000007fc9a64104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77                                                            000007fc9a6410dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 93                                                            000007fc9a6410ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 36                                                                     000007fc9a641164 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 52                                                                     000007fc9a641174 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!strcat + 152                                                                           000007fc9a641308 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!strcpy + 183                                                                           000007fc9a6413d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!strlen + 168                                                                           000007fc9a641558 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!strncat + 405                                                                          000007fc9a641705 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!strncmp + 189                                                                          000007fc9a6417dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 354                                                                          000007fc9a641952 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 370                                                                          000007fc9a641962 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 107                                                                000007fc9a641e3b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 126                                                      000007fc9a64205e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 142                                                      000007fc9a64206e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403                                                     000007fc9a642574 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 77                                                                          000007fc9a6425dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 93                                                                          000007fc9a6425ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!_setjmp + 168                                                                          000007fc9a6426b8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 244                                                                          000007fc9a642864 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 260                                                                          000007fc9a642874 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                 000007fc9a642c70 5 bytes [FF, 25, CD, 5F, 00]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 6                                                             000007fc9a642c76 2 bytes [90, 90]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                               000007fc9a642df0 5 bytes [FF, 25, 6F, 61, 00]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread + 6                                                           000007fc9a642df6 2 bytes [90, 90]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                     000007fc9a642e20 5 bytes [FF, 25, 5E, 5A, 00]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 6                                                                 000007fc9a642e26 2 bytes [90, 90]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                   000007fc9a642f40 5 bytes [FF, 25, 6D, 5C, 00]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6                                                               000007fc9a642f46 2 bytes [90, 90]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                       000007fc9a642ff0 5 bytes [FF, 25, F0, 5A, 00]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 6                                                                   000007fc9a642ff6 2 bytes [90, 90]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                       000007fc9a6436b1 5 bytes [FF, 25, EF, 5B, 00]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6                                                                   000007fc9a6436b7 2 bytes [90, 90]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                     000007fc9a643991 5 bytes [FF, 25, 75, 56, 00]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread + 6                                                                 000007fc9a643997 2 bytes [90, 90]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                     000007fc9a644211 8 bytes {JMP QWORD [RIP+0x4dcd]}
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!NtWaitLowEventPair + 19                                                                000007fc9a644694 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 73                                                    000007fc9a644c08 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 89                                                    000007fc9a644c18 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 3
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!RtlRestoreLastWin32Error + 34                                                          000007fc9a645272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 261                                         000007fc9a645385 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextUnsafeFast + 167                                           000007fc9a645437 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockExclusive + 19                                                        000007fc9a645453 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 350                                                                  000007fc9a64571e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 908                                                                  000007fc9a64594c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedFlushSList + 116                                                         000007fc9a6459c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!RtlAcquireSRWLockShared + 54                                                           000007fc9a645a76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockShared + 34                                                           000007fc9a645aa2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryPerformanceCounter + 68                                                        000007fc9a645af4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCriticalSectionRecursionCount + 35                                               000007fc9a645b23 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeConditionVariable + 72                                                    000007fc9a645ca8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 222                                                                         000007fc9a646c8e 8 bytes {JMP 0xffffffffffffffd9}
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 315                                                                         000007fc9a646ceb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!RtlNtStatusToDosError + 213                                                            000007fc9a646dd5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteCriticalSection + 116                                                         000007fc9a646e94 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!RtlTryEnterCriticalSection + 462                                                       000007fc9a64706e 8 bytes {JMP 0xffffffffffffffd8}
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!RtlRbInsertNodeEx + 195                                                                000007fc9a648bb3 8 bytes [50, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 135                                                                  000007fc9a648c43 8 bytes [40, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 937                                                                  000007fc9a648f65 8 bytes [30, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 116                                                            000007fc9a648fe4 8 bytes [20, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!RtlSetCurrentTransaction + 32                                                          000007fc9a64900c 8 bytes [10, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeSListHead + 466                                                           000007fc9a6492a6 8 bytes [00, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 616                                                                00000000775915f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272                                                     00000000775917d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 140                                                                 00000000775918c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                             00000000775918e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\system32\wow64cpu.dll!CpuSetStackPointer + 23                                                             0000000077591903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\WinZip\WZQKPICK.EXE[5096] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                       000000007759195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61                    000007fc9a64104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77                     000007fc9a6410dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 93                     000007fc9a6410ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 36                              000007fc9a641164 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 52                              000007fc9a641174 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!strcat + 152                                    000007fc9a641308 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!strcpy + 183                                    000007fc9a6413d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!strlen + 168                                    000007fc9a641558 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!strncat + 405                                   000007fc9a641705 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!strncmp + 189                                   000007fc9a6417dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 354                                   000007fc9a641952 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 370                                   000007fc9a641962 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 107                         000007fc9a641e3b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 126               000007fc9a64205e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 142               000007fc9a64206e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403              000007fc9a642574 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 77                                   000007fc9a6425dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 93                                   000007fc9a6425ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!_setjmp + 168                                   000007fc9a6426b8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 244                                   000007fc9a642864 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 260                                   000007fc9a642874 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                          000007fc9a642c70 5 bytes [FF, 25, CD, 5F, 00]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 6                      000007fc9a642c76 2 bytes [90, 90]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                        000007fc9a642df0 5 bytes [FF, 25, 6F, 61, 00]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread + 6                    000007fc9a642df6 2 bytes [90, 90]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                              000007fc9a642e20 5 bytes [FF, 25, 5E, 5A, 00]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 6                          000007fc9a642e26 2 bytes [90, 90]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                            000007fc9a642f40 5 bytes [FF, 25, 6D, 5C, 00]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6                        000007fc9a642f46 2 bytes [90, 90]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                000007fc9a642ff0 5 bytes [FF, 25, F0, 5A, 00]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 6                            000007fc9a642ff6 2 bytes [90, 90]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                000007fc9a6436b1 5 bytes [FF, 25, EF, 5B, 00]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6                            000007fc9a6436b7 2 bytes [90, 90]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                              000007fc9a643991 5 bytes [FF, 25, 75, 56, 00]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread + 6                          000007fc9a643997 2 bytes [90, 90]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                              000007fc9a644211 8 bytes {JMP QWORD [RIP+0x4dcd]}
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtWaitLowEventPair + 19                         000007fc9a644694 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 73             000007fc9a644c08 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 89             000007fc9a644c18 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 3
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!RtlRestoreLastWin32Error + 34                   000007fc9a645272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 261  000007fc9a645385 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextUnsafeFast + 167    000007fc9a645437 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockExclusive + 19                 000007fc9a645453 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 350                           000007fc9a64571e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 908                           000007fc9a64594c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedFlushSList + 116                  000007fc9a6459c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!RtlAcquireSRWLockShared + 54                    000007fc9a645a76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockShared + 34                    000007fc9a645aa2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryPerformanceCounter + 68                 000007fc9a645af4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCriticalSectionRecursionCount + 35        000007fc9a645b23 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeConditionVariable + 72             000007fc9a645ca8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 222                                  000007fc9a646c8e 8 bytes {JMP 0xffffffffffffffd9}
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 315                                  000007fc9a646ceb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!RtlNtStatusToDosError + 213                     000007fc9a646dd5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteCriticalSection + 116                  000007fc9a646e94 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!RtlTryEnterCriticalSection + 462                000007fc9a64706e 8 bytes {JMP 0xffffffffffffffd8}
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!RtlRbInsertNodeEx + 195                         000007fc9a648bb3 8 bytes [50, 6C, 45, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 135                           000007fc9a648c43 8 bytes [40, 6C, 45, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 937                           000007fc9a648f65 8 bytes [30, 6C, 45, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 116                     000007fc9a648fe4 8 bytes [20, 6C, 45, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!RtlSetCurrentTransaction + 32                   000007fc9a64900c 8 bytes [10, 6C, 45, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeSListHead + 466                    000007fc9a6492a6 8 bytes [00, 6C, 45, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 616                         00000000775915f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272              00000000775917d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 140                          00000000775918c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]

derfischmac · 16.03.2015, 15:04

GMER 3

Code:

