| |
| |||||||
Log-Analyse und Auswertung: Win 8.1 Pro - Notebook täuscht herunterfahren vor, externe Lüfter bleiben angeschaltet. Systemstart etc. stark verlangsamtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
11.04.2015, 09:49
| #1 |
 |  Win 8.1 Pro - Notebook täuscht herunterfahren vor, externe Lüfter bleiben angeschaltet. Systemstart etc. stark verlangsamt Hallo liebe Helfer, mein Notebook macht mal wieder Probleme, das Gerät wurde bereits in Reparatur zum Hersteller geschickt und nun scheint eine weitere Reparatur in Aussicht. Zuletzt wurde die Hauptplatine vollständig ausgewechselt. Danach funktionierte alles wieder einwandfrei. Der Laptop täuscht das Herunterfahren vor, alle Lichter schalten zwar aus, aber der externe Lüfter bleibt an, was sonst nicht der Fall war. Lediglich das Entfernen von Netzteil und Akku hilft da weiter. Der Systemstart verläuft zunächst in gewohnter Geschwindigkeit, aber nach dem Microsoftladebild, endet das Notebook in einen 1-5 minütigen schwarzen Bildschirm, bevor zum Anmeldefenster gelange. Anwendungen, die Administratorrechte benötigen, brauchen länger bis das Fenster zum Zulassen der Anwendung sich öffnet. Letztenendes habe ich mich für eine Neuinstallation entschieden, jedoch ist das Problem damit nicht behoben worden. Die Partition wurde formatiert. Treiber sollten auf dem neusten Stand sein. Außerdem sehr auffällig, sobald eine Anwendung geöffnet ist, läuft diese lückenlos und ohne Probleme. Auffällig wurde das Verhalten des Notebooks übrigens erst nach dem Urlaub bei der Familie. Internetnutzung erfolgte immer mit dem Firefox, Adblock Plus und NoScript waren meistens in Anwendung. So nun zu den Logfiles - Defogger hatte eine Fehlermeldung/konnte wohl nicht ausgeführt werden. defogger_disable.txt Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 08:52 on 11/04/2015 (Installer)
Checking for autostart values...
Unable to open HKCU\~\Run key (2)
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-11 09:29:54
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000032 ST500LT012-9WS142 rev.0001SDM1 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\INSTAL~1\AppData\Local\Temp\pwldypow.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd31f73e10 7 bytes JMP 00007ffe31800260
.text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd31f73e20 7 bytes JMP 00007ffe31800298
.text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd320239b0 7 bytes JMP 00007ffe31800340
.text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd32023ef0 7 bytes JMP 00007ffe318002d0
.text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd32023fe0 7 bytes JMP 00007ffe31800308
.text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd320506c0 7 bytes JMP 00007ffe318001f0
.text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd32050730 7 bytes JMP 00007ffe31800228
.text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd318121d0 5 bytes JMP 00007ffe31800180
.text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd318129d0 7 bytes JMP 00007ffe318000d8
.text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd31814310 5 bytes JMP 00007ffe31800110
.text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd31818d80 5 bytes JMP 00007ffe31800148
.text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd3188f0b0 5 bytes JMP 00007ffe318001b8
.text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd33c86d90 1 byte JMP 00007ffe31800420
.text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ffd33c86d92 8 bytes {JMP 0xfffffffffdb79690}
.text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd33c974a0 5 bytes JMP 00007ffe318003e8
.text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd33c97560 9 bytes JMP 00007ffe31800378
.text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd33c97730 5 bytes JMP 00007ffe31800458
.text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd33ca6b10 5 bytes JMP 00007ffe318003b0
.text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd324b1500 1 byte JMP 00007ffe31800490
.text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd324b1502 6 bytes {JMP 0xffffffffff34ef90}
.text C:\Windows\system32\dwm.exe[908] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd324b1750 8 bytes JMP 00007ffe318004c8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd31f73e10 7 bytes JMP 00007ffe31800260
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd31f73e20 7 bytes JMP 00007ffe31800298
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd320239b0 7 bytes JMP 00007ffe31800340
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd32023ef0 7 bytes JMP 00007ffe318002d0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd32023fe0 7 bytes JMP 00007ffe31800308
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd320506c0 7 bytes JMP 00007ffe318001f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd32050730 7 bytes JMP 00007ffe31800228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd318121d0 5 bytes JMP 00007ffe31800180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd318129d0 7 bytes JMP 00007ffe318000d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd31814310 5 bytes JMP 00007ffe31800110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd31818d80 5 bytes JMP 00007ffe31800148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd3188f0b0 5 bytes JMP 00007ffe318001b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffd31c6d050 7 bytes JMP 00007ffe31800500
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd31c9b170 5 bytes JMP 00007ffe31800538
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd33c86d90 1 byte JMP 00007ffe31800420
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ffd33c86d92 8 bytes {JMP 0xfffffffffdb79690}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd33c974a0 5 bytes JMP 00007ffe318003e8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd33c97560 9 bytes JMP 00007ffe31800378
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd33c97730 5 bytes JMP 00007ffe31800458
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd33ca6b10 5 bytes JMP 00007ffe318003b0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd324b1500 1 byte JMP 00007ffe31800490
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd324b1502 6 bytes {JMP 0xffffffffff34ef90}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[976] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd324b1750 8 bytes JMP 00007ffe318004c8
.text C:\Windows\system32\taskhostex.exe[2432] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd31f73e10 7 bytes JMP 00007ffe31800260
.text C:\Windows\system32\taskhostex.exe[2432] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd31f73e20 7 bytes JMP 00007ffe31800298
.text C:\Windows\system32\taskhostex.exe[2432] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd320239b0 7 bytes JMP 00007ffe31800340
.text C:\Windows\system32\taskhostex.exe[2432] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd32023ef0 7 bytes JMP 00007ffe318002d0
.text C:\Windows\system32\taskhostex.exe[2432] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd32023fe0 7 bytes JMP 00007ffe31800308
.text C:\Windows\system32\taskhostex.exe[2432] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd320506c0 7 bytes JMP 00007ffe318001f0
.text C:\Windows\system32\taskhostex.exe[2432] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd32050730 7 bytes JMP 00007ffe31800228
.text C:\Windows\system32\taskhostex.exe[2432] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd318121d0 5 bytes JMP 00007ffe31800180
.text C:\Windows\system32\taskhostex.exe[2432] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd318129d0 7 bytes JMP 00007ffe318000d8
.text C:\Windows\system32\taskhostex.exe[2432] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd31814310 5 bytes JMP 00007ffe31800110
.text C:\Windows\system32\taskhostex.exe[2432] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd31818d80 5 bytes JMP 00007ffe31800148
