| |
| |||||||
Log-Analyse und Auswertung: Windows 7: PC verhält sich komisch update.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.04.2015, 21:25
| #1 |
 |  Windows 7: PC verhält sich komisch update.exe Hallo zusammen, also mein PC verhält sich in letzter Zeit komisch bekomme Bluescreens, er friert ohne grund plötzlich ein, bleibt im Bios fenster hängen (also da von wo aus man mit del z.b ins Bios kommt). und Das alles hat angefangen nachdem Kaspersky eine update.exe als Trojaner erkannt hat und diese öfters mal versucht hat zu löschen welche sich im windows Ordner syswow64 befindet. Deswegen wollte ich hier mal um Hilfe bitten. FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015
Ran by Fabian (administrator) on FABIAN-PC on 29-04-2015 22:14:01
Running from C:\Users\Fabian\Desktop
Loaded Profiles: Fabian (Available profiles: Fabian)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
() D:\Programme\Core Temp\Core Temp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(SoftPerfect Research) D:\Programme\NetWorx\networx.exe
() C:\Program Files\ASUS Xonar U7 Audio\CPL\ASUSXonarU7_x64.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(LogMeIn Inc.) D:\Programme\Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\Programme\Hamachi\LMIGuardianSvc.exe
(LogMeIn Inc.) D:\Programme\Hamachi\hamachi-2-ui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(LogMeIn, Inc.) D:\Programme\Hamachi\LMIGuardianSvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7569112 2014-03-31] (Realtek Semiconductor)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [438784 2010-12-17] ()
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [NetWorx] => D:\Programme\NetWorx\networx.exe [6589136 2014-09-30] (SoftPerfect Research)
HKLM\...\Run: [GamecomSound] => C:\Program Files\ASUS Xonar U7 Audio\CPL\ASUSXonarU7_x64.exe [2453504 2013-08-06] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Programme\Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKU\S-1-5-21-4180718120-1828569617-1736650471-1000\...\Run: [Steam] => D:\Programme\Steam\steam.exe [2889408 2015-04-14] (Valve Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start_.lnk [2015-04-29]
ShortcutTarget: Start_.lnk -> C:\Windows\SysWOW64\update_.exe ()
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Programme\Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Programme\Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Programme\Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Programme\Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Programme\Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4180718120-1828569617-1736650471-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4180718120-1828569617-1736650471-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-24] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-10-18] (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-18] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Programme\Office 2007\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-24] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-01] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-01] (Atheros Commnucations)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-01] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Toolbar: HKU\S-1-5-21-4180718120-1828569617-1736650471-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programme\Office 2007\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\Programme\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-01] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-24] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-10-24] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-24] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4180718120-1828569617-1736650471-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Fabian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-24]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-24]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-10-24]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-10-24]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-10-24]
Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://www.google.com", "hxxp://www.sweet-page.com/?type=hp&ts=1409748275&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSADC38755E"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-08-29]
CHR Extension: (YouTube) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-29]
CHR Extension: (Google Search) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-29]
CHR Extension: (Kaspersky Protection) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-10-24]
CHR Extension: (BetaFish Adblocker) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-29]
CHR Extension: (Bookmark Manager) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Gravelord Nito) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmaneaofefbdhecclkaokfmclgcagdah [2014-08-29]
CHR Extension: (Google Wallet) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-29]
CHR Extension: (Gmail) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-29]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [116224 2014-11-20] (Advanced Micro Devices) [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-03-01] (Atheros Commnucations) [File not signed]
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-09-09] (EasyAntiCheat Ltd)
R2 Hamachi2Svc; D:\Programme\Hamachi\hamachi-2.exe [2490216 2015-03-30] (LogMeIn Inc.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Microsoft Office Groove Audit Service; D:\Programme\Office 2007\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [575488 2008-09-08] (Nokia.) [File not signed]
S2 Software licensing; C:\Windows\SysWOW64\Softlic.exe [1622528 2015-03-30] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [294600 2014-11-21] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
S3 ASUSU7; C:\Windows\System32\DRIVERS\ASUSU7.SYS [406016 2013-08-01] (C-Media Inc.)
S3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [280224 2011-03-01] (Atheros) [File not signed]
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [25056 2011-12-21] (IVT Corporation.)
S3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2727936 2011-12-20] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-29] (Disc Soft Ltd)
S3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.)