ATTFilter

.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                      00000000775918e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\system32\wow64cpu.dll!CpuSetStackPointer + 23                      0000000077591903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[5064] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23                000000007759195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61                                       000007fc9a64104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77                                        000007fc9a6410dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 93                                        000007fc9a6410ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 36                                                 000007fc9a641164 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 52                                                 000007fc9a641174 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!strcat + 152                                                       000007fc9a641308 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!strcpy + 183                                                       000007fc9a6413d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!strlen + 168                                                       000007fc9a641558 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!strncat + 405                                                      000007fc9a641705 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!strncmp + 189                                                      000007fc9a6417dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 354                                                      000007fc9a641952 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 370                                                      000007fc9a641962 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 107                                            000007fc9a641e3b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 126                                  000007fc9a64205e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 142                                  000007fc9a64206e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403                                 000007fc9a642574 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 77                                                      000007fc9a6425dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 93                                                      000007fc9a6425ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!_setjmp + 168                                                      000007fc9a6426b8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 244                                                      000007fc9a642864 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 260                                                      000007fc9a642874 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                             000007fc9a642c70 5 bytes [FF, 25, CD, 5F, 00]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 6                                         000007fc9a642c76 2 bytes [90, 90]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                           000007fc9a642df0 5 bytes [FF, 25, 6F, 61, 00]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread + 6                                       000007fc9a642df6 2 bytes [90, 90]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                 000007fc9a642e20 5 bytes [FF, 25, 5E, 5A, 00]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 6                                             000007fc9a642e26 2 bytes [90, 90]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                               000007fc9a642f40 5 bytes [FF, 25, 6D, 5C, 00]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6                                           000007fc9a642f46 2 bytes [90, 90]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                   000007fc9a642ff0 5 bytes [FF, 25, F0, 5A, 00]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 6                                               000007fc9a642ff6 2 bytes [90, 90]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                   000007fc9a6436b1 5 bytes [FF, 25, EF, 5B, 00]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6                                               000007fc9a6436b7 2 bytes [90, 90]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                 000007fc9a643991 5 bytes [FF, 25, 75, 56, 00]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread + 6                                             000007fc9a643997 2 bytes [90, 90]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                 000007fc9a644211 8 bytes {JMP QWORD [RIP+0x4dcd]}
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtWaitLowEventPair + 19                                            000007fc9a644694 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 73                                000007fc9a644c08 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 89                                000007fc9a644c18 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 3
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!RtlRestoreLastWin32Error + 34                                      000007fc9a645272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 261                     000007fc9a645385 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextUnsafeFast + 167                       000007fc9a645437 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockExclusive + 19                                    000007fc9a645453 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 350                                              000007fc9a64571e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 908                                              000007fc9a64594c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedFlushSList + 116                                     000007fc9a6459c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!RtlAcquireSRWLockShared + 54                                       000007fc9a645a76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockShared + 34                                       000007fc9a645aa2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryPerformanceCounter + 68                                    000007fc9a645af4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCriticalSectionRecursionCount + 35                           000007fc9a645b23 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeConditionVariable + 72                                000007fc9a645ca8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 222                                                     000007fc9a646c8e 8 bytes {JMP 0xffffffffffffffd9}
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 315                                                     000007fc9a646ceb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!RtlNtStatusToDosError + 213                                        000007fc9a646dd5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteCriticalSection + 116                                     000007fc9a646e94 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!RtlTryEnterCriticalSection + 462                                   000007fc9a64706e 8 bytes {JMP 0xffffffffffffffd8}
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!RtlRbInsertNodeEx + 195                                            000007fc9a648bb3 8 bytes [50, 6C, F6, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 135                                              000007fc9a648c43 8 bytes [40, 6C, F6, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 937                                              000007fc9a648f65 8 bytes [30, 6C, F6, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 116                                        000007fc9a648fe4 8 bytes [20, 6C, F6, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!RtlSetCurrentTransaction + 32                                      000007fc9a64900c 8 bytes [10, 6C, F6, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeSListHead + 466                                       000007fc9a6492a6 8 bytes [00, 6C, F6, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 616                                            00000000775915f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272                                 00000000775917d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 140                                             00000000775918c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                         00000000775918e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\system32\wow64cpu.dll!CpuSetStackPointer + 23                                         0000000077591903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe[4744] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23                                   000000007759195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61                                           000007fc9a64104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77                                            000007fc9a6410dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 93                                            000007fc9a6410ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 36                                                     000007fc9a641164 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 52                                                     000007fc9a641174 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!strcat + 152                                                           000007fc9a641308 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!strcpy + 183                                                           000007fc9a6413d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!strlen + 168                                                           000007fc9a641558 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!strncat + 405                                                          000007fc9a641705 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!strncmp + 189                                                          000007fc9a6417dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 354                                                          000007fc9a641952 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 370                                                          000007fc9a641962 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 107                                                000007fc9a641e3b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 126                                      000007fc9a64205e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 142                                      000007fc9a64206e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403                                     000007fc9a642574 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 77                                                          000007fc9a6425dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 93                                                          000007fc9a6425ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!_setjmp + 168                                                          000007fc9a6426b8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 244                                                          000007fc9a642864 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 260                                                          000007fc9a642874 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                 000007fc9a642c70 5 bytes [FF, 25, CD, 5F, 00]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 6                                             000007fc9a642c76 2 bytes [90, 90]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                               000007fc9a642df0 5 bytes [FF, 25, 6F, 61, 00]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread + 6                                           000007fc9a642df6 2 bytes [90, 90]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                     000007fc9a642e20 5 bytes [FF, 25, 5E, 5A, 00]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 6                                                 000007fc9a642e26 2 bytes [90, 90]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                   000007fc9a642f40 5 bytes [FF, 25, 6D, 5C, 00]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6                                               000007fc9a642f46 2 bytes [90, 90]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                       000007fc9a642ff0 5 bytes [FF, 25, F0, 5A, 00]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 6                                                   000007fc9a642ff6 2 bytes [90, 90]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                       000007fc9a6436b1 5 bytes [FF, 25, EF, 5B, 00]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6                                                   000007fc9a6436b7 2 bytes [90, 90]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                     000007fc9a643991 5 bytes [FF, 25, 75, 56, 00]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread + 6                                                 000007fc9a643997 2 bytes [90, 90]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                     000007fc9a644211 8 bytes {JMP QWORD [RIP+0x4dcd]}
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtWaitLowEventPair + 19                                                000007fc9a644694 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 73                                    000007fc9a644c08 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 89                                    000007fc9a644c18 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 3
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlRestoreLastWin32Error + 34                                          000007fc9a645272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 261                         000007fc9a645385 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextUnsafeFast + 167                           000007fc9a645437 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockExclusive + 19                                        000007fc9a645453 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 350                                                  000007fc9a64571e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 908                                                  000007fc9a64594c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedFlushSList + 116                                         000007fc9a6459c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlAcquireSRWLockShared + 54                                           000007fc9a645a76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockShared + 34                                           000007fc9a645aa2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryPerformanceCounter + 68                                        000007fc9a645af4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCriticalSectionRecursionCount + 35                               000007fc9a645b23 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeConditionVariable + 72                                    000007fc9a645ca8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 222                                                         000007fc9a646c8e 8 bytes {JMP 0xffffffffffffffd9}
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 315                                                         000007fc9a646ceb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlNtStatusToDosError + 213                                            000007fc9a646dd5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteCriticalSection + 116                                         000007fc9a646e94 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlTryEnterCriticalSection + 462                                       000007fc9a64706e 8 bytes {JMP 0xffffffffffffffd8}
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlRbInsertNodeEx + 195                                                000007fc9a648bb3 8 bytes [50, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 135                                                  000007fc9a648c43 8 bytes [40, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 937                                                  000007fc9a648f65 8 bytes [30, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 116                                            000007fc9a648fe4 8 bytes [20, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlSetCurrentTransaction + 32                                          000007fc9a64900c 8 bytes [10, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeSListHead + 466                                           000007fc9a6492a6 8 bytes [00, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 616                                                00000000775915f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272                                     00000000775917d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 140                                                 00000000775918c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                             00000000775918e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\system32\wow64cpu.dll!CpuSetStackPointer + 23                                             0000000077591903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4888] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23                                       000000007759195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61                                                000007fc9a64104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77                                                 000007fc9a6410dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 93                                                 000007fc9a6410ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 36                                                          000007fc9a641164 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 52                                                          000007fc9a641174 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!strcat + 152                                                                000007fc9a641308 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!strcpy + 183                                                                000007fc9a6413d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!strlen + 168                                                                000007fc9a641558 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!strncat + 405                                                               000007fc9a641705 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!strncmp + 189                                                               000007fc9a6417dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 354                                                               000007fc9a641952 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 370                                                               000007fc9a641962 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 107                                                     000007fc9a641e3b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 126                                           000007fc9a64205e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 142                                           000007fc9a64206e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403                                          000007fc9a642574 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 77                                                               000007fc9a6425dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 93                                                               000007fc9a6425ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!_setjmp + 168                                                               000007fc9a6426b8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 244                                                               000007fc9a642864 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 260                                                               000007fc9a642874 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                      000007fc9a642c70 5 bytes [FF, 25, CD, 5F, 00]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 6                                                  000007fc9a642c76 2 bytes [90, 90]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                    000007fc9a642df0 5 bytes [FF, 25, 6F, 61, 00]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread + 6                                                000007fc9a642df6 2 bytes [90, 90]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                          000007fc9a642e20 5 bytes [FF, 25, 5E, 5A, 00]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 6                                                      000007fc9a642e26 2 bytes [90, 90]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                        000007fc9a642f40 5 bytes [FF, 25, 6D, 5C, 00]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6                                                    000007fc9a642f46 2 bytes [90, 90]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                            000007fc9a642ff0 5 bytes [FF, 25, F0, 5A, 00]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 6                                                        000007fc9a642ff6 2 bytes [90, 90]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                            000007fc9a6436b1 5 bytes [FF, 25, EF, 5B, 00]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6                                                        000007fc9a6436b7 2 bytes [90, 90]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                          000007fc9a643991 5 bytes [FF, 25, 75, 56, 00]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread + 6                                                      000007fc9a643997 2 bytes [90, 90]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                          000007fc9a644211 8 bytes {JMP QWORD [RIP+0x4dcd]}
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!NtWaitLowEventPair + 19                                                     000007fc9a644694 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 73                                         000007fc9a644c08 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 89                                         000007fc9a644c18 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 3
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlRestoreLastWin32Error + 34                                               000007fc9a645272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 261                              000007fc9a645385 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextUnsafeFast + 167                                000007fc9a645437 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockExclusive + 19                                             000007fc9a645453 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 350                                                       000007fc9a64571e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 908                                                       000007fc9a64594c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedFlushSList + 116                                              000007fc9a6459c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]

Code:

ATTFilter

.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlAcquireSRWLockShared + 54                                                000007fc9a645a76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockShared + 34                                                000007fc9a645aa2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryPerformanceCounter + 68                                             000007fc9a645af4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCriticalSectionRecursionCount + 35                                    000007fc9a645b23 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeConditionVariable + 72                                         000007fc9a645ca8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 222                                                              000007fc9a646c8e 8 bytes {JMP 0xffffffffffffffd9}
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 315                                                              000007fc9a646ceb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlNtStatusToDosError + 213                                                 000007fc9a646dd5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteCriticalSection + 116                                              000007fc9a646e94 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlTryEnterCriticalSection + 462                                            000007fc9a64706e 8 bytes {JMP 0xffffffffffffffd8}
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlRbInsertNodeEx + 195                                                     000007fc9a648bb3 8 bytes [50, 6C, 64, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 135                                                       000007fc9a648c43 8 bytes [40, 6C, 64, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 937                                                       000007fc9a648f65 8 bytes [30, 6C, 64, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 116                                                 000007fc9a648fe4 8 bytes [20, 6C, 64, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlSetCurrentTransaction + 32                                               000007fc9a64900c 8 bytes [10, 6C, 64, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeSListHead + 466                                                000007fc9a6492a6 8 bytes [00, 6C, 64, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 616                                                     00000000775915f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272                                          00000000775917d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 140                                                      00000000775918c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                  00000000775918e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\system32\wow64cpu.dll!CpuSetStackPointer + 23                                                  0000000077591903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[4604] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23                                            000000007759195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61                                                000007fc9a64104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77                                                 000007fc9a6410dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 93                                                 000007fc9a6410ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 36                                                          000007fc9a641164 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 52                                                          000007fc9a641174 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!strcat + 152                                                                000007fc9a641308 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!strcpy + 183                                                                000007fc9a6413d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!strlen + 168                                                                000007fc9a641558 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!strncat + 405                                                               000007fc9a641705 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!strncmp + 189                                                               000007fc9a6417dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 354                                                               000007fc9a641952 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 370                                                               000007fc9a641962 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 107                                                     000007fc9a641e3b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 126                                           000007fc9a64205e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 142                                           000007fc9a64206e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403                                          000007fc9a642574 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 77                                                               000007fc9a6425dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 93                                                               000007fc9a6425ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!_setjmp + 168                                                               000007fc9a6426b8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 244                                                               000007fc9a642864 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 260                                                               000007fc9a642874 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                      000007fc9a642c70 5 bytes [FF, 25, CD, 5F, 00]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 6                                                  000007fc9a642c76 2 bytes [90, 90]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                    000007fc9a642df0 5 bytes [FF, 25, 6F, 61, 00]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread + 6                                                000007fc9a642df6 2 bytes [90, 90]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                          000007fc9a642e20 5 bytes [FF, 25, 5E, 5A, 00]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 6                                                      000007fc9a642e26 2 bytes [90, 90]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                        000007fc9a642f40 5 bytes [FF, 25, 6D, 5C, 00]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6                                                    000007fc9a642f46 2 bytes [90, 90]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                            000007fc9a642ff0 5 bytes [FF, 25, F0, 5A, 00]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 6                                                        000007fc9a642ff6 2 bytes [90, 90]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                            000007fc9a6436b1 5 bytes [FF, 25, EF, 5B, 00]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6                                                        000007fc9a6436b7 2 bytes [90, 90]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                          000007fc9a643991 5 bytes [FF, 25, 75, 56, 00]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread + 6                                                      000007fc9a643997 2 bytes [90, 90]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                          000007fc9a644211 8 bytes {JMP QWORD [RIP+0x4dcd]}
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!NtWaitLowEventPair + 19                                                     000007fc9a644694 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 73                                         000007fc9a644c08 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 89                                         000007fc9a644c18 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 3
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlRestoreLastWin32Error + 34                                               000007fc9a645272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 261                              000007fc9a645385 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextUnsafeFast + 167                                000007fc9a645437 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockExclusive + 19                                             000007fc9a645453 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 350                                                       000007fc9a64571e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 908                                                       000007fc9a64594c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedFlushSList + 116                                              000007fc9a6459c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlAcquireSRWLockShared + 54                                                000007fc9a645a76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockShared + 34                                                000007fc9a645aa2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryPerformanceCounter + 68                                             000007fc9a645af4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCriticalSectionRecursionCount + 35                                    000007fc9a645b23 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeConditionVariable + 72                                         000007fc9a645ca8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 222                                                              000007fc9a646c8e 8 bytes {JMP 0xffffffffffffffd9}
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 315                                                              000007fc9a646ceb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlNtStatusToDosError + 213                                                 000007fc9a646dd5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteCriticalSection + 116                                              000007fc9a646e94 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlTryEnterCriticalSection + 462                                            000007fc9a64706e 8 bytes {JMP 0xffffffffffffffd8}
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlRbInsertNodeEx + 195                                                     000007fc9a648bb3 8 bytes [50, 6C, 05, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 135                                                       000007fc9a648c43 8 bytes [40, 6C, 05, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 937                                                       000007fc9a648f65 8 bytes [30, 6C, 05, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 116                                                 000007fc9a648fe4 8 bytes [20, 6C, 05, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlSetCurrentTransaction + 32                                               000007fc9a64900c 8 bytes [10, 6C, 05, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeSListHead + 466                                                000007fc9a6492a6 8 bytes [00, 6C, 05, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 616                                                     00000000775915f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272                                          00000000775917d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 140                                                      00000000775918c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                  00000000775918e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\system32\wow64cpu.dll!CpuSetStackPointer + 23                                                  0000000077591903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5056] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23                                            000000007759195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61                                          000007fc9a64104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77                                           000007fc9a6410dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 93                                           000007fc9a6410ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 36                                                    000007fc9a641164 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 52                                                    000007fc9a641174 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!strcat + 152                                                          000007fc9a641308 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!strcpy + 183                                                          000007fc9a6413d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!strlen + 168                                                          000007fc9a641558 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!strncat + 405                                                         000007fc9a641705 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!strncmp + 189                                                         000007fc9a6417dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 354                                                         000007fc9a641952 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 370                                                         000007fc9a641962 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 107                                               000007fc9a641e3b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 126                                     000007fc9a64205e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 142                                     000007fc9a64206e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403                                    000007fc9a642574 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 77                                                         000007fc9a6425dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 93                                                         000007fc9a6425ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!_setjmp + 168                                                         000007fc9a6426b8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 244                                                         000007fc9a642864 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]