.text C:\Windows\system32\taskhostex.exe[2432] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd3188f0b0 5 bytes JMP 00007ffe318001b8
.text C:\Windows\system32\taskhostex.exe[2432] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW 00007ffd33c86d90 1 byte JMP 00007ffe31800420
.text C:\Windows\system32\taskhostex.exe[2432] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 2 00007ffd33c86d92 8 bytes {JMP 0xfffffffffdb79690}
.text C:\Windows\system32\taskhostex.exe[2432] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesW 00007ffd33c974a0 5 bytes JMP 00007ffe318003e8
.text C:\Windows\system32\taskhostex.exe[2432] C:\Windows\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo 00007ffd33c97560 9 bytes JMP 00007ffe31800378
.text C:\Windows\system32\taskhostex.exe[2432] C:\Windows\SYSTEM32\user32.dll!ChangeDisplaySettingsExW 00007ffd33c97730 5 bytes JMP 00007ffe31800458
.text C:\Windows\system32\taskhostex.exe[2432] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesA 00007ffd33ca6b10 5 bytes JMP 00007ffe318003b0
.text C:\Windows\system32\taskhostex.exe[2432] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd324b1500 1 byte JMP 00007ffe31800490
.text C:\Windows\system32\taskhostex.exe[2432] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd324b1502 6 bytes {JMP 0xffffffffff34ef90}
.text C:\Windows\system32\taskhostex.exe[2432] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd324b1750 8 bytes JMP 00007ffe318004c8
.text C:\Windows\System32\InputMethod\KOR\KorIME.exe[2596] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd31f73e10 7 bytes JMP 00007ffe31800260
.text C:\Windows\System32\InputMethod\KOR\KorIME.exe[2596] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd31f73e20 7 bytes JMP 00007ffe31800298
.text C:\Windows\System32\InputMethod\KOR\KorIME.exe[2596] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd320239b0 7 bytes JMP 00007ffe31800340
.text C:\Windows\System32\InputMethod\KOR\KorIME.exe[2596] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd32023ef0 7 bytes JMP 00007ffe318002d0
.text C:\Windows\System32\InputMethod\KOR\KorIME.exe[2596] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd32023fe0 7 bytes JMP 00007ffe31800308
.text C:\Windows\System32\InputMethod\KOR\KorIME.exe[2596] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd320506c0 7 bytes JMP 00007ffe318001f0
.text C:\Windows\System32\InputMethod\KOR\KorIME.exe[2596] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd32050730 7 bytes JMP 00007ffe31800228
.text C:\Windows\System32\InputMethod\KOR\KorIME.exe[2596] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd318121d0 5 bytes JMP 00007ffe31800180
.text C:\Windows\System32\InputMethod\KOR\KorIME.exe[2596] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd318129d0 7 bytes JMP 00007ffe318000d8
.text C:\Windows\System32\InputMethod\KOR\KorIME.exe[2596] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd31814310 5 bytes JMP 00007ffe31800110
.text C:\Windows\System32\InputMethod\KOR\KorIME.exe[2596] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd31818d80 5 bytes JMP 00007ffe31800148
.text C:\Windows\System32\InputMethod\KOR\KorIME.exe[2596] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd3188f0b0 5 bytes JMP 00007ffe318001b8
.text C:\Windows\System32\InputMethod\KOR\KorIME.exe[2596] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffd31c6d050 7 bytes JMP 00007ffe31800500
.text C:\Windows\System32\InputMethod\KOR\KorIME.exe[2596] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd31c9b170 5 bytes JMP 00007ffe31800538
.text C:\Windows\System32\InputMethod\KOR\KorIME.exe[2596] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd33c86d90 1 byte JMP 00007ffe31800420
.text C:\Windows\System32\InputMethod\KOR\KorIME.exe[2596] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ffd33c86d92 8 bytes {JMP 0xfffffffffdb79690}
.text C:\Windows\System32\InputMethod\KOR\KorIME.exe[2596] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd33c974a0 5 bytes JMP 00007ffe318003e8
.text C:\Windows\System32\InputMethod\KOR\KorIME.exe[2596] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd33c97560 9 bytes JMP 00007ffe31800378
.text C:\Windows\System32\InputMethod\KOR\KorIME.exe[2596] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd33c97730 5 bytes JMP 00007ffe31800458
.text C:\Windows\System32\InputMethod\KOR\KorIME.exe[2596] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd33ca6b10 5 bytes JMP 00007ffe318003b0
.text C:\Windows\System32\InputMethod\KOR\KorIME.exe[2596] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd324b1500 1 byte JMP 00007ffe31800490
.text C:\Windows\System32\InputMethod\KOR\KorIME.exe[2596] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd324b1502 6 bytes {JMP 0xffffffffff34ef90}
.text C:\Windows\System32\InputMethod\KOR\KorIME.exe[2596] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd324b1750 8 bytes JMP 00007ffe318004c8
.text C:\Windows\system32\igfxEM.exe[2748] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd31f73e10 7 bytes JMP 00007ffe31800260
.text C:\Windows\system32\igfxEM.exe[2748] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd31f73e20 7 bytes JMP 00007ffe31800298
.text C:\Windows\system32\igfxEM.exe[2748] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd320239b0 7 bytes JMP 00007ffe31800340
.text C:\Windows\system32\igfxEM.exe[2748] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd32023ef0 7 bytes JMP 00007ffe318002d0
.text C:\Windows\system32\igfxEM.exe[2748] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd32023fe0 7 bytes JMP 00007ffe31800308
.text C:\Windows\system32\igfxEM.exe[2748] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd320506c0 7 bytes JMP 00007ffe318001f0
.text C:\Windows\system32\igfxEM.exe[2748] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd32050730 7 bytes JMP 00007ffe31800228
.text C:\Windows\system32\igfxEM.exe[2748] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd318121d0 5 bytes JMP 00007ffe31800180
.text C:\Windows\system32\igfxEM.exe[2748] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd318129d0 7 bytes JMP 00007ffe318000d8
.text C:\Windows\system32\igfxEM.exe[2748] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd31814310 5 bytes JMP 00007ffe31800110
.text C:\Windows\system32\igfxEM.exe[2748] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd31818d80 5 bytes JMP 00007ffe31800148
.text C:\Windows\system32\igfxEM.exe[2748] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd3188f0b0 5 bytes JMP 00007ffe318001b8
.text C:\Windows\system32\igfxEM.exe[2748] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd33c86d90 1 byte JMP 00007ffe31800420
.text C:\Windows\system32\igfxEM.exe[2748] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ffd33c86d92 8 bytes {JMP 0xfffffffffdb79690}
.text C:\Windows\system32\igfxEM.exe[2748] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd33c974a0 5 bytes JMP 00007ffe318003e8
.text C:\Windows\system32\igfxEM.exe[2748] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd33c97560 9 bytes JMP 00007ffe31800378
.text C:\Windows\system32\igfxEM.exe[2748] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd33c97730 5 bytes JMP 00007ffe31800458
.text C:\Windows\system32\igfxEM.exe[2748] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd33ca6b10 5 bytes JMP 00007ffe318003b0
.text C:\Windows\system32\igfxEM.exe[2748] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd324b1500 1 byte JMP 00007ffe31800490
.text C:\Windows\system32\igfxEM.exe[2748] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd324b1502 6 bytes {JMP 0xffffffffff34ef90}
.text C:\Windows\system32\igfxEM.exe[2748] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd324b1750 8 bytes JMP 00007ffe318004c8
.text C:\Windows\system32\igfxEM.exe[2748] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffd31c6d050 7 bytes JMP 00007ffe31800500