S3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-10-24] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-10-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2012-05-12] (MotioninJoy) [File not signed]
R1 networx; C:\Windows\System32\drivers\networx.sys [60408 2014-08-01] (NetFilterSDK.com)
S3 RTCore64; D:\Programme\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
R3 ALSysIO; \??\C:\Users\Fabian\AppData\Local\Temp\ALSysIO64.sys [X]
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 IvtComBusSrv; System32\Drivers\btcombus.sys [X]
S3 pmem; \??\C:\Users\Fabian\AppData\Local\Temp\_MEI41682\drivers\winpmem64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-29 21:59 - 2015-04-29 22:14 - 00022066 _____ () C:\Users\Fabian\Desktop\FRST.txt
2015-04-29 21:59 - 2015-04-29 22:14 - 00000000 ____D () C:\FRST
2015-04-29 21:59 - 2015-04-29 21:59 - 02101248 _____ (Farbar) C:\Users\Fabian\Desktop\FRST64.exe
2015-04-29 21:59 - 2015-04-29 21:59 - 00380416 _____ () C:\Users\Fabian\Desktop\Gmer-19357.exe
2015-04-29 21:57 - 2015-04-29 21:57 - 00000474 _____ () C:\Users\Fabian\Desktop\defogger_disable.log
2015-04-29 21:57 - 2015-04-29 21:56 - 00050477 _____ () C:\Users\Fabian\Desktop\Defogger.exe
2015-04-29 21:56 - 2015-04-29 21:56 - 00000000 _____ () C:\Users\Fabian\defogger_reenable
2015-04-29 21:45 - 2015-04-29 21:45 - 00000000 ___RD () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-04-29 18:48 - 2015-04-29 22:13 - 01539150 _____ () C:\Windows\SysWOW64\Update.exe
2015-04-29 18:48 - 2015-04-29 17:59 - 01026772 _____ () C:\Windows\SysWOW64\update64.exe
2015-04-29 18:48 - 2015-04-28 15:37 - 01584640 _____ () C:\Windows\SysWOW64\update_.exe
2015-04-29 18:48 - 2015-04-23 04:10 - 00198467 _____ () C:\Windows\SysWOW64\Run.exe
2015-04-28 19:52 - 2015-04-28 19:52 - 00293032 _____ () C:\Windows\Minidump\042815-6739-01.dmp
2015-04-25 11:13 - 2015-04-25 11:13 - 00002566 _____ () C:\Users\Fabian\Documents\01541sd111s11sSH4AR4E!!!!1515151.pfx
2015-04-23 18:40 - 2015-04-23 18:46 - 00000000 ____D () C:\Qoobox
2015-04-23 18:40 - 2015-04-23 18:45 - 00000000 ____D () C:\Windows\erdnt
2015-04-23 18:40 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-23 18:40 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-23 18:40 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-23 18:40 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-23 18:40 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-23 18:40 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-23 18:40 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-23 18:40 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-23 18:20 - 2015-04-23 18:47 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-23 18:20 - 2015-04-23 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-04-23 18:19 - 2015-04-23 18:20 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-04-23 18:19 - 2015-04-23 18:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-23 18:19 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-23 18:19 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-23 18:19 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-23 18:12 - 2015-04-23 18:12 - 00262144 _____ () C:\Windows\system32\config\elam
2015-04-23 18:05 - 2015-04-29 22:13 - 00000012 _____ () C:\Windows\SysWOW64\listm.txt
2015-04-19 14:16 - 2015-04-19 14:16 - 00000000 ____D () C:\Users\Fabian\AppData\Local\PDF24
2015-04-19 14:16 - 2015-04-19 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2015-04-16 19:39 - 2015-04-16 19:39 - 00000080 _____ () C:\Users\Fabian\AppData\Local剜捯獫慴慇敭屳呇⁁屖湥楴汴浥湥湩潦
2015-04-16 19:37 - 2015-04-16 19:37 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2015-04-16 19:36 - 2015-04-16 19:36 - 00000000 ____D () C:\Program Files\Rockstar Games
2015-04-16 19:18 - 2015-04-16 19:18 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Rockstar Games
2015-04-16 19:16 - 2015-04-16 19:39 - 00000000 ____D () C:\Users\Fabian\Documents\Rockstar Games
2015-04-15 18:54 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 18:54 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 18:54 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 18:54 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 18:54 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 18:54 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 18:54 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 18:54 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 18:54 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 18:54 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 18:54 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 18:54 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 18:54 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 18:54 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 18:54 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 18:54 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 18:54 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 18:54 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 18:54 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 18:54 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 18:54 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 18:54 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 18:54 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 18:54 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 18:54 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 18:54 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 18:54 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 18:54 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 18:54 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 18:54 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 18:54 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 18:54 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 18:54 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 18:54 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 18:54 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 18:54 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 18:54 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 18:54 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 18:54 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 18:54 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 18:54 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 18:54 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 18:54 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 18:54 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 18:54 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 18:54 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 18:54 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 18:54 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 18:54 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 18:54 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 18:54 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 18:54 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 18:54 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 18:54 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 18:54 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 