Code:

ATTFilter

.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 260                                                         000007fc9a642874 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                000007fc9a642c70 5 bytes [FF, 25, CD, 5F, 00]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 6                                            000007fc9a642c76 2 bytes [90, 90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                              000007fc9a642df0 5 bytes [FF, 25, 6F, 61, 00]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread + 6                                          000007fc9a642df6 2 bytes [90, 90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                    000007fc9a642e20 5 bytes [FF, 25, 5E, 5A, 00]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 6                                                000007fc9a642e26 2 bytes [90, 90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                  000007fc9a642f40 5 bytes [FF, 25, 6D, 5C, 00]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6                                              000007fc9a642f46 2 bytes [90, 90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                      000007fc9a642ff0 5 bytes [FF, 25, F0, 5A, 00]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 6                                                  000007fc9a642ff6 2 bytes [90, 90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                      000007fc9a6436b1 5 bytes [FF, 25, EF, 5B, 00]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6                                                  000007fc9a6436b7 2 bytes [90, 90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                    000007fc9a643991 5 bytes [FF, 25, 75, 56, 00]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread + 6                                                000007fc9a643997 2 bytes [90, 90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                    000007fc9a644211 8 bytes {JMP QWORD [RIP+0x4dcd]}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!NtWaitLowEventPair + 19                                               000007fc9a644694 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 73                                   000007fc9a644c08 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 89                                   000007fc9a644c18 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 3
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!RtlRestoreLastWin32Error + 34                                         000007fc9a645272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 261                        000007fc9a645385 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextUnsafeFast + 167                          000007fc9a645437 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockExclusive + 19                                       000007fc9a645453 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 350                                                 000007fc9a64571e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 908                                                 000007fc9a64594c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedFlushSList + 116                                        000007fc9a6459c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!RtlAcquireSRWLockShared + 54                                          000007fc9a645a76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockShared + 34                                          000007fc9a645aa2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryPerformanceCounter + 68                                       000007fc9a645af4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCriticalSectionRecursionCount + 35                              000007fc9a645b23 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeConditionVariable + 72                                   000007fc9a645ca8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 222                                                        000007fc9a646c8e 8 bytes {JMP 0xffffffffffffffd9}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 315                                                        000007fc9a646ceb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!RtlNtStatusToDosError + 213                                           000007fc9a646dd5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteCriticalSection + 116                                        000007fc9a646e94 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!RtlTryEnterCriticalSection + 462                                      000007fc9a64706e 8 bytes {JMP 0xffffffffffffffd8}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!RtlRbInsertNodeEx + 195                                               000007fc9a648bb3 8 bytes [50, 6C, 0A, FF, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 135                                                 000007fc9a648c43 8 bytes [40, 6C, 0A, FF, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 937                                                 000007fc9a648f65 8 bytes [30, 6C, 0A, FF, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 116                                           000007fc9a648fe4 8 bytes [20, 6C, 0A, FF, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!RtlSetCurrentTransaction + 32                                         000007fc9a64900c 8 bytes [10, 6C, 0A, FF, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeSListHead + 466                                          000007fc9a6492a6 8 bytes [00, 6C, 0A, FF, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 616                                               00000000775915f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272                                    00000000775917d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 140                                                00000000775918c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                            00000000775918e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\system32\wow64cpu.dll!CpuSetStackPointer + 23                                            0000000077591903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5408] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23                                      000000007759195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61                                          000007fc9a64104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77                                           000007fc9a6410dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 93                                           000007fc9a6410ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 36                                                    000007fc9a641164 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 52                                                    000007fc9a641174 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!strcat + 152                                                          000007fc9a641308 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!strcpy + 183                                                          000007fc9a6413d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!strlen + 168                                                          000007fc9a641558 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!strncat + 405                                                         000007fc9a641705 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!strncmp + 189                                                         000007fc9a6417dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 354                                                         000007fc9a641952 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 370                                                         000007fc9a641962 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 107                                               000007fc9a641e3b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 126                                     000007fc9a64205e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 142                                     000007fc9a64206e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403                                    000007fc9a642574 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 77                                                         000007fc9a6425dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 93                                                         000007fc9a6425ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!_setjmp + 168                                                         000007fc9a6426b8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 244                                                         000007fc9a642864 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 260                                                         000007fc9a642874 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                000007fc9a642c70 5 bytes [FF, 25, CD, 5F, 00]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 6                                            000007fc9a642c76 2 bytes [90, 90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                              000007fc9a642df0 5 bytes [FF, 25, 6F, 61, 00]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread + 6                                          000007fc9a642df6 2 bytes [90, 90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                    000007fc9a642e20 5 bytes [FF, 25, 5E, 5A, 00]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 6                                                000007fc9a642e26 2 bytes [90, 90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                  000007fc9a642f40 5 bytes [FF, 25, 6D, 5C, 00]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6                                              000007fc9a642f46 2 bytes [90, 90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                      000007fc9a642ff0 5 bytes [FF, 25, F0, 5A, 00]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 6                                                  000007fc9a642ff6 2 bytes [90, 90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                      000007fc9a6436b1 5 bytes [FF, 25, EF, 5B, 00]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6                                                  000007fc9a6436b7 2 bytes [90, 90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                    000007fc9a643991 5 bytes [FF, 25, 75, 56, 00]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread + 6                                                000007fc9a643997 2 bytes [90, 90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                    000007fc9a644211 8 bytes {JMP QWORD [RIP+0x4dcd]}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!NtWaitLowEventPair + 19                                               000007fc9a644694 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 73                                   000007fc9a644c08 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 89                                   000007fc9a644c18 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 3
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!RtlRestoreLastWin32Error + 34                                         000007fc9a645272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 261                        000007fc9a645385 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextUnsafeFast + 167                          000007fc9a645437 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockExclusive + 19                                       000007fc9a645453 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 350                                                 000007fc9a64571e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 908                                                 000007fc9a64594c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedFlushSList + 116                                        000007fc9a6459c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!RtlAcquireSRWLockShared + 54                                          000007fc9a645a76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockShared + 34                                          000007fc9a645aa2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryPerformanceCounter + 68                                       000007fc9a645af4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCriticalSectionRecursionCount + 35                              000007fc9a645b23 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeConditionVariable + 72                                   000007fc9a645ca8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 222                                                        000007fc9a646c8e 8 bytes {JMP 0xffffffffffffffd9}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 315                                                        000007fc9a646ceb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!RtlNtStatusToDosError + 213                                           000007fc9a646dd5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteCriticalSection + 116                                        000007fc9a646e94 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!RtlTryEnterCriticalSection + 462                                      000007fc9a64706e 8 bytes {JMP 0xffffffffffffffd8}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!RtlRbInsertNodeEx + 195                                               000007fc9a648bb3 8 bytes [50, 6C, F3, FE, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 135                                                 000007fc9a648c43 8 bytes [40, 6C, F3, FE, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 937                                                 000007fc9a648f65 8 bytes [30, 6C, F3, FE, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 116                                           000007fc9a648fe4 8 bytes [20, 6C, F3, FE, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!RtlSetCurrentTransaction + 32                                         000007fc9a64900c 8 bytes [10, 6C, F3, FE, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeSListHead + 466                                          000007fc9a6492a6 8 bytes [00, 6C, F3, FE, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 616                                               00000000775915f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272                                    00000000775917d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 140                                                00000000775918c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                            00000000775918e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\system32\wow64cpu.dll!CpuSetStackPointer + 23                                            0000000077591903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5520] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23                                      000000007759195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61                                          000007fc9a64104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77                                           000007fc9a6410dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 93                                           000007fc9a6410ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 36                                                    000007fc9a641164 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 52                                                    000007fc9a641174 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!strcat + 152                                                          000007fc9a641308 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!strcpy + 183                                                          000007fc9a6413d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!strlen + 168                                                          000007fc9a641558 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!strncat + 405                                                         000007fc9a641705 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!strncmp + 189                                                         000007fc9a6417dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 354                                                         000007fc9a641952 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 370                                                         000007fc9a641962 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 107                                               000007fc9a641e3b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 126                                     000007fc9a64205e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 142                                     000007fc9a64206e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403                                    000007fc9a642574 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 77                                                         000007fc9a6425dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 93                                                         000007fc9a6425ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!_setjmp + 168                                                         000007fc9a6426b8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 244                                                         000007fc9a642864 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 260                                                         000007fc9a642874 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                000007fc9a642c70 5 bytes [FF, 25, CD, 5F, 00]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 6                                            000007fc9a642c76 2 bytes [90, 90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                              000007fc9a642df0 5 bytes [FF, 25, 6F, 61, 00]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread + 6                                          000007fc9a642df6 2 bytes [90, 90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                    000007fc9a642e20 5 bytes [FF, 25, 5E, 5A, 00]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 6                                                000007fc9a642e26 2 bytes [90, 90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                  000007fc9a642f40 5 bytes [FF, 25, 6D, 5C, 00]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6                                              000007fc9a642f46 2 bytes [90, 90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                      000007fc9a642ff0 5 bytes [FF, 25, F0, 5A, 00]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 6                                                  000007fc9a642ff6 2 bytes [90, 90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                      000007fc9a6436b1 5 bytes [FF, 25, EF, 5B, 00]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6                                                  000007fc9a6436b7 2 bytes [90, 90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                    000007fc9a643991 5 bytes [FF, 25, 75, 56, 00]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread + 6                                                000007fc9a643997 2 bytes [90, 90]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                    000007fc9a644211 8 bytes {JMP QWORD [RIP+0x4dcd]}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!NtWaitLowEventPair + 19                                               000007fc9a644694 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 73                                   000007fc9a644c08 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 89                                   000007fc9a644c18 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 3
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!RtlRestoreLastWin32Error + 34                                         000007fc9a645272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 261                        000007fc9a645385 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextUnsafeFast + 167                          000007fc9a645437 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockExclusive + 19                                       000007fc9a645453 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 350                                                 000007fc9a64571e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 908                                                 000007fc9a64594c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedFlushSList + 116                                        000007fc9a6459c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!RtlAcquireSRWLockShared + 54                                          000007fc9a645a76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockShared + 34                                          000007fc9a645aa2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryPerformanceCounter + 68                                       000007fc9a645af4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCriticalSectionRecursionCount + 35                              000007fc9a645b23 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeConditionVariable + 72                                   000007fc9a645ca8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 222                                                        000007fc9a646c8e 8 bytes {JMP 0xffffffffffffffd9}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 315                                                        000007fc9a646ceb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!RtlNtStatusToDosError + 213                                           000007fc9a646dd5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteCriticalSection + 116                                        000007fc9a646e94 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!RtlTryEnterCriticalSection + 462                                      000007fc9a64706e 8 bytes {JMP 0xffffffffffffffd8}
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!RtlRbInsertNodeEx + 195                                               000007fc9a648bb3 8 bytes [50, 6C, 54, FF, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 135                                                 000007fc9a648c43 8 bytes [40, 6C, 54, FF, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 937                                                 000007fc9a648f65 8 bytes [30, 6C, 54, FF, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 116                                           000007fc9a648fe4 8 bytes [20, 6C, 54, FF, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!RtlSetCurrentTransaction + 32                                         000007fc9a64900c 8 bytes [10, 6C, 54, FF, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeSListHead + 466                                          000007fc9a6492a6 8 bytes [00, 6C, 54, FF, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 616                                               00000000775915f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272                                    00000000775917d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 140                                                00000000775918c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                            00000000775918e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\system32\wow64cpu.dll!CpuSetStackPointer + 23                                            0000000077591903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5540] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23                                      000000007759195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61                                           000007fc9a64104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77                                            000007fc9a6410dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 93                                            000007fc9a6410ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 36                                                     000007fc9a641164 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 52                                                     000007fc9a641174 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!strcat + 152                                                           000007fc9a641308 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!strcpy + 183                                                           000007fc9a6413d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!strlen + 168                                                           000007fc9a641558 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!strncat + 405                                                          000007fc9a641705 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!strncmp + 189                                                          000007fc9a6417dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 354                                                          000007fc9a641952 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]

derfischmac · 16.03.2015, 15:12

GMER letzter Teil

Code:

ATTFilter

.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 370                                                          000007fc9a641962 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 107                                                000007fc9a641e3b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 126                                      000007fc9a64205e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 142                                      000007fc9a64206e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403                                     000007fc9a642574 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 77                                                          000007fc9a6425dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 93                                                          000007fc9a6425ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!_setjmp + 168                                                          000007fc9a6426b8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 244                                                          000007fc9a642864 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 260                                                          000007fc9a642874 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                 000007fc9a642c70 5 bytes [FF, 25, CD, 5F, 00]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 6                                             000007fc9a642c76 2 bytes [90, 90]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                               000007fc9a642df0 5 bytes [FF, 25, 6F, 61, 00]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread + 6                                           000007fc9a642df6 2 bytes [90, 90]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                     000007fc9a642e20 5 bytes [FF, 25, 5E, 5A, 00]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 6                                                 000007fc9a642e26 2 bytes [90, 90]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                   000007fc9a642f40 5 bytes [FF, 25, 6D, 5C, 00]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6                                               000007fc9a642f46 2 bytes [90, 90]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                       000007fc9a642ff0 5 bytes [FF, 25, F0, 5A, 00]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 6                                                   000007fc9a642ff6 2 bytes [90, 90]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                       000007fc9a6436b1 5 bytes [FF, 25, EF, 5B, 00]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6                                                   000007fc9a6436b7 2 bytes [90, 90]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                     000007fc9a643991 5 bytes [FF, 25, 75, 56, 00]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread + 6                                                 000007fc9a643997 2 bytes [90, 90]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                     000007fc9a644211 8 bytes {JMP QWORD [RIP+0x4dcd]}
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!NtWaitLowEventPair + 19                                                000007fc9a644694 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 73                                    000007fc9a644c08 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 89                                    000007fc9a644c18 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 3
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!RtlRestoreLastWin32Error + 34                                          000007fc9a645272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 261                         000007fc9a645385 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextUnsafeFast + 167                           000007fc9a645437 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockExclusive + 19                                        000007fc9a645453 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 350                                                  000007fc9a64571e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 908                                                  000007fc9a64594c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedFlushSList + 116                                         000007fc9a6459c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!RtlAcquireSRWLockShared + 54                                           000007fc9a645a76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockShared + 34                                           000007fc9a645aa2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryPerformanceCounter + 68                                        000007fc9a645af4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCriticalSectionRecursionCount + 35                               000007fc9a645b23 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeConditionVariable + 72                                    000007fc9a645ca8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 222                                                         000007fc9a646c8e 8 bytes {JMP 0xffffffffffffffd9}
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 315                                                         000007fc9a646ceb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!RtlNtStatusToDosError + 213                                            000007fc9a646dd5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteCriticalSection + 116                                         000007fc9a646e94 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!RtlTryEnterCriticalSection + 462                                       000007fc9a64706e 8 bytes {JMP 0xffffffffffffffd8}
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!RtlRbInsertNodeEx + 195                                                000007fc9a648bb3 8 bytes [50, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 135                                                  000007fc9a648c43 8 bytes [40, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 937                                                  000007fc9a648f65 8 bytes [30, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 116                                            000007fc9a648fe4 8 bytes [20, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!RtlSetCurrentTransaction + 32                                          000007fc9a64900c 8 bytes [10, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeSListHead + 466                                           000007fc9a6492a6 8 bytes [00, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 616                                                00000000775915f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272                                     00000000775917d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 140                                                 00000000775918c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                             00000000775918e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\system32\wow64cpu.dll!CpuSetStackPointer + 23                                             0000000077591903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[5764] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23                                       000000007759195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61                                           000007fc9a64104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77                                            000007fc9a6410dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 93                                            000007fc9a6410ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 36                                                     000007fc9a641164 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 52                                                     000007fc9a641174 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!strcat + 152                                                           000007fc9a641308 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!strcpy + 183                                                           000007fc9a6413d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!strlen + 168                                                           000007fc9a641558 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!strncat + 405                                                          000007fc9a641705 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!strncmp + 189                                                          000007fc9a6417dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 354                                                          000007fc9a641952 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 370                                                          000007fc9a641962 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 107                                                000007fc9a641e3b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 126                                      000007fc9a64205e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 142                                      000007fc9a64206e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403                                     000007fc9a642574 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 77                                                          000007fc9a6425dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 93                                                          000007fc9a6425ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!_setjmp + 168                                                          000007fc9a6426b8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 244                                                          000007fc9a642864 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 260                                                          000007fc9a642874 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                 000007fc9a642c70 5 bytes [FF, 25, CD, 5F, 00]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 6                                             000007fc9a642c76 2 bytes [90, 90]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                               000007fc9a642df0 5 bytes [FF, 25, 6F, 61, 00]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread + 6                                           000007fc9a642df6 2 bytes [90, 90]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                     000007fc9a642e20 5 bytes [FF, 25, 5E, 5A, 00]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 6                                                 000007fc9a642e26 2 bytes [90, 90]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                   000007fc9a642f40 5 bytes [FF, 25, 6D, 5C, 00]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6                                               000007fc9a642f46 2 bytes [90, 90]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                       000007fc9a642ff0 5 bytes [FF, 25, F0, 5A, 00]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 6                                                   000007fc9a642ff6 2 bytes [90, 90]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                       000007fc9a6436b1 5 bytes [FF, 25, EF, 5B, 00]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6                                                   000007fc9a6436b7 2 bytes [90, 90]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                     000007fc9a643991 5 bytes [FF, 25, 75, 56, 00]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread + 6                                                 000007fc9a643997 2 bytes [90, 90]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                     000007fc9a644211 8 bytes {JMP QWORD [RIP+0x4dcd]}
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!NtWaitLowEventPair + 19                                                000007fc9a644694 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 73                                    000007fc9a644c08 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 89                                    000007fc9a644c18 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 3
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!RtlRestoreLastWin32Error + 34                                          000007fc9a645272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 261                         000007fc9a645385 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextUnsafeFast + 167                           000007fc9a645437 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockExclusive + 19                                        000007fc9a645453 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 350                                                  000007fc9a64571e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 908                                                  000007fc9a64594c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedFlushSList + 116                                         000007fc9a6459c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!RtlAcquireSRWLockShared + 54                                           000007fc9a645a76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockShared + 34                                           000007fc9a645aa2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryPerformanceCounter + 68                                        000007fc9a645af4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCriticalSectionRecursionCount + 35                               000007fc9a645b23 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeConditionVariable + 72                                    000007fc9a645ca8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 222                                                         000007fc9a646c8e 8 bytes {JMP 0xffffffffffffffd9}
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 315                                                         000007fc9a646ceb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!RtlNtStatusToDosError + 213                                            000007fc9a646dd5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteCriticalSection + 116                                         000007fc9a646e94 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!RtlTryEnterCriticalSection + 462                                       000007fc9a64706e 8 bytes {JMP 0xffffffffffffffd8}
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!RtlRbInsertNodeEx + 195                                                000007fc9a648bb3 8 bytes [50, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 135                                                  000007fc9a648c43 8 bytes [40, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 937                                                  000007fc9a648f65 8 bytes [30, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 116                                            000007fc9a648fe4 8 bytes [20, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!RtlSetCurrentTransaction + 32                                          000007fc9a64900c 8 bytes [10, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeSListHead + 466                                           000007fc9a6492a6 8 bytes [00, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 616                                                00000000775915f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272                                     00000000775917d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 140                                                 00000000775918c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                             00000000775918e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\system32\wow64cpu.dll!CpuSetStackPointer + 23                                             0000000077591903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe[5840] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23                                       000000007759195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[5896] C:\Windows\system32\ole32.dll!OleLoadFromStream                                                             000007fc99b18f80 5 bytes JMP 000007fd59d702f8
.text   C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[5896] C:\Windows\system32\OLEAUT32.dll!VariantClear                                                               000007fc993d1030 5 bytes JMP 000007fd59d70478
.text   C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[5896] C:\Windows\system32\OLEAUT32.dll!SysFreeString                                                              000007fc993d1580 5 bytes JMP 000007fd59d703b8
.text   C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[5896] C:\Windows\system32\OLEAUT32.dll!SysAllocStringByteLen                                                      000007fc993e4780 5 bytes JMP 000007fd59d70358
.text   C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[5896] C:\Windows\system32\OLEAUT32.dll!VariantChangeType                                                          000007fc993e4810 10 bytes JMP 000007fd59d70418
.text   C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[5896] C:\Windows\system32\USER32.dll!BeginPaint                                                                   000007fc99d74670 8 bytes JMP 000007fd59d70238
.text   C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[5896] C:\Windows\system32\USER32.dll!RegisterClipboardFormatA                                                     000007fc99d799e0 6 bytes JMP 000007fd59d70178
.text   C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[5896] C:\Windows\system32\USER32.dll!RegisterClipboardFormatW                                                     000007fc99d7a890 9 bytes JMP 000007fd59d701d8
.text   C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[5896] C:\Windows\system32\USER32.dll!ValidateRect                                                                 000007fc99d8e310 8 bytes JMP 000007fd59d70298
.text   C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[5896] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                          000007fc941c1532 4 bytes [1C, 94, FC, 07]
.text   C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[5896] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                          000007fc941c153a 4 bytes [1C, 94, FC, 07]
.text   C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[5896] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                        000007fc941c165a 4 bytes [1C, 94, FC, 07]
.text   C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE[5896] C:\Windows\system32\SHELL32.dll!SHParseDisplayName                                                          000007fc980e21b0 6 bytes JMP 000007fd59d704d8
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61                                            000007fc9a64104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77                                             000007fc9a6410dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 93                                             000007fc9a6410ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 36                                                      000007fc9a641164 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 52                                                      000007fc9a641174 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!strcat + 152                                                            000007fc9a641308 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!strcpy + 183                                                            000007fc9a6413d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!strlen + 168                                                            000007fc9a641558 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!strncat + 405                                                           000007fc9a641705 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!strncmp + 189                                                           000007fc9a6417dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 354                                                           000007fc9a641952 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 370                                                           000007fc9a641962 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 107                                                 000007fc9a641e3b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 126                                       000007fc9a64205e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 142                                       000007fc9a64206e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403                                      000007fc9a642574 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 77                                                           000007fc9a6425dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 93                                                           000007fc9a6425ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!_setjmp + 168                                                           000007fc9a6426b8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 244                                                           000007fc9a642864 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 260                                                           000007fc9a642874 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                  000007fc9a642c70 5 bytes [FF, 25, CD, 5F, 00]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 6                                              000007fc9a642c76 2 bytes [90, 90]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                000007fc9a642df0 5 bytes [FF, 25, 6F, 61, 00]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread + 6                                            000007fc9a642df6 2 bytes [90, 90]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                      000007fc9a642e20 5 bytes [FF, 25, 5E, 5A, 00]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 6                                                  000007fc9a642e26 2 bytes [90, 90]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                    000007fc9a642f40 5 bytes [FF, 25, 6D, 5C, 00]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6                                                000007fc9a642f46 2 bytes [90, 90]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                        000007fc9a642ff0 5 bytes [FF, 25, F0, 5A, 00]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 6                                                    000007fc9a642ff6 2 bytes [90, 90]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                        000007fc9a6436b1 5 bytes [FF, 25, EF, 5B, 00]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6                                                    000007fc9a6436b7 2 bytes [90, 90]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                      000007fc9a643991 5 bytes [FF, 25, 75, 56, 00]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread + 6                                                  000007fc9a643997 2 bytes [90, 90]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                      000007fc9a644211 8 bytes {JMP QWORD [RIP+0x4dcd]}
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtWaitLowEventPair + 19                                                 000007fc9a644694 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 73                                     000007fc9a644c08 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 89                                     000007fc9a644c18 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 3
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!RtlRestoreLastWin32Error + 34                                           000007fc9a645272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 261                          000007fc9a645385 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextUnsafeFast + 167                            000007fc9a645437 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockExclusive + 19                                         000007fc9a645453 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 350                                                   000007fc9a64571e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 908                                                   000007fc9a64594c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedFlushSList + 116                                          000007fc9a6459c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!RtlAcquireSRWLockShared + 54                                            000007fc9a645a76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockShared + 34                                            000007fc9a645aa2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryPerformanceCounter + 68                                         000007fc9a645af4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCriticalSectionRecursionCount + 35                                000007fc9a645b23 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeConditionVariable + 72                                     000007fc9a645ca8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 222                                                          000007fc9a646c8e 8 bytes {JMP 0xffffffffffffffd9}
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 315                                                          000007fc9a646ceb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!RtlNtStatusToDosError + 213                                             000007fc9a646dd5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteCriticalSection + 116                                          000007fc9a646e94 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!RtlTryEnterCriticalSection + 462                                        000007fc9a64706e 8 bytes {JMP 0xffffffffffffffd8}