.text C:\Windows\system32\igfxEM.exe[2748] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd31c9b170 5 bytes JMP 00007ffe31800538
.text C:\Windows\system32\igfxHK.exe[2780] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd31f73e10 7 bytes JMP 00007ffe31800260
.text C:\Windows\system32\igfxHK.exe[2780] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd31f73e20 7 bytes JMP 00007ffe31800298
.text C:\Windows\system32\igfxHK.exe[2780] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd320239b0 7 bytes JMP 00007ffe31800340
.text C:\Windows\system32\igfxHK.exe[2780] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd32023ef0 7 bytes JMP 00007ffe318002d0
.text C:\Windows\system32\igfxHK.exe[2780] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd32023fe0 7 bytes JMP 00007ffe31800308
.text C:\Windows\system32\igfxHK.exe[2780] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd320506c0 7 bytes JMP 00007ffe318001f0
.text C:\Windows\system32\igfxHK.exe[2780] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd32050730 7 bytes JMP 00007ffe31800228
.text C:\Windows\system32\igfxHK.exe[2780] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd318121d0 5 bytes JMP 00007ffe31800180
.text C:\Windows\system32\igfxHK.exe[2780] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd318129d0 7 bytes JMP 00007ffe318000d8
.text C:\Windows\system32\igfxHK.exe[2780] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd31814310 5 bytes JMP 00007ffe31800110
.text C:\Windows\system32\igfxHK.exe[2780] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd31818d80 5 bytes JMP 00007ffe31800148
.text C:\Windows\system32\igfxHK.exe[2780] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd3188f0b0 5 bytes JMP 00007ffe318001b8
.text C:\Windows\system32\igfxHK.exe[2780] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd33c86d90 1 byte JMP 00007ffe31800420
.text C:\Windows\system32\igfxHK.exe[2780] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ffd33c86d92 8 bytes {JMP 0xfffffffffdb79690}
.text C:\Windows\system32\igfxHK.exe[2780] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd33c974a0 5 bytes JMP 00007ffe318003e8
.text C:\Windows\system32\igfxHK.exe[2780] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd33c97560 9 bytes JMP 00007ffe31800378
.text C:\Windows\system32\igfxHK.exe[2780] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd33c97730 5 bytes JMP 00007ffe31800458
.text C:\Windows\system32\igfxHK.exe[2780] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd33ca6b10 5 bytes JMP 00007ffe318003b0
.text C:\Windows\system32\igfxHK.exe[2780] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd324b1500 1 byte JMP 00007ffe31800490
.text C:\Windows\system32\igfxHK.exe[2780] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd324b1502 6 bytes {JMP 0xffffffffff34ef90}
.text C:\Windows\system32\igfxHK.exe[2780] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd324b1750 8 bytes JMP 00007ffe318004c8
.text C:\Windows\system32\igfxHK.exe[2780] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffd31c6d050 7 bytes JMP 00007ffe31800500
.text C:\Windows\system32\igfxHK.exe[2780] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd31c9b170 5 bytes JMP 00007ffe31800538
.text C:\Windows\System32\skydrive.exe[3340] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd31f73e10 7 bytes JMP 00007ffe31800260
.text C:\Windows\System32\skydrive.exe[3340] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd31f73e20 7 bytes JMP 00007ffe31800298
.text C:\Windows\System32\skydrive.exe[3340] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd320239b0 7 bytes JMP 00007ffe31800340
.text C:\Windows\System32\skydrive.exe[3340] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd32023ef0 7 bytes JMP 00007ffe318002d0
.text C:\Windows\System32\skydrive.exe[3340] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd32023fe0 7 bytes JMP 00007ffe31800308
.text C:\Windows\System32\skydrive.exe[3340] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd320506c0 7 bytes JMP 00007ffe318001f0
.text C:\Windows\System32\skydrive.exe[3340] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd32050730 7 bytes JMP 00007ffe31800228
.text C:\Windows\System32\skydrive.exe[3340] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd318121d0 5 bytes JMP 00007ffe31800180
.text C:\Windows\System32\skydrive.exe[3340] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd318129d0 7 bytes JMP 00007ffe318000d8
.text C:\Windows\System32\skydrive.exe[3340] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd31814310 5 bytes JMP 00007ffe31800110
.text C:\Windows\System32\skydrive.exe[3340] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd31818d80 5 bytes JMP 00007ffe31800148
.text C:\Windows\System32\skydrive.exe[3340] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd3188f0b0 5 bytes JMP 00007ffe318001b8
.text C:\Windows\System32\skydrive.exe[3340] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffd31c6d050 7 bytes JMP 00007ffe31800500
.text C:\Windows\System32\skydrive.exe[3340] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd31c9b170 5 bytes JMP 00007ffe31800538
.text C:\Windows\System32\skydrive.exe[3340] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd324b1500 1 byte JMP 00007ffe31800490
.text C:\Windows\System32\skydrive.exe[3340] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd324b1502 6 bytes {JMP 0xffffffffff34ef90}
.text C:\Windows\System32\skydrive.exe[3340] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd324b1750 8 bytes JMP 00007ffe318004c8
.text C:\Windows\System32\skydrive.exe[3340] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd33c86d90 1 byte JMP 00007ffe31800420
.text C:\Windows\System32\skydrive.exe[3340] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ffd33c86d92 8 bytes {JMP 0xfffffffffdb79690}
.text C:\Windows\System32\skydrive.exe[3340] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd33c974a0 5 bytes JMP 00007ffe318003e8
.text C:\Windows\System32\skydrive.exe[3340] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd33c97560 9 bytes JMP 00007ffe31800378
.text C:\Windows\System32\skydrive.exe[3340] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd33c97730 5 bytes JMP 00007ffe31800458
.text C:\Windows\System32\skydrive.exe[3340] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd33ca6b10 5 bytes JMP 00007ffe318003b0
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[3736] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd31f73e10 7 bytes JMP 00007ffe31800260
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[3736] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd31f73e20 7 bytes JMP 00007ffe31800298
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[3736] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd320239b0 7 bytes JMP 00007ffe31800340
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[3736] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd32023ef0 7 bytes JMP 00007ffe318002d0
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[3736] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd32023fe0 7 bytes JMP 00007ffe31800308
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[3736] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd320506c0 7 bytes JMP 00007ffe318001f0
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[3736] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd32050730 7 bytes JMP 00007ffe31800228
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[3736] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd318121d0 5 bytes JMP 00007ffe31800180
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[3736] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd318129d0 7 bytes JMP 00007ffe318000d8
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[3736] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd31814310 5 bytes JMP 00007ffe31800110