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!RtlRbInsertNodeEx + 195                                                 000007fc9a648bb3 8 bytes [50, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 135                                                   000007fc9a648c43 8 bytes [40, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 937                                                   000007fc9a648f65 8 bytes [30, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 116                                             000007fc9a648fe4 8 bytes [20, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!RtlSetCurrentTransaction + 32                                           000007fc9a64900c 8 bytes [10, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeSListHead + 466                                            000007fc9a6492a6 8 bytes [00, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 616                                                 00000000775915f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272                                      00000000775917d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 140                                                  00000000775918c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                              00000000775918e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\system32\wow64cpu.dll!CpuSetStackPointer + 23                                              0000000077591903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[884] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23                                        000000007759195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61                                                         000007fc9a64104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77                                                          000007fc9a6410dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 93                                                          000007fc9a6410ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 36                                                                   000007fc9a641164 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 52                                                                   000007fc9a641174 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!strcat + 152                                                                         000007fc9a641308 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!strcpy + 183                                                                         000007fc9a6413d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!strlen + 168                                                                         000007fc9a641558 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!strncat + 405                                                                        000007fc9a641705 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!strncmp + 189                                                                        000007fc9a6417dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 354                                                                        000007fc9a641952 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 370                                                                        000007fc9a641962 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 107                                                              000007fc9a641e3b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 126                                                    000007fc9a64205e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 142                                                    000007fc9a64206e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403                                                   000007fc9a642574 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 77                                                                        000007fc9a6425dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 93                                                                        000007fc9a6425ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!_setjmp + 168                                                                        000007fc9a6426b8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 244                                                                        000007fc9a642864 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 260                                                                        000007fc9a642874 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                               000007fc9a642c70 5 bytes [FF, 25, CD, 5F, 00]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 6                                                           000007fc9a642c76 2 bytes [90, 90]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                             000007fc9a642df0 5 bytes [FF, 25, 6F, 61, 00]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread + 6                                                         000007fc9a642df6 2 bytes [90, 90]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                   000007fc9a642e20 5 bytes [FF, 25, 5E, 5A, 00]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 6                                                               000007fc9a642e26 2 bytes [90, 90]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                 000007fc9a642f40 5 bytes [FF, 25, 6D, 5C, 00]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6                                                             000007fc9a642f46 2 bytes [90, 90]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                     000007fc9a642ff0 5 bytes [FF, 25, F0, 5A, 00]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 6                                                                 000007fc9a642ff6 2 bytes [90, 90]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                     000007fc9a6436b1 5 bytes [FF, 25, EF, 5B, 00]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6                                                                 000007fc9a6436b7 2 bytes [90, 90]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                   000007fc9a643991 5 bytes [FF, 25, 75, 56, 00]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread + 6                                                               000007fc9a643997 2 bytes [90, 90]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                   000007fc9a644211 8 bytes {JMP QWORD [RIP+0x4dcd]}
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!NtWaitLowEventPair + 19                                                              000007fc9a644694 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 73                                                  000007fc9a644c08 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 89                                                  000007fc9a644c18 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 3
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlRestoreLastWin32Error + 34                                                        000007fc9a645272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 261                                       000007fc9a645385 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextUnsafeFast + 167                                         000007fc9a645437 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockExclusive + 19                                                      000007fc9a645453 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 350                                                                000007fc9a64571e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 908                                                                000007fc9a64594c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedFlushSList + 116                                                       000007fc9a6459c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlAcquireSRWLockShared + 54                                                         000007fc9a645a76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockShared + 34                                                         000007fc9a645aa2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryPerformanceCounter + 68                                                      000007fc9a645af4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCriticalSectionRecursionCount + 35                                             000007fc9a645b23 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeConditionVariable + 72                                                  000007fc9a645ca8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 222                                                                       000007fc9a646c8e 8 bytes {JMP 0xffffffffffffffd9}
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 315                                                                       000007fc9a646ceb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlNtStatusToDosError + 213                                                          000007fc9a646dd5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteCriticalSection + 116                                                       000007fc9a646e94 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlTryEnterCriticalSection + 462                                                     000007fc9a64706e 8 bytes {JMP 0xffffffffffffffd8}
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlRbInsertNodeEx + 195                                                              000007fc9a648bb3 8 bytes [50, 6C, 63, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 135                                                                000007fc9a648c43 8 bytes [40, 6C, 63, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 937                                                                000007fc9a648f65 8 bytes [30, 6C, 63, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 116                                                          000007fc9a648fe4 8 bytes [20, 6C, 63, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlSetCurrentTransaction + 32                                                        000007fc9a64900c 8 bytes [10, 6C, 63, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeSListHead + 466                                                         000007fc9a6492a6 8 bytes [00, 6C, 63, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 616                                                              00000000775915f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272                                                   00000000775917d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 140                                                               00000000775918c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                           00000000775918e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\system32\wow64cpu.dll!CpuSetStackPointer + 23                                                           0000000077591903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Nero\Update\NASvc.exe[3848] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                     000000007759195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61                                       000007fc9a64104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77                                        000007fc9a6410dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 93                                        000007fc9a6410ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 36                                                 000007fc9a641164 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 52                                                 000007fc9a641174 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!strcat + 152                                                       000007fc9a641308 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!strcpy + 183                                                       000007fc9a6413d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!strlen + 168                                                       000007fc9a641558 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!strncat + 405                                                      000007fc9a641705 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!strncmp + 189                                                      000007fc9a6417dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 354                                                      000007fc9a641952 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 370                                                      000007fc9a641962 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 107                                            000007fc9a641e3b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 126                                  000007fc9a64205e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 142                                  000007fc9a64206e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403                                 000007fc9a642574 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 77                                                      000007fc9a6425dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 93                                                      000007fc9a6425ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!_setjmp + 168                                                      000007fc9a6426b8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 244                                                      000007fc9a642864 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 260                                                      000007fc9a642874 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                             000007fc9a642c70 5 bytes [FF, 25, CD, 5F, 00]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 6                                         000007fc9a642c76 2 bytes [90, 90]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                           000007fc9a642df0 5 bytes [FF, 25, 6F, 61, 00]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread + 6                                       000007fc9a642df6 2 bytes [90, 90]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                 000007fc9a642e20 5 bytes [FF, 25, 5E, 5A, 00]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 6                                             000007fc9a642e26 2 bytes [90, 90]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                               000007fc9a642f40 5 bytes [FF, 25, 6D, 5C, 00]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6                                           000007fc9a642f46 2 bytes [90, 90]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                   000007fc9a642ff0 5 bytes [FF, 25, F0, 5A, 00]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 6                                               000007fc9a642ff6 2 bytes [90, 90]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                   000007fc9a6436b1 5 bytes [FF, 25, EF, 5B, 00]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6                                               000007fc9a6436b7 2 bytes [90, 90]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                 000007fc9a643991 5 bytes [FF, 25, 75, 56, 00]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread + 6                                             000007fc9a643997 2 bytes [90, 90]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                 000007fc9a644211 8 bytes {JMP QWORD [RIP+0x4dcd]}
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtWaitLowEventPair + 19                                            000007fc9a644694 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 73                                000007fc9a644c08 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 89                                000007fc9a644c18 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 3
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlRestoreLastWin32Error + 34                                      000007fc9a645272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 261                     000007fc9a645385 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextUnsafeFast + 167                       000007fc9a645437 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockExclusive + 19                                    000007fc9a645453 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 350                                              000007fc9a64571e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 908                                              000007fc9a64594c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedFlushSList + 116                                     000007fc9a6459c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlAcquireSRWLockShared + 54                                       000007fc9a645a76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockShared + 34                                       000007fc9a645aa2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryPerformanceCounter + 68                                    000007fc9a645af4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCriticalSectionRecursionCount + 35                           000007fc9a645b23 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeConditionVariable + 72                                000007fc9a645ca8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 222                                                     000007fc9a646c8e 8 bytes {JMP 0xffffffffffffffd9}
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 315                                                     000007fc9a646ceb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlNtStatusToDosError + 213                                        000007fc9a646dd5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteCriticalSection + 116                                     000007fc9a646e94 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlTryEnterCriticalSection + 462                                   000007fc9a64706e 8 bytes {JMP 0xffffffffffffffd8}
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlRbInsertNodeEx + 195                                            000007fc9a648bb3 8 bytes [50, 6C, E2, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 135                                              000007fc9a648c43 8 bytes [40, 6C, E2, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 937                                              000007fc9a648f65 8 bytes [30, 6C, E2, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 116                                        000007fc9a648fe4 8 bytes [20, 6C, E2, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlSetCurrentTransaction + 32                                      000007fc9a64900c 8 bytes [10, 6C, E2, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeSListHead + 466                                       000007fc9a6492a6 8 bytes [00, 6C, E2, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 616                                            00000000775915f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272                                 00000000775917d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 140                                             00000000775918c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                         00000000775918e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\system32\wow64cpu.dll!CpuSetStackPointer + 23                                         0000000077591903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe[3660] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23                                   000000007759195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlLeaveCriticalSection + 61                                                               000007fc9a64104d 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 77                                                                000007fc9a6410dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCurrentUmsThread + 93                                                                000007fc9a6410ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 36                                                                         000007fc9a641164 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!_local_unwind + 52                                                                         000007fc9a641174 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!strcat + 152                                                                               000007fc9a641308 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!strcpy + 183                                                                               000007fc9a6413d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!strlen + 168                                                                               000007fc9a641558 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!strncat + 405                                                                              000007fc9a641705 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!strncmp + 189                                                                              000007fc9a6417dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 354                                                                              000007fc9a641952 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!strncpy + 370                                                                              000007fc9a641962 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!DbgUserBreakPoint + 107                                                                    000007fc9a641e3b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 126                                                          000007fc9a64205e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 142                                                          000007fc9a64206e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlpUmsExecuteYieldThreadEnd + 403                                                         000007fc9a642574 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 77                                                                              000007fc9a6425dd 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!__chkstk + 93                                                                              000007fc9a6425ed 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 2
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!_setjmp + 168                                                                              000007fc9a6426b8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 244                                                                              000007fc9a642864 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!longjmp + 260                                                                              000007fc9a642874 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                     000007fc9a642c70 5 bytes [FF, 25, CD, 5F, 00]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 6                                                                 000007fc9a642c76 2 bytes [90, 90]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                   000007fc9a642df0 5 bytes [FF, 25, 6F, 61, 00]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread + 6                                                               000007fc9a642df6 2 bytes [90, 90]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                         000007fc9a642e20 5 bytes [FF, 25, 5E, 5A, 00]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 6                                                                     000007fc9a642e26 2 bytes [90, 90]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                       000007fc9a642f40 5 bytes [FF, 25, 6D, 5C, 00]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 6                                                                   000007fc9a642f46 2 bytes [90, 90]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                           000007fc9a642ff0 5 bytes [FF, 25, F0, 5A, 00]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 6                                                                       000007fc9a642ff6 2 bytes [90, 90]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                           000007fc9a6436b1 5 bytes [FF, 25, EF, 5B, 00]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 6                                                                       000007fc9a6436b7 2 bytes [90, 90]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                         000007fc9a643991 5 bytes [FF, 25, 75, 56, 00]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread + 6                                                                     000007fc9a643997 2 bytes [90, 90]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                         000007fc9a644211 8 bytes {JMP QWORD [RIP+0x4dcd]}
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtWaitLowEventPair + 19                                                                    000007fc9a644694 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 73                                                        000007fc9a644c08 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!KiRaiseUserExceptionDispatcher + 89                                                        000007fc9a644c18 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                   * 3
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlRestoreLastWin32Error + 34                                                              000007fc9a645272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 261                                             000007fc9a645385 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextUnsafeFast + 167                                               000007fc9a645437 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockExclusive + 19                                                            000007fc9a645453 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 350                                                                      000007fc9a64571e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlAllocateHeap + 908                                                                      000007fc9a64594c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedFlushSList + 116                                                             000007fc9a6459c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlAcquireSRWLockShared + 54                                                               000007fc9a645a76 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlReleaseSRWLockShared + 34                                                               000007fc9a645aa2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryPerformanceCounter + 68                                                            000007fc9a645af4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlGetCriticalSectionRecursionCount + 35                                                   000007fc9a645b23 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeConditionVariable + 72                                                        000007fc9a645ca8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 222                                                                             000007fc9a646c8e 8 bytes {JMP 0xffffffffffffffd9}
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 315                                                                             000007fc9a646ceb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlNtStatusToDosError + 213                                                                000007fc9a646dd5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteCriticalSection + 116                                                             000007fc9a646e94 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlTryEnterCriticalSection + 462                                                           000007fc9a64706e 8 bytes {JMP 0xffffffffffffffd8}
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlRbInsertNodeEx + 195                                                                    000007fc9a648bb3 8 bytes [50, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 135                                                                      000007fc9a648c43 8 bytes [40, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlRbRemoveNode + 937                                                                      000007fc9a648f65 8 bytes [30, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 116                                                                000007fc9a648fe4 8 bytes [20, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlSetCurrentTransaction + 32                                                              000007fc9a64900c 8 bytes [10, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!RtlInitializeSListHead + 466                                                               000007fc9a6492a6 8 bytes [00, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\system32\wow64cpu.dll!CpuProcessInit + 616                                                                    00000000775915f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\system32\wow64cpu.dll!CpuResetToConsistentState + 272                                                         00000000775917d4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\system32\wow64cpu.dll!CpuSetContext + 140                                                                     00000000775918c4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                                 00000000775918e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\system32\wow64cpu.dll!CpuSetStackPointer + 23                                                                 0000000077591903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Markus\Desktop\Gmer-19357.exe[1824] C:\Windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                           000000007759195f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [632:656]                                                                                                                               fffff960008ec5e8