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[3736] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd31818d80 5 bytes JMP 00007ffe31800148
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[3736] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd3188f0b0 5 bytes JMP 00007ffe318001b8
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[3736] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd33c86d90 1 byte JMP 00007ffe31800420
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[3736] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ffd33c86d92 8 bytes {JMP 0xfffffffffdb79690}
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[3736] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd33c974a0 5 bytes JMP 00007ffe318003e8
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[3736] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd33c97560 9 bytes JMP 00007ffe31800378
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[3736] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd33c97730 5 bytes JMP 00007ffe31800458
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[3736] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd33ca6b10 5 bytes JMP 00007ffe318003b0
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[3736] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd324b1500 1 byte JMP 00007ffe31800490
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[3736] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd324b1502 6 bytes {JMP 0xffffffffff34ef90}
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[3736] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd324b1750 8 bytes JMP 00007ffe318004c8
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[3736] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffd31c6d050 7 bytes JMP 00007ffe31800500
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[3736] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd31c9b170 5 bytes JMP 00007ffe31800538
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[3948] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd31f73e10 7 bytes JMP 00007ffe31800260
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[3948] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd31f73e20 7 bytes JMP 00007ffe31800298
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[3948] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd320239b0 7 bytes JMP 00007ffe31800340
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[3948] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd32023ef0 7 bytes JMP 00007ffe318002d0
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[3948] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd32023fe0 7 bytes JMP 00007ffe31800308
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[3948] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd320506c0 7 bytes JMP 00007ffe318001f0
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[3948] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd32050730 7 bytes JMP 00007ffe31800228
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[3948] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd318121d0 5 bytes JMP 00007ffe31800180
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[3948] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd318129d0 7 bytes JMP 00007ffe318000d8
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[3948] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd31814310 5 bytes JMP 00007ffe31800110
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[3948] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd31818d80 5 bytes JMP 00007ffe31800148
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[3948] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd3188f0b0 5 bytes JMP 00007ffe318001b8
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[3948] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd33c86d90 1 byte JMP 00007ffe31800420
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[3948] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ffd33c86d92 8 bytes {JMP 0xfffffffffdb79690}
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[3948] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd33c974a0 5 bytes JMP 00007ffe318003e8
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[3948] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd33c97560 9 bytes JMP 00007ffe31800378
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[3948] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd33c97730 5 bytes JMP 00007ffe31800458
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[3948] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd33ca6b10 5 bytes JMP 00007ffe318003b0
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[3948] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd324b1500 1 byte JMP 00007ffe31800490
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[3948] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd324b1502 6 bytes {JMP 0xffffffffff34ef90}
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[3948] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd324b1750 8 bytes JMP 00007ffe318004c8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3984] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd31f73e10 7 bytes JMP 00007ffe31800260
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3984] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd31f73e20 7 bytes JMP 00007ffe31800298
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3984] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd320239b0 7 bytes JMP 00007ffe31800340
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3984] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd32023ef0 7 bytes JMP 00007ffe318002d0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3984] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd32023fe0 7 bytes JMP 00007ffe31800308
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3984] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd320506c0 7 bytes JMP 00007ffe318001f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3984] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd32050730 7 bytes JMP 00007ffe31800228
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3984] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd318121d0 5 bytes JMP 00007ffe31800180
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3984] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd318129d0 7 bytes JMP 00007ffe318000d8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3984] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd31814310 5 bytes JMP 00007ffe31800110
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3984] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd31818d80 5 bytes JMP 00007ffe31800148
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3984] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd3188f0b0 5 bytes JMP 00007ffe318001b8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3984] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd33c86d90 1 byte JMP 00007ffe31800420
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3984] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ffd33c86d92 8 bytes {JMP 0xfffffffffdb79690}
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3984] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd33c974a0 5 bytes JMP 00007ffe318003e8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3984] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd33c97560 9 bytes JMP 00007ffe31800378
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3984] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd33c97730 5 bytes JMP 00007ffe31800458
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3984] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd33ca6b10 5 bytes JMP 00007ffe318003b0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3984] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd324b1500 1 byte JMP 00007ffe31800490