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                                                                     -1885716019

---- EOF - GMER 2.1 ----

derfischmac · 16.03.2015, 17:47

Holla - das ist ja ein "Blitz-Service" herzlichsten Dank erstmal!!!
hier die logs:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 16.03.2015
Suchlauf-Zeit: 16:15:56
Logdatei: MBAM-log-16032015.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.03.16.02
Rootkit Datenbank: v2015.02.25.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Markus

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 359756
Verstrichene Zeit: 16 Min, 20 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 3
PUP.Optional.Linkey.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, In Quarantäne, [f33fa0a67d0daa8c1e238c9846bdf60a], 
PUP.Optional.SystemK.A, HKLM\SOFTWARE\WOW6432NODE\SystemK, In Quarantäne, [46ecfc4a137746f0dd444d8508fbab55], 
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\SYSTEMK\General, In Quarantäne, [da58bf870f7bbf77879326c93cc7ef11], 

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 1
PUP.Optional.Datamngr.A, C:\Users\Markus\AppData\LocalLow\DataMngr, In Quarantäne, [2d05b690008a9d99bbe6393b58ab6898], 

Dateien: 1
PUP.Optional.Datamngr.A, C:\Users\Markus\AppData\LocalLow\DataMngr\{99BB1406-1CFB-488C-90D1-2D978E04F707}64, In Quarantäne, [2d05b690008a9d99bbe6393b58ab6898], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

Code:

ATTFilter

# AdwCleaner v4.112 - Bericht erstellt 16/03/2015 um 16:45:18
# Aktualisiert 09/03/2015 von Xplode
# Datenbank : 2015-03-15.1 [Server]
# Betriebssystem : Windows 8 Enterprise  (x64)
# Benutzername : Markus - MARKUS-CSL
# Gestarted von : C:\Users\Markus\Desktop\AdwCleaner_4.112.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\Linkey
Ordner Gelöscht : C:\Users\Markus\AppData\Local\Temp\jZip
Ordner Gelöscht : C:\Users\Markus\AppData\Local\Temp\Security Systems
Ordner Gelöscht : C:\Users\Markus\AppData\Local\jZip
Ordner Gelöscht : C:\Users\Markus\AppData\Roaming\download Manager
Datei Gelöscht : C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\jZip.file
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPath\jZip.exe
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Schlüssel Gelöscht : HKCU\Software\jZip
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\jZip
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v10.0.9200.17267


-\\ Google Chrome v41.0.2272.89


*************************

AdwCleaner[R0].txt - [5679 Bytes] - [16/03/2015 16:42:12]
AdwCleaner[S0].txt - [5014 Bytes] - [16/03/2015 16:45:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5073  Bytes] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 8 Enterprise x64
Ran by Markus on 16.03.2015 at 16:51:20,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.03.2015 at 16:55:50,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Markus (administrator) on MARKUS-CSL on 16-03-2015 17:37:31
Running from C:\Users\Markus\Desktop
Loaded Profiles: Markus (Available profiles: Markus)
Platform: Windows 8 Enterprise (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Microsoft Corporation) C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(WinZip Computing, Inc.) C:\Program Files (x86)\WinZip\WZQKPICK.EXE
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE15\CSISYNCCLIENT.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)
HKU\S-1-5-21-1453455567-1448806520-3706449659-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-1453455567-1448806520-3706449659-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1453455567-1448806520-3706449659-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
HKU\S-1-5-21-1453455567-1448806520-3706449659-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
HKU\S-1-5-21-1453455567-1448806520-3706449659-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [761064 2014-12-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-1453455567-1448806520-3706449659-1001\...\Run: [Speed Launch] => C:\Program Files (x86)\Microsoft Office Labs\Speed Launch\SpeedLaunch.exe [529920 2008-08-11] (Microsoft)
HKU\S-1-5-21-1453455567-1448806520-3706449659-1001\...\Run: [GoogleChromeAutoLaunch_B7BAB472F6EC664C4B3EB3EEA8AE05F9] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-07] (Google Inc.)
HKU\S-1-5-21-1453455567-1448806520-3706449659-1001\...\Run: [OneDrive] => C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281248 2015-03-12] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
Startup: C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Markus\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Markus\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Markus\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Markus\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Markus\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Markus\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1453455567-1448806520-3706449659-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-1453455567-1448806520-3706449659-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.payback.de/pb/id/291958/paId/105556/prId/447584
https://portal.kreissparkasse-augsburg.de/portal/portal/StartenIPSTANDARD
https://kunde.comdirect.de/lp/wt/login?CIF_Check=true
hxxp://www.fc-koenigsbrunn.de/Junioren/CJunioren/C3-Junioren.aspx
hxxp://aesitelink.de/?autologin=53932ef0e0b8df423a0f1f537305ca59
hxxp://www.leo.org/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-31] (Kaspersky Lab ZAO)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-31] (Kaspersky Lab ZAO)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-31] (Kaspersky Lab ZAO)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-31] (Kaspersky Lab ZAO)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-31] (Kaspersky Lab ZAO)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-31] (Kaspersky Lab ZAO)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-1453455567-1448806520-3706449659-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll [2013-12-04] (Skype)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-31] ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2014-12-31] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-31] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-11-15] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll [2013-12-04] (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-11-15] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-01-26]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-31]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-31]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2014-12-31]

Chrome: 
=======
CHR Profile: C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-31]
CHR Extension: (Google Docs) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-31]
CHR Extension: (Google Drive) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-31]
CHR Extension: (YouTube) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-31]
CHR Extension: (Google Search) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-31]
CHR Extension: (Kaspersky Protection) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-01-31]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-01-31]
CHR Extension: (Google Sheets) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-31]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-31]
CHR Extension: (Gmail) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-31]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R2 EkaProt6; C:\Windows\system32\DRIVERS\ekaprot6.sys [27288 2012-03-23] (Ekahau Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [150536 2014-12-31] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [247480 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [800440 2015-03-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [68616 2014-12-31] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [77512 2014-12-31] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-05-19] ()
S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-05-19] ()
S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700296 2014-05-19] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-16 17:37 - 2015-03-16 17:37 - 00027272 _____ () C:\Users\Markus\Desktop\FRST.txt
2015-03-16 16:55 - 2015-03-16 16:58 - 00000624 _____ () C:\Users\Markus\Desktop\JRT.txt
2015-03-16 16:50 - 2015-03-16 16:50 - 00005165 _____ () C:\Users\Markus\Desktop\AdwCleaner[S0].txt
2015-03-16 16:44 - 2015-03-16 16:45 - 00005679 _____ () C:\Users\Markus\Desktop\AdwCleaner[R0].txt
2015-03-16 16:41 - 2015-03-16 16:50 - 00000000 ____D () C:\AdwCleaner
2015-03-16 16:14 - 2015-03-16 17:27 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-16 16:14 - 2015-03-16 16:14 - 00001111 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-16 16:14 - 2015-03-16 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-16 16:14 - 2015-03-16 16:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-16 16:14 - 2015-03-16 16:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-16 16:14 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-16 16:14 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-16 16:14 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-16 16:12 - 2015-03-16 16:12 - 01388333 _____ (Thisisu) C:\Users\Markus\Desktop\JRT.exe
2015-03-16 16:11 - 2015-03-16 16:11 - 02171392 _____ () C:\Users\Markus\Desktop\AdwCleaner_4.112.exe
2015-03-16 16:10 - 2015-03-16 16:10 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Markus\Desktop\mbam-setup-2.0.4.1028.exe
2015-03-16 13:18 - 2015-03-16 13:18 - 00368689 _____ () C:\Users\Markus\Desktop\gmer-vorher.txt
2015-03-16 13:05 - 2015-03-16 13:05 - 00035342 _____ () C:\Users\Markus\Desktop\Addition-vorher.txt
2015-03-16 13:04 - 2015-03-16 13:05 - 00045325 _____ () C:\Users\Markus\Desktop\FRST-vorher.txt
2015-03-16 13:03 - 2015-03-16 13:03 - 00000474 _____ () C:\Users\Markus\Desktop\defogger_disable-vorher.log
2015-03-16 13:03 - 2015-03-16 13:03 - 00000000 _____ () C:\Users\Markus\defogger_reenable
2015-03-16 13:00 - 2015-03-16 13:00 - 00380416 _____ () C:\Users\Markus\Desktop\Gmer-19357.exe
2015-03-16 12:57 - 2015-03-16 12:57 - 00050477 _____ () C:\Users\Markus\Desktop\Defogger.exe
2015-03-16 10:44 - 2015-03-16 10:44 - 00423960 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-16 08:33 - 2015-03-16 17:37 - 00000000 ____D () C:\FRST
2015-03-16 08:32 - 2015-03-16 08:32 - 02095616 _____ (Farbar) C:\Users\Markus\Desktop\FRST64.exe
2015-03-15 17:38 - 2015-03-15 17:38 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-15 17:37 - 2015-03-15 17:37 - 02347384 _____ (ESET) C:\Users\Markus\Desktop\esetsmartinstaller_deu.exe
2015-03-15 14:17 - 2015-03-15 14:17 - 00000000 ___HD () C:\OneDriveTemp
2015-03-12 08:51 - 2015-02-23 11:52 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-12 08:51 - 2015-02-23 11:52 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-12 08:51 - 2015-02-23 11:51 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-12 08:51 - 2015-02-23 11:51 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2015-03-12 08:51 - 2015-02-23 11:51 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-12 08:51 - 2015-02-23 11:51 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-12 08:51 - 2015-02-23 11:51 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 19301888 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 15410688 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 02656256 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-12 08:51 - 2015-02-23 11:49 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-12 08:51 - 2015-02-23 10:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-12 08:51 - 2015-02-23 10:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2015-03-12 08:51 - 2015-02-23 09:51 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-12 08:51 - 2015-02-21 06:31 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-12 08:51 - 2015-02-21 06:31 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-12 08:51 - 2015-02-21 06:31 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-12 08:51 - 2015-02-21 06:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 14380544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 13768704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-12 08:51 - 2015-02-21 06:29 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-12 08:51 - 2015-02-21 06:29 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-12 08:51 - 2015-02-21 06:29 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-12 08:51 - 2015-02-21 06:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-12 08:51 - 2015-02-21 06:07 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2015-03-12 08:51 - 2015-02-21 05:42 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-03-12 08:51 - 2015-02-21 04:00 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2015-03-12 08:51 - 2015-02-20 14:59 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 08:51 - 2015-02-20 12:56 - 00366592 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 08:51 - 2015-02-20 09:10 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-12 08:51 - 2015-02-20 08:24 - 00304128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-12 08:51 - 2015-01-29 09:05 - 01627648 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 08:51 - 2015-01-29 07:19 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-12 08:51 - 2015-01-24 07:42 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-12 08:51 - 2015-01-24 06:00 - 00243712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-12 08:51 - 2015-01-20 07:41 - 01120256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 08:51 - 2015-01-20 06:10 - 00892416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-12 08:50 - 2015-03-06 08:39 - 00588800 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-03-12 08:50 - 2015-03-06 08:39 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-12 08:50 - 2015-03-06 06:48 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-03-12 08:50 - 2015-03-06 06:48 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-12 08:50 - 2015-02-26 05:35 - 04063232 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 08:50 - 2015-02-17 07:54 - 19777536 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-12 08:50 - 2015-02-17 06:13 - 17561600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-12 08:50 - 2015-02-13 00:18 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-03-12 08:50 - 2015-02-03 00:18 - 00569712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-12 08:50 - 2015-01-31 14:48 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-03-12 08:50 - 2015-01-31 06:55 - 00275712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-03-12 08:50 - 2015-01-29 09:45 - 06973248 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-12 08:50 - 2015-01-24 07:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 08:50 - 2015-01-24 06:00 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-12 08:50 - 2015-01-24 05:31 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-02-26 19:08 - 2015-01-09 07:43 - 00951808 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-02-26 19:08 - 2015-01-09 06:03 - 00601088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-02-26 19:08 - 2015-01-09 00:52 - 00478296 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-26 19:08 - 2015-01-09 00:52 - 00478296 _____ () C:\Windows\system32\locale.nls
2015-02-21 16:13 - 2015-02-21 16:13 - 00001758 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-21 16:13 - 2015-02-21 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-21 16:12 - 2015-02-21 16:12 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-21 16:12 - 2015-02-21 16:12 - 00000000 ____D () C:\Program Files\iTunes
2015-02-21 16:12 - 2015-02-21 16:12 - 00000000 ____D () C:\Program Files\iPod
2015-02-17 15:30 - 2015-02-17 15:30 - 01691808 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-16 17:32 - 2015-01-31 12:21 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-16 17:07 - 2014-01-19 15:20 - 01922314 _____ () C:\Windows\WindowsUpdate.log
2015-03-16 17:04 - 2014-01-19 15:29 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1453455567-1448806520-3706449659-1001
2015-03-16 17:02 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2015-03-16 16:58 - 2014-04-13 09:12 - 00005132 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MARKUS-CSL-Markus Markus-CSL
2015-03-16 16:53 - 2014-03-12 08:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-16 16:52 - 2012-07-26 11:27 - 00751892 _____ () C:\Windows\system32\perfh007.dat
2015-03-16 16:52 - 2012-07-26 11:27 - 00155620 _____ () C:\Windows\system32\perfc007.dat
2015-03-16 16:52 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-16 16:48 - 2014-05-02 13:25 - 00000000 ___RD () C:\Users\Markus\OneDrive
2015-03-16 16:47 - 2015-01-31 12:21 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-16 16:47 - 2014-12-31 13:08 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-16 16:47 - 2014-09-23 19:32 - 00000000 ___RD () C:\Users\Markus\iCloudDrive
2015-03-16 16:46 - 2014-01-19 15:14 - 00018608 _____ () C:\Windows\PFRO.log
2015-03-16 16:46 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-16 16:45 - 2012-07-26 06:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-03-16 13:11 - 2013-04-09 14:55 - 00000000 ____D () C:\Users\Markus\Documents\Outlook-Dateien
2015-03-16 13:03 - 2014-01-19 15:19 - 00000000 ____D () C:\Users\Markus
2015-03-16 12:37 - 2014-03-11 20:03 - 00000000 ____D () C:\Users\Markus\AppData\Local\85423F51-9E93-4B10-9C27-D81091799579.aplzod
2015-03-16 11:00 - 2014-08-15 11:39 - 00001044 _____ () C:\Windows\Tasks\Paragon Archive name diff_150814103756306.job
2015-03-15 17:30 - 2012-07-26 08:21 - 00044132 _____ () C:\Windows\setupact.log
2015-03-14 15:24 - 2014-01-19 19:43 - 00000000 ____D () C:\SW DL
2015-03-14 10:37 - 2015-01-31 12:22 - 00002180 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-12 17:50 - 2013-04-06 10:07 - 00000000 ___RD () C:\Users\Markus\Podcasts
2015-03-12 10:46 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2015-03-12 10:18 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 10:18 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 10:18 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-12 10:18 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-12 10:07 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-03-12 09:49 - 2014-01-19 20:51 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-12 09:49 - 2014-01-19 20:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-12 09:49 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ToastData
2015-03-12 09:49 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2015-03-12 09:49 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-03-12 09:43 - 2014-01-20 16:38 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 09:43 - 2012-07-26 06:26 - 00000202 _____ () C:\Windows\win.ini
2015-03-12 09:40 - 2014-01-20 16:38 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-12 09:21 - 2013-07-06 15:26 - 00000000 ____D () C:\Users\Markus\Documents\Eigene Scans
2015-03-12 08:31 - 2014-05-02 13:25 - 00002251 _____ () C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-03-10 19:21 - 2014-08-20 18:04 - 00800440 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-03-04 22:24 - 2014-10-18 12:17 - 00791496 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-04 22:24 - 2014-10-18 12:17 - 00177608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-23 20:35 - 2014-01-19 15:21 - 00000000 ____D () C:\Users\Markus\AppData\Local\VirtualStore
2015-02-22 17:09 - 2013-03-19 19:22 - 00000000 ____D () C:\Users\Markus\AppData\Local\Packages
2015-02-21 16:15 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-21 16:12 - 2014-01-28 16:54 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-21 16:12 - 2014-01-28 16:53 - 00000000 ____D () C:\Program Files\Common Files\Apple

==================== Files in the root of some directories =======

2014-01-27 13:17 - 2014-01-27 15:37 - 0000822 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Markus\AppData\Local\Temp\FoxySecuritySetup.exe
C:\Users\Markus\AppData\Local\Temp\ose00000.exe
C:\Users\Markus\AppData\Local\Temp\Quarantine.exe
C:\Users\Markus\AppData\Local\Temp\sqlite3.dll
C:\Users\Markus\AppData\Local\Temp\vlc-2.1.5-win64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-16 06:24

==================== End Of Log ============================

--- --- ---

wie geht's weiter?
VG M

schrauber · 17.03.2015, 07:31

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

derfischmac · 19.03.2015, 08:02

moin schrauber,
war beruflich unterwegs daher jetzt erst antwort.
leider gibts probleme: der ESET Scan ist nach ca. 10 Std und 33% stecken geblieben, System-hold ich musste hard reset anwenden.

bis dahin folgende bedrohung erkannt:
2x
Variante von Win32/Adware.Synatix.A Anwendung
1x
NSIS/Startpage.CC

log datei war nach den reset keine zu finden.

soll ich nochmal ESET starten?
VG Markus

schrauber · 19.03.2015, 15:14

Lass ESET weg, und mach dafür das:

Lade Dir bitte von hier

Emsisoft Emergency Kit herunter.

Bitte installiere das Programm in den vorgegebenen Pfad.
Starte das Programm durch Doppelklick der Desktopverknüpfung.
Das EEK ist nach dem Laden der Malwaresignaturen für den Scan bereit.
Folge nun bitte der bebilderten Bildanleitung zu Emergency Kit, entferne alle Funde und poste am Ende des Scans bzw. der Bereinigung das Log.

derfischmac · 19.03.2015, 20:02

danke jetzt hat alles funktioniert
here we are:
1 EMSI

Code:

ATTFilter

Emsisoft Emergency Kit - Version 9.0
Letztes Update: 19.03.2015 15:33:55
Benutzerkonto: MARKUS-CSL\Markus

Scan-Einstellungen:

Scan Methode: Detail-Scan
Objekte: Rootkits, Speicher, Traces, C:\, J:\

PUPs-Erkennung: An
Archiv-Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan-Beginn:	19.03.2015 15:34:26
Value: HKEY_USERS\S-1-5-21-1453455567-1448806520-3706449659-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR 	gefunden: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-1453455567-1448806520-3706449659-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS 	gefunden: Setting.DisableRegistryTools (A)

Gescannt	392992
Gefunden	2

Scan-Ende:	19.03.2015 17:42:52
Scan-Zeit:	2:08:26

Value: HKEY_USERS\S-1-5-21-1453455567-1448806520-3706449659-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS	Quarantäne Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-1453455567-1448806520-3706449659-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR	Quarantäne Setting.DisableTaskMgr (A)

Quarantäne	2

2 SecuCheck

Code:

ATTFilter

Results of screen317's Security Check version 0.99.97  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
Kaspersky Internet Security   
Windows Defender              
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 	16.0.0.305  
 Google Chrome (40.0.2214.115) 
 Google Chrome (41.0.2272.89) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Kaspersky Lab Kaspersky Internet Security 15.0.1 avp.exe  
 Kaspersky Lab Kaspersky Internet Security 15.0.1 avpui.exe  
 Kaspersky Lab Kaspersky Internet Security 15.0.1 plugin-nm-server.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

3 FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Markus (administrator) on MARKUS-CSL on 19-03-2015 18:04:06
Running from C:\Users\Markus\Desktop
Loaded Profiles: Markus (Available profiles: Markus)
Platform: Windows 8 Enterprise (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Microsoft) C:\Program Files (x86)\Microsoft Office Labs\Speed Launch\SpeedLaunch.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(WinZip Computing, Inc.) C:\Program Files (x86)\WinZip\WZQKPICK.EXE
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE15\CSISYNCCLIENT.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\plugin-nm-server.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)
HKU\S-1-5-21-1453455567-1448806520-3706449659-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-1453455567-1448806520-3706449659-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1453455567-1448806520-3706449659-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
HKU\S-1-5-21-1453455567-1448806520-3706449659-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
HKU\S-1-5-21-1453455567-1448806520-3706449659-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [761064 2014-12-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-1453455567-1448806520-3706449659-1001\...\Run: [Speed Launch] => C:\Program Files (x86)\Microsoft Office Labs\Speed Launch\SpeedLaunch.exe [529920 2008-08-11] (Microsoft)
HKU\S-1-5-21-1453455567-1448806520-3706449659-1001\...\Run: [GoogleChromeAutoLaunch_B7BAB472F6EC664C4B3EB3EEA8AE05F9] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-07] (Google Inc.)
HKU\S-1-5-21-1453455567-1448806520-3706449659-1001\...\Run: [OneDrive] => C:\Users\Markus\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281248 2015-03-12] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
Startup: C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Markus\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Markus\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Markus\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Markus\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Markus\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Markus\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1453455567-1448806520-3706449659-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-1453455567-1448806520-3706449659-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.payback.de/pb/id/291958/paId/105556/prId/447584
https://portal.kreissparkasse-augsburg.de/portal/portal/StartenIPSTANDARD
https://kunde.comdirect.de/lp/wt/login?CIF_Check=true
hxxp://www.fc-koenigsbrunn.de/Junioren/CJunioren/C3-Junioren.aspx
hxxp://aesitelink.de/?autologin=53932ef0e0b8df423a0f1f537305ca59
hxxp://www.leo.org/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-31] (Kaspersky Lab ZAO)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-31] (Kaspersky Lab ZAO)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-31] (Kaspersky Lab ZAO)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-31] (Kaspersky Lab ZAO)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-31] (Kaspersky Lab ZAO)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-31] (Kaspersky Lab ZAO)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-1453455567-1448806520-3706449659-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll [2013-12-04] (Skype)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-31] ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2014-12-31] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-31] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-11-15] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll [2013-12-04] (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-11-15] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-01-26]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-31]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-31]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2014-12-31]