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3984] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd324b1502 6 bytes {JMP 0xffffffffff34ef90}
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3984] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd324b1750 8 bytes JMP 00007ffe318004c8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3984] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffd31c6d050 7 bytes JMP 00007ffe31800500
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3984] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd31c9b170 5 bytes JMP 00007ffe31800538
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd31f73e10 7 bytes JMP 00007ffe31800260
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd31f73e20 7 bytes JMP 00007ffe31800298
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd320239b0 7 bytes JMP 00007ffe31800340
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd32023ef0 7 bytes JMP 00007ffe318002d0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd32023fe0 7 bytes JMP 00007ffe31800308
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd320506c0 7 bytes JMP 00007ffe318001f0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd32050730 7 bytes JMP 00007ffe31800228
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd318121d0 5 bytes JMP 00007ffe31800180
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd318129d0 7 bytes JMP 00007ffe318000d8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd31814310 5 bytes JMP 00007ffe31800110
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd31818d80 5 bytes JMP 00007ffe31800148
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd3188f0b0 5 bytes JMP 00007ffe318001b8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd33c86d90 1 byte JMP 00007ffe31800420
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ffd33c86d92 8 bytes {JMP 0xfffffffffdb79690}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd33c974a0 5 bytes JMP 00007ffe318003e8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd33c97560 9 bytes JMP 00007ffe31800378
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd33c97730 5 bytes JMP 00007ffe31800458
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd33ca6b10 5 bytes JMP 00007ffe318003b0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd324b1500 1 byte JMP 00007ffe31800490
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd324b1502 6 bytes {JMP 0xffffffffff34ef90}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd324b1750 8 bytes JMP 00007ffe318004c8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffd31c6d050 7 bytes JMP 00007ffe31800500
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4060] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd31c9b170 5 bytes JMP 00007ffe31800538
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3164] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd31f73e10 7 bytes JMP 00007ffe31800260
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3164] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd31f73e20 7 bytes JMP 00007ffe31800298
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3164] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd320239b0 7 bytes JMP 00007ffe31800340
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3164] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd32023ef0 7 bytes JMP 00007ffe318002d0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3164] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd32023fe0 7 bytes JMP 00007ffe31800308
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3164] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd320506c0 7 bytes JMP 00007ffe318001f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3164] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd32050730 7 bytes JMP 00007ffe31800228
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3164] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd318121d0 5 bytes JMP 00007ffe31800180
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3164] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd318129d0 7 bytes JMP 00007ffe318000d8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3164] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd31814310 5 bytes JMP 00007ffe31800110
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3164] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd31818d80 5 bytes JMP 00007ffe31800148
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3164] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd3188f0b0 5 bytes JMP 00007ffe318001b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3164] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd33c86d90 1 byte JMP 00007ffe31800420
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3164] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ffd33c86d92 8 bytes {JMP 0xfffffffffdb79690}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3164] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd33c974a0 5 bytes JMP 00007ffe318003e8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3164] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd33c97560 9 bytes JMP 00007ffe31800378
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3164] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd33c97730 5 bytes JMP 00007ffe31800458
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3164] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd33ca6b10 5 bytes JMP 00007ffe318003b0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3164] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd324b1500 1 byte JMP 00007ffe31800490
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3164] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd324b1502 6 bytes {JMP 0xffffffffff34ef90}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3164] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd324b1750 8 bytes JMP 00007ffe318004c8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3164] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffd31c6d050 7 bytes JMP 00007ffe31800500
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3164] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd31c9b170 5 bytes JMP 00007ffe31800538
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3616] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd31f73e10 7 bytes JMP 00007ffe31800260
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3616] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd31f73e20 7 bytes JMP 00007ffe31800298
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3616] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd320239b0 7 bytes JMP 00007ffe31800340
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3616] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd32023ef0 7 bytes JMP 00007ffe318002d0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3616] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd32023fe0 7 bytes JMP 00007ffe31800308
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3616] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd320506c0 7 bytes JMP 00007ffe318001f0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3616] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd32050730 7 bytes JMP 00007ffe31800228
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3616] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd318121d0 5 bytes JMP 00007ffe31800180
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3616] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd318129d0 7 bytes JMP 00007ffe318000d8
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3616] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd31814310 5 bytes JMP 00007ffe31800110