Chrome: 
=======
CHR Profile: C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-31]
CHR Extension: (Google Docs) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-31]
CHR Extension: (Google Drive) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-31]
CHR Extension: (YouTube) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-31]
CHR Extension: (Google Search) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-31]
CHR Extension: (Kaspersky Protection) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-01-31]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-01-31]
CHR Extension: (Google Sheets) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-31]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-31]
CHR Extension: (Gmail) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-31]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-03-19] (Emsisoft GmbH)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R2 EkaProt6; C:\Windows\system32\DRIVERS\ekaprot6.sys [27288 2012-03-23] (Ekahau Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [150536 2014-12-31] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [247480 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [800440 2015-03-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [68616 2014-12-31] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [77512 2014-12-31] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-05-19] ()
S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-05-19] ()
S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700296 2014-05-19] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-19 18:03 - 2015-03-19 18:03 - 00001153 _____ () C:\Users\Markus\Desktop\sec-checkup.txt
2015-03-19 17:59 - 2015-03-19 17:59 - 00002456 _____ () C:\Users\Markus\Desktop\emsi_a2scan_150319-153426.txt
2015-03-19 15:31 - 2015-03-19 15:32 - 00000000 ____D () C:\EEK
2015-03-19 15:31 - 2015-03-19 15:31 - 00000748 _____ () C:\Users\Markus\Desktop\Start Emsisoft Emergency Kit.lnk
2015-03-19 15:26 - 2015-03-19 15:28 - 164044728 _____ () C:\Users\Markus\Desktop\EmsisoftEmergencyKit.exe
2015-03-19 15:16 - 2015-03-19 15:16 - 00000000 ___HD () C:\OneDriveTemp
2015-03-19 11:47 - 2015-03-19 11:47 - 00001858 _____ () C:\Users\Markus\Downloads\calender.ics
2015-03-17 19:36 - 2015-03-17 19:36 - 00852604 _____ () C:\Users\Markus\Desktop\SecurityCheck.exe
2015-03-16 17:38 - 2015-03-16 17:38 - 00018423 _____ () C:\Users\Markus\Desktop\Addition.txt
2015-03-16 17:37 - 2015-03-19 18:04 - 00028249 _____ () C:\Users\Markus\Desktop\FRST.txt
2015-03-16 16:55 - 2015-03-16 16:58 - 00000624 _____ () C:\Users\Markus\Desktop\JRT.txt
2015-03-16 16:50 - 2015-03-16 16:50 - 00005165 _____ () C:\Users\Markus\Desktop\AdwCleaner[S0].txt
2015-03-16 16:44 - 2015-03-16 16:45 - 00005679 _____ () C:\Users\Markus\Desktop\AdwCleaner[R0].txt
2015-03-16 16:41 - 2015-03-16 16:50 - 00000000 ____D () C:\AdwCleaner
2015-03-16 16:14 - 2015-03-19 17:14 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-16 16:14 - 2015-03-16 16:14 - 00001111 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-16 16:14 - 2015-03-16 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-16 16:14 - 2015-03-16 16:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-16 16:14 - 2015-03-16 16:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-16 16:14 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-16 16:14 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-16 16:14 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-16 16:12 - 2015-03-16 16:12 - 01388333 _____ (Thisisu) C:\Users\Markus\Desktop\JRT.exe
2015-03-16 16:11 - 2015-03-16 16:11 - 02171392 _____ () C:\Users\Markus\Desktop\AdwCleaner_4.112.exe
2015-03-16 16:10 - 2015-03-16 16:10 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Markus\Desktop\mbam-setup-2.0.4.1028.exe
2015-03-16 13:18 - 2015-03-16 13:18 - 00368689 _____ () C:\Users\Markus\Desktop\gmer-vorher.txt
2015-03-16 13:05 - 2015-03-16 13:05 - 00035342 _____ () C:\Users\Markus\Desktop\Addition-vorher.txt
2015-03-16 13:04 - 2015-03-16 13:05 - 00045325 _____ () C:\Users\Markus\Desktop\FRST-vorher.txt
2015-03-16 13:03 - 2015-03-16 13:03 - 00000474 _____ () C:\Users\Markus\Desktop\defogger_disable-vorher.log
2015-03-16 13:03 - 2015-03-16 13:03 - 00000000 _____ () C:\Users\Markus\defogger_reenable
2015-03-16 13:00 - 2015-03-16 13:00 - 00380416 _____ () C:\Users\Markus\Desktop\Gmer-19357.exe
2015-03-16 12:57 - 2015-03-16 12:57 - 00050477 _____ () C:\Users\Markus\Desktop\Defogger.exe
2015-03-16 10:44 - 2015-03-16 10:44 - 00423960 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-16 08:33 - 2015-03-19 18:04 - 00000000 ____D () C:\FRST
2015-03-16 08:32 - 2015-03-16 08:32 - 02095616 _____ (Farbar) C:\Users\Markus\Desktop\FRST64.exe
2015-03-15 17:38 - 2015-03-15 17:38 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-15 17:37 - 2015-03-15 17:37 - 02347384 _____ (ESET) C:\Users\Markus\Desktop\esetsmartinstaller_deu.exe
2015-03-12 08:51 - 2015-02-23 11:52 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-12 08:51 - 2015-02-23 11:52 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-12 08:51 - 2015-02-23 11:51 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-12 08:51 - 2015-02-23 11:51 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2015-03-12 08:51 - 2015-02-23 11:51 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-12 08:51 - 2015-02-23 11:51 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-12 08:51 - 2015-02-23 11:51 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 19301888 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 15410688 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 02656256 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-12 08:51 - 2015-02-23 11:50 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-12 08:51 - 2015-02-23 11:49 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-12 08:51 - 2015-02-23 10:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-12 08:51 - 2015-02-23 10:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2015-03-12 08:51 - 2015-02-23 09:51 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-12 08:51 - 2015-02-21 06:31 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-12 08:51 - 2015-02-21 06:31 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-12 08:51 - 2015-02-21 06:31 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-12 08:51 - 2015-02-21 06:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 14380544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 13768704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-12 08:51 - 2015-02-21 06:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-12 08:51 - 2015-02-21 06:29 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-12 08:51 - 2015-02-21 06:29 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-12 08:51 - 2015-02-21 06:29 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-12 08:51 - 2015-02-21 06:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-12 08:51 - 2015-02-21 06:07 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2015-03-12 08:51 - 2015-02-21 05:42 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-03-12 08:51 - 2015-02-21 04:00 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2015-03-12 08:51 - 2015-02-20 14:59 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 08:51 - 2015-02-20 12:56 - 00366592 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 08:51 - 2015-02-20 09:10 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-12 08:51 - 2015-02-20 08:24 - 00304128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-12 08:51 - 2015-01-29 09:05 - 01627648 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 08:51 - 2015-01-29 07:19 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-12 08:51 - 2015-01-24 07:42 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-12 08:51 - 2015-01-24 06:00 - 00243712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-12 08:51 - 2015-01-20 07:41 - 01120256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 08:51 - 2015-01-20 06:10 - 00892416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-12 08:50 - 2015-03-06 08:39 - 00588800 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-03-12 08:50 - 2015-03-06 08:39 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-12 08:50 - 2015-03-06 06:48 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-03-12 08:50 - 2015-03-06 06:48 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-12 08:50 - 2015-02-26 05:35 - 04063232 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 08:50 - 2015-02-17 07:54 - 19777536 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-12 08:50 - 2015-02-17 06:13 - 17561600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-12 08:50 - 2015-02-13 00:18 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-03-12 08:50 - 2015-02-03 00:18 - 00569712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-12 08:50 - 2015-01-31 14:48 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-03-12 08:50 - 2015-01-31 06:55 - 00275712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-03-12 08:50 - 2015-01-29 09:45 - 06973248 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-12 08:50 - 2015-01-24 07:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 08:50 - 2015-01-24 06:00 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-12 08:50 - 2015-01-24 05:31 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-02-26 19:08 - 2015-01-09 07:43 - 00951808 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-02-26 19:08 - 2015-01-09 06:03 - 00601088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-02-26 19:08 - 2015-01-09 00:52 - 00478296 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-26 19:08 - 2015-01-09 00:52 - 00478296 _____ () C:\Windows\system32\locale.nls
2015-02-21 16:13 - 2015-02-21 16:13 - 00001758 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-21 16:13 - 2015-02-21 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-21 16:12 - 2015-02-21 16:12 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-21 16:12 - 2015-02-21 16:12 - 00000000 ____D () C:\Program Files\iTunes
2015-02-21 16:12 - 2015-02-21 16:12 - 00000000 ____D () C:\Program Files\iPod
2015-02-17 15:30 - 2015-02-17 15:30 - 01691808 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-19 18:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2015-03-19 17:53 - 2014-03-12 08:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-19 17:34 - 2014-01-19 15:20 - 02076267 _____ () C:\Windows\WindowsUpdate.log
2015-03-19 17:33 - 2014-12-31 13:08 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-19 17:32 - 2015-01-31 12:21 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-19 15:55 - 2014-01-19 15:29 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1453455567-1448806520-3706449659-1001
2015-03-19 15:30 - 2013-04-09 14:55 - 00000000 ____D () C:\Users\Markus\Documents\Outlook-Dateien
2015-03-19 15:26 - 2014-04-13 09:12 - 00005132 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MARKUS-CSL-Markus Markus-CSL
2015-03-19 15:16 - 2015-01-31 12:21 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-19 15:16 - 2014-05-02 13:25 - 00000000 ___RD () C:\Users\Markus\OneDrive
2015-03-19 15:16 - 2014-03-11 20:03 - 00000000 ____D () C:\Users\Markus\AppData\Local\85423F51-9E93-4B10-9C27-D81091799579.aplzod
2015-03-19 15:15 - 2014-09-23 19:32 - 00000000 ___RD () C:\Users\Markus\iCloudDrive
2015-03-19 08:08 - 2012-07-26 11:27 - 00751892 _____ () C:\Windows\system32\perfh007.dat
2015-03-19 08:08 - 2012-07-26 11:27 - 00155620 _____ () C:\Windows\system32\perfc007.dat
2015-03-19 08:08 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-19 08:03 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-16 16:46 - 2014-01-19 15:14 - 00018608 _____ () C:\Windows\PFRO.log
2015-03-16 16:45 - 2012-07-26 06:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-03-16 13:03 - 2014-01-19 15:19 - 00000000 ____D () C:\Users\Markus
2015-03-16 11:00 - 2014-08-15 11:39 - 00001044 _____ () C:\Windows\Tasks\Paragon Archive name diff_150814103756306.job
2015-03-15 17:30 - 2012-07-26 08:21 - 00044132 _____ () C:\Windows\setupact.log
2015-03-14 15:24 - 2014-01-19 19:43 - 00000000 ____D () C:\SW DL
2015-03-14 10:37 - 2015-01-31 12:22 - 00002180 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-12 17:50 - 2013-04-06 10:07 - 00000000 ___RD () C:\Users\Markus\Podcasts
2015-03-12 10:46 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2015-03-12 10:18 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 10:18 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 10:18 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-12 10:18 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-12 10:07 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-03-12 09:49 - 2014-01-19 20:51 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-12 09:49 - 2014-01-19 20:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-12 09:49 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ToastData
2015-03-12 09:49 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2015-03-12 09:49 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-03-12 09:43 - 2014-01-20 16:38 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 09:43 - 2012-07-26 06:26 - 00000202 _____ () C:\Windows\win.ini
2015-03-12 09:40 - 2014-01-20 16:38 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-12 09:21 - 2013-07-06 15:26 - 00000000 ____D () C:\Users\Markus\Documents\Eigene Scans
2015-03-12 08:31 - 2014-05-02 13:25 - 00002251 _____ () C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-03-10 19:21 - 2014-08-20 18:04 - 00800440 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-03-04 22:24 - 2014-10-18 12:17 - 00791496 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-04 22:24 - 2014-10-18 12:17 - 00177608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-23 20:35 - 2014-01-19 15:21 - 00000000 ____D () C:\Users\Markus\AppData\Local\VirtualStore
2015-02-22 17:09 - 2013-03-19 19:22 - 00000000 ____D () C:\Users\Markus\AppData\Local\Packages
2015-02-21 16:15 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-21 16:12 - 2014-01-28 16:54 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-21 16:12 - 2014-01-28 16:53 - 00000000 ____D () C:\Program Files\Common Files\Apple

==================== Files in the root of some directories =======

2014-01-27 13:17 - 2014-01-27 15:37 - 0000822 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Markus\AppData\Local\Temp\FoxySecuritySetup.exe
C:\Users\Markus\AppData\Local\Temp\ose00000.exe
C:\Users\Markus\AppData\Local\Temp\Quarantine.exe
C:\Users\Markus\AppData\Local\Temp\sqlite3.dll
C:\Users\Markus\AppData\Local\Temp\vlc-2.1.5-win64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-17 20:17

==================== End Of Log ============================

--- --- ---

sieht ganz gut aus - PC verhalten ist wieder normal.
DANKE

schrauber · 20.03.2015, 06:35

Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren

Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
Klicke auf OK.
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

win8: IE10 langsam / bleibt hängen; windows explorer langsam; system z.t. langsam

Log-Analyse und Auswertung: win8: IE10 langsam / bleibt hängen; windows explorer langsam; system z.t. langsam