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3616] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd31818d80 5 bytes JMP 00007ffe31800148
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3616] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd3188f0b0 5 bytes JMP 00007ffe318001b8
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3616] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd33c86d90 1 byte JMP 00007ffe31800420
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3616] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ffd33c86d92 8 bytes {JMP 0xfffffffffdb79690}
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3616] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd33c974a0 5 bytes JMP 00007ffe318003e8
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3616] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd33c97560 9 bytes JMP 00007ffe31800378
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3616] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd33c97730 5 bytes JMP 00007ffe31800458
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3616] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd33ca6b10 5 bytes JMP 00007ffe318003b0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3616] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd324b1500 1 byte JMP 00007ffe31800490
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3616] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd324b1502 6 bytes {JMP 0xffffffffff34ef90}
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3616] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd324b1750 8 bytes JMP 00007ffe318004c8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd31f73e10 7 bytes JMP 00007ffe31800260
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd31f73e20 7 bytes JMP 00007ffe31800298
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd320239b0 7 bytes JMP 00007ffe31800340
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd32023ef0 7 bytes JMP 00007ffe318002d0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd32023fe0 7 bytes JMP 00007ffe31800308
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd320506c0 7 bytes JMP 00007ffe318001f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd32050730 7 bytes JMP 00007ffe31800228
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd318121d0 5 bytes JMP 00007ffe31800180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd318129d0 7 bytes JMP 00007ffe318000d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd31814310 5 bytes JMP 00007ffe31800110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd31818d80 5 bytes JMP 00007ffe31800148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd3188f0b0 5 bytes JMP 00007ffe318001b8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd33c86d90 1 byte JMP 00007ffe31800420
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ffd33c86d92 8 bytes {JMP 0xfffffffffdb79690}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd33c974a0 5 bytes JMP 00007ffe318003e8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd33c97560 9 bytes JMP 00007ffe31800378
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd33c97730 5 bytes JMP 00007ffe31800458
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd33ca6b10 5 bytes JMP 00007ffe318003b0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd324b1500 1 byte JMP 00007ffe31800490
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd324b1502 6 bytes {JMP 0xffffffffff34ef90}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd324b1750 8 bytes JMP 00007ffe318004c8
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [576:608] fffff960008872d0
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control@LastBootSucceeded 0
Reg HKLM\SYSTEM\CurrentControlSet\Control@LastBootShutdown 0
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0xD7 0xB7 0x5D 0x45 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x67 0x0E 0xBA 0xA8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@de-DE 14
Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\CMN17350_32_07DC_E0^32E5A83C84F67081B9C9AD9E235CC62C@Timestamp 0x05 0x94 0xAE 0x6A ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 712
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???|t????????z???????????????????Sa?, ?Apr ?11 ?15, 08:20:25?????????????????????????????????????????????z?z??????????????????????????t??????&???~???????????????????????????&???~???????????????????????l??????????????????????? ???????????????????z????????????????????????????????????????????h??????????????????w???????????????????w?z?z?z????? ???????????????????w???????? ?????????????????????????????????????????E???? ???????????????????????????? ?????????????????????????????????????????E????? ??z??????????????????????????????????????????????? ??????????????????????????????????????????????????????? ???????????????????W??????????????????????????????????? ???????x?????????????Z????????????????????disk????????? ???????Z?????Z????????????????????&??????????????????????????z???Z???Z???Z???Z???Z???Z???Z????????????????? ???????z???????????Z??????????????????????? ???????#??????????????????????????$???????????????????????? ??????????????????? ??????????,?????????S?????? ,?????????????n???? ???????Z?????Z???????????????
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 3899994
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -993965583
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 17
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 439869015
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 3955
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 3381
Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 977043a7-eb2a-4218-af87-1097305
Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId 2
Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTATH_A2DP\Parameters@SrcHandle-Low 1242227472
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTATH_A2DP\Parameters@SnkHandle-Low 1242247792
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTATH_RCP\Parameters@Tg-Low 1242192672
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTATH_RCP\Parameters@Ctrl-Low 1273350880
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\485ab66d3c08
Reg HKLM\SYSTEM\CurrentControlSet\Services\bthserv\Parameters\BluetoothControlPanelTasks@State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{59653c25-4e9b-4d93-bebd-7eccc09cea27}@LastProbeTime 1428740427
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{C5DAC8BA-6524-45CA-A9F4-BD7270DDF426}@DefunctTimestamp 0x25 0xC8 0x28 0x55 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\9c-c7-a6-e4-df-ca@AddressCreationTimestamp 0x20 0x59 0x39 0x0B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\9c-c7-a6-e4-df-ca@UPnPExternalPort 58358
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\9c-c7-a6-e4-df-ca@TeredoAddress 2001:0:5ef5:79fd:30b3:1068:b009:8f64
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\9c-c7-a6-e4-df-ca@ClientLocalPort 58358
Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?Sa?, ?Apr ?11 ?15, 08:20:25???????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 2187
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 936
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-In v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=p2psvc|Name=@%systemroot%\system32\provsvc.dll,-200|Desc=@%systemroot%\system32\provsvc.dll,-201|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-Out v2.22|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|RPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=p2psvc|Name=@%systemroot%\system32\provsvc.dll,-203|Desc=@%systemroot%\system32\provsvc.dll,-204|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-In v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\system32\provsvc.dll,-205|Desc=@%systemroot%\system32\provsvc.dll,-206|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-Out v2.22|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|RPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\system32\provsvc.dll,-207|Desc=@%systemroot%\system32\provsvc.dll,-208|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|
Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 16
Reg HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS 499
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8BF65C5F-E4F6-4933-B6BA-F6D2D8CD62B3}@LeaseObtainedTime 1428733227
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8BF65C5F-E4F6-4933-B6BA-F6D2D8CD62B3}@T1 1429165227
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8BF65C5F-E4F6-4933-B6BA-F6D2D8CD62B3}@T2 1429489227
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8BF65C5F-E4F6-4933-B6BA-F6D2D8CD62B3}@LeaseTerminatesTime 1429597227
Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0
---- EOF - GMER 2.1 ----
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Installer at 2015-04-11 08:57:53
Running from C:\Users\Saskia\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Bitdefender Internet Security 2015 (HKLM\...\Bitdefender) (Version: 18.22.0.1521 - Bitdefender)
Broadcom NetLink Controller (HKLM\...\{7FBA83D7-D58E-4B70-9B9B-12E95B183B22}) (Version: 16.6.1.3 - Broadcom Corporation)
Gameforge Live 2.0.6 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.6 - Gameforge)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4156 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.322 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.33 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.28148 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.17 - Synaptics Incorporated)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 28 - Gameforge Productions GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2670663330-2170880695-2356555728-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
==================== Restore Points =========================
09-04-2015 21:04:44 DirectX wurde installiert
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {4C1DE6A3-6399-4744-BDC2-E3823EB619A0} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {55FCF95C-7867-4284-8C7A-F39FF05B8DC6} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\Windows\SYSTEM32\OOBE\SETUPSQM.EXE [2014-10-29] (Microsoft Corporation)
Task: {746183C2-2882-48CB-A1DD-3B939D5B2605} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {7800CEBC-063B-41ED-9C6D-40993AA65326} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-26] (Microsoft Corporation)
Task: {89366798-5814-4F29-8C7D-FF08E71FC79D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {C359C7DA-9904-4B37-80BE-2299841568E8} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
==================== Loaded Modules (whitelisted) ==============
2015-04-09 20:47 - 2014-08-27 16:31 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2015-04-09 20:47 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2015-04-09 20:47 - 2015-04-01 18:05 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2015-04-09 20:47 - 2012-10-29 14:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2015-04-09 20:52 - 2015-04-09 20:52 - 00785736 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00150_002\ashttpbr.mdl
2015-04-09 20:52 - 2015-04-09 20:52 - 00706408 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00150_002\ashttpdsp.mdl
2015-04-09 20:52 - 2015-04-09 20:52 - 02681448 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00150_002\ashttpph.mdl
2015-04-09 20:52 - 2015-04-09 20:52 - 01324432 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00150_002\ashttprbl.mdl
2015-04-09 21:04 - 2015-03-13 18:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-04-29 02:38 - 2014-04-29 02:38 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-04-29 02:35 - 2014-04-29 02:35 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-04-29 02:42 - 2014-04-29 02:42 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2015-03-31 19:02 - 2015-03-31 19:02 - 00392592 _____ () C:\Windows\system32\igfxTray.exe
2015-04-09 21:28 - 2015-04-09 21:26 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Saskia\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Saskia\Desktop\Defogger.exe:BDU
AlternateDataStreams: C:\Users\Saskia\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Saskia\Desktop\Gmer-19357.exe:BDU
AlternateDataStreams: C:\Users\Saskia\Downloads\TERA_GameforgeLiveSetup.exe:BDU
AlternateDataStreams: C:\Users\Saskia\Downloads\The_New_Bitdefender_UninstallTool.exe:BDU
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2670663330-2170880695-2356555728-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Saskia\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\valentinstag.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-2670663330-2170880695-2356555728-500 - Administrator - Disabled)
Gast (S-1-5-21-2670663330-2170880695-2356555728-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2670663330-2170880695-2356555728-1003 - Limited - Enabled)
Installer (S-1-5-21-2670663330-2170880695-2356555728-1005 - Administrator - Enabled) => C:\Users\Installer
Saskia (S-1-5-21-2670663330-2170880695-2356555728-1001 - Limited - Enabled) => C:\Users\Saskia
==================== Faulty Device Manager Devices =============
Name: High Definition Audio-Gerät
Description: High Definition Audio-Gerät
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/10/2015 03:22:51 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004C003
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=354d964a-56e7-43c5-a93f-287a7a750bd4;NotificationInterval=1440;Trigger=TimerEvent
Error: (04/10/2015 03:22:51 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Fehler beim Erwerb der Endbenutzerlizenz. hr=0xC004C003
SKU-ID=354d964a-56e7-43c5-a93f-287a7a750bd4
Error: (04/10/2015 03:22:51 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: Lizenzerwerb-Fehlerdetails.
hr=0xC004C003
Error: (04/10/2015 03:22:50 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Fehler beim Erwerb der Endbenutzerlizenz. hr=0xC004C003
SKU-ID=354d964a-56e7-43c5-a93f-287a7a750bd4
Error: (04/10/2015 03:22:50 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: Lizenzerwerb-Fehlerdetails.
hr=0xC004C003
Error: (04/10/2015 03:16:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004C060
Befehlszeilenargumente:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=354d964a-56e7-43c5-a93f-287a7a750bd4;NotificationInterval=1440;Trigger=TimerEvent
Error: (04/10/2015 03:16:00 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Fehler beim Erwerb der Endbenutzerlizenz. hr=0xC004C060
SKU-ID=354d964a-56e7-43c5-a93f-287a7a750bd4
Error: (04/10/2015 03:16:00 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: Lizenzerwerb-Fehlerdetails.
hr=0xC004C060
Error: (04/10/2015 03:15:59 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Fehler beim Erwerb der Endbenutzerlizenz. hr=0xC004C060
SKU-ID=354d964a-56e7-43c5-a93f-287a7a750bd4
Error: (04/10/2015 03:15:59 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: Lizenzerwerb-Fehlerdetails.
hr=0xC004C060
System errors:
=============
Error: (04/11/2015 08:18:34 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 10.04.2015 um 22:33:06 unerwartet heruntergefahren.
Error: (04/10/2015 09:36:24 AM) (Source: DCOM) (EventID: 10010) (User: Jisella)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (04/09/2015 09:40:51 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (04/09/2015 09:31:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/09/2015 08:36:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Intel(R) Content Protection HECI Service" wurde mit folgendem Fehler beendet:
%%2147942659
Error: (04/09/2015 08:35:54 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (04/09/2015 08:29:41 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Search" wurde nicht richtig gestartet.
Error: (04/09/2015 08:23:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Netzwerklistendienst" wurde mit folgendem Fehler beendet:
%%21
Error: (04/09/2015 08:23:01 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {A47979D2-C419-11D9-A5B4-001185AD2B89}
Error: (04/09/2015 08:21:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Netzwerklistendienst" wurde mit folgendem Fehler beendet:
%%21
Microsoft Office Sessions:
=========================
Error: (04/10/2015 03:22:51 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004C003RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=354d964a-56e7-43c5-a93f-287a7a750bd4;NotificationInterval=1440;Trigger=TimerEvent
Error: (04/10/2015 03:22:51 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: hr=0xC004C003354d964a-56e7-43c5-a93f-287a7a750bd4
Error: (04/10/2015 03:22:51 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0xC004C00300010001(0x00000000, 15:22:50:484 - https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail)
00020001(0x00000000, 15:22:50:485)
00030001(0x00000000, 15:22:50:487 - https://activation-v2.sls.microsoft.com)
00030002(0x00000000, 15:22:50:487 - 0)
00040001(0x00000000, 15:22:50:487 - https://activation-v2.sls.microsoft.com)
00040002(0x00000000, 15:22:50:489 - 1, <NULL>, <NULL>, <NULL>)
00050002(0x80072F94, 15:22:50:490 - 0, 1)
00040006(0x00000001, 15:22:50:490 - 0, https://activation-v2.sls.microsoft.com, <N/A>, <N/A>)
00020005(0x00000000, 15:22:50:490 - 0)
0002000C(0x00000000, 15:22:51:681 - 500)
00010002(0x8004FC01, 15:22:51:682 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="hxxp://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="hxxp://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>SoapException</faultstring><detail><HRESULT>0xC004C003</HRESULT><Messages><Message>103 (Activation) - [PA Product key blocked. ---> Product key blocked]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 15:22:51:683)
Error: (04/10/2015 03:22:50 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: hr=0xC004C003354d964a-56e7-43c5-a93f-287a7a750bd4
Error: (04/10/2015 03:22:50 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0xC004C00300010001(0x00000000, 15:22:49:082 - https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail)
00020001(0x00000000, 15:22:49:083)
00030001(0x00000000, 15:22:49:084 - https://activation-v2.sls.microsoft.com)
00030002(0x00000000, 15:22:49:084 - 0)
00040001(0x00000000, 15:22:49:084 - https://activation-v2.sls.microsoft.com)
00040002(0x00000000, 15:22:49:087 - 1, <NULL>, <NULL>, <NULL>)
00050002(0x80072F94, 15:22:49:088 - 0, 1)
00040006(0x00000001, 15:22:49:088 - 0, https://activation-v2.sls.microsoft.com, <N/A>, <N/A>)
00020005(0x00000000, 15:22:49:088 - 0)
0002000C(0x00000000, 15:22:50:305 - 500)
00010002(0x8004FC01, 15:22:50:305 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="hxxp://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="hxxp://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>SoapException</faultstring><detail><HRESULT>0xC004C003</HRESULT><Messages><Message>103 (Activation) - [PA Product key blocked. ---> Product key blocked]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 15:22:50:305)
Error: (04/10/2015 03:16:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004C060RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=354d964a-56e7-43c5-a93f-287a7a750bd4;NotificationInterval=1440;Trigger=TimerEvent
Error: (04/10/2015 03:16:00 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: hr=0xC004C060354d964a-56e7-43c5-a93f-287a7a750bd4
Error: (04/10/2015 03:16:00 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0xC004C06000010001(0x00000000, 15:15:59:620 - https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail)
00020001(0x00000000, 15:15:59:621)
00030001(0x00000000, 15:15:59:622 - https://activation-v2.sls.microsoft.com)
00030002(0x00000000, 15:15:59:623 - 0)
00040001(0x00000000, 15:15:59:623 - https://activation-v2.sls.microsoft.com)
00040002(0x00000000, 15:15:59:625 - 1, <NULL>, <NULL>, <NULL>)
00050002(0x80072F94, 15:15:59:625 - 0, 1)
00040006(0x00000001, 15:15:59:625 - 0, https://activation-v2.sls.microsoft.com, <N/A>, <N/A>)
00020005(0x00000000, 15:15:59:625 - 0)
0002000C(0x00000000, 15:16:00:823 - 500)
00010002(0x8004FC01, 15:16:00:823 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="hxxp://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="hxxp://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>SoapException</faultstring><detail><HRESULT>0xC004C060</HRESULT><Messages><Message>214 (Activation) - [Maximum Override Limit Reached for DMAK Activation ---> DMAK Activation Override Limit Reached]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 15:16:00:824)
Error: (04/10/2015 03:15:59 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: hr=0xC004C060354d964a-56e7-43c5-a93f-287a7a750bd4
Error: (04/10/2015 03:15:59 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0xC004C06000010001(0x00000000, 15:15:58:233 - https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail)
00020001(0x00000000, 15:15:58:235)
00030001(0x00000000, 15:15:58:236 - https://activation-v2.sls.microsoft.com)
00030002(0x00000000, 15:15:58:236 - 0)
00040001(0x00000000, 15:15:58:236 - https://activation-v2.sls.microsoft.com)
00040002(0x00000000, 15:15:58:238 - 1, <NULL>, <NULL>, <NULL>)
00050002(0x80072F94, 15:15:58:239 - 0, 1)
00040006(0x00000001, 15:15:58:239 - 0, https://activation-v2.sls.microsoft.com, <N/A>, <N/A>)
00020005(0x00000000, 15:15:58:239 - 0)
0002000C(0x00000000, 15:15:59:433 - 500)
00010002(0x8004FC01, 15:15:59:433 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="hxxp://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="hxxp://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>SoapException</faultstring><detail><HRESULT>0xC004C060</HRESULT><Messages><Message>214 (Activation) - [Maximum Override Limit Reached for DMAK Activation ---> DMAK Activation Override Limit Reached]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 15:15:59:434)
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz
Percentage of memory in use: 49%
Total physical RAM: 3976.36 MB
Available physical RAM: 2022.94 MB
Total Pagefile: 5384.36 MB
Available Pagefile: 3006.57 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.42 GB) (Free:370.51 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D9550422)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Geändert von LuffyXD (11.04.2015 um 10:06 Uhr) Grund: FRST.txt 540000+ Zeichen... |
| Themen zu Win 8.1 Pro - Notebook täuscht herunterfahren vor, externe Lüfter bleiben angeschaltet. Systemstart etc. stark verlangsamt |
| .dll, administratorrechte, adware, anmeldefenster, antivirus, bildschirm, cpu, defender, device driver, down, entfernen, failed, firefox, geforce, harddisk, herunterfahren, launch, notebook, nvidia, onedrive, realtek, registry, scan, security, server, temp, teredo, wallpaper, wlan, wmi |
Baum-Darstellung