18:54 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 18:54 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 18:54 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 18:54 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 18:54 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 18:54 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 18:54 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 18:54 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 18:54 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 18:54 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 18:54 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 18:54 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 18:54 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 18:54 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 18:54 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 18:54 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 18:54 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 18:54 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 18:54 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 18:54 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 18:54 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 18:54 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 18:54 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 18:54 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 18:54 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 18:54 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 18:54 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 18:54 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 18:54 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 18:54 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 18:54 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 18:54 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 18:54 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 18:54 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 18:54 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 18:54 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 18:54 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 18:54 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 18:54 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 18:54 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 18:54 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 18:54 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 18:54 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 18:54 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 18:54 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 18:54 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 18:54 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 18:54 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 18:54 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 18:54 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 18:54 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 18:54 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 18:54 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 18:54 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 18:54 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 18:54 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 18:54 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 18:54 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 18:54 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 18:54 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-13 20:32 - 2015-04-13 20:32 - 00000000 ____D () C:\Users\Fabian\Documents\Aspyr
2015-04-13 20:32 - 2015-04-13 20:32 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Aspyr
2015-04-13 20:28 - 2015-04-13 20:28 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2015-04-13 20:28 - 2015-04-13 20:28 - 00000000 __RHD () C:\Users\Fabian\AppData\Roaming\SecuROM
2015-04-13 19:29 - 2015-04-13 19:29 - 00009728 _____ () C:\Windows\SysWOW64\BASSMOD.dll
2015-04-13 19:28 - 2015-04-13 20:24 - 00000032 _____ () C:\Windows\0
2015-04-13 19:28 - 2015-04-13 19:28 - 00000000 ____D () C:\Program Files (x86)\PC Connectivity Solution
2015-04-13 19:28 - 2015-04-13 19:28 - 00000000 ____D () C:\Program Files (x86)\Nokia
2015-04-13 19:28 - 2015-04-13 19:28 - 00000000 _____ () C:\Windows\system32\0
2015-04-13 19:28 - 2008-08-28 12:44 - 00025600 _____ (Nokia) C:\Windows\system32\Drivers\pccsmcfdx64.sys
2015-04-13 19:28 - 2008-05-07 07:39 - 00066560 _____ (Nokia) C:\Windows\system32\nmwcdclsx64.dll
2015-04-13 19:27 - 2015-04-13 19:27 - 00000000 ____D () C:\ProgramData\Installations
2015-04-13 19:11 - 2015-04-13 19:11 - 00000535 _____ () C:\Windows\Xbox_360_CC_Driver.log
2015-04-12 16:30 - 2015-04-12 16:30 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCitizen
2015-04-04 20:59 - 2015-04-04 20:59 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 20:59 - 2015-04-04 20:59 - 00000000 ___SD () C:\Windows\system32\GWX
2015-03-31 20:02 - 2015-03-31 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-03-30 19:06 - 2015-03-30 19:06 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Publish Providers
2015-03-30 19:01 - 2015-03-30 19:02 - 01622528 _____ () C:\Windows\SysWOW64\Softlic.exe
2015-03-30 19:01 - 2015-03-30 19:02 - 00000026 _____ () C:\Windows\SysWOW64\video.log
2015-03-30 19:00 - 2015-03-30 19:01 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Sony
2015-03-30 19:00 - 2015-03-30 19:00 - 00000000 ____D () C:\ProgramData\Sony
2015-03-30 19:00 - 2015-03-30 19:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-03-30 19:00 - 2015-03-30 19:00 - 00000000 ____D () C:\Program Files (x86)\Sony
2015-03-30 18:59 - 2015-03-30 19:11 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Sony
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-29 22:13 - 2014-12-23 16:47 - 00000000 ____D () C:\Users\Fabian\AppData\Local\LogMeIn Hamachi
2015-04-29 22:13 - 2014-10-24 11:35 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-04-29 22:13 - 2014-08-29 16:37 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-29 22:13 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-29 22:13 - 2009-07-14 06:51 - 00142452 _____ () C:\Windows\setupact.log
2015-04-29 22:06 - 2014-08-29 16:37 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-29 22:06 - 2009-07-14 06:45 - 00038752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-29 22:06 - 2009-07-14 06:45 - 00038752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-29 21:56 - 2014-08-29 16:32 - 00000000 ____D () C:\Users\Fabian
2015-04-29 21:56 - 2009-07-14 19:58 - 00717014 _____ () C:\Windows\system32\perfh007.dat
2015-04-29 21:56 - 2009-07-14 19:58 - 00154630 _____ () C:\Windows\system32\perfc007.dat
2015-04-29 21:56 - 2009-07-14 07:13 - 01655480 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-29 21:53 - 2014-08-29 16:32 - 01944962 _____ () C:\Windows\WindowsUpdate.log
2015-04-29 21:52 - 2014-09-11 22:12 - 00006462 _____ () C:\Windows\SysWOW64\Gms.log
2015-04-29 21:50 - 2015-03-18 23:46 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-04-29 20:46 - 2014-08-29 17:05 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-04-29 20:36 - 2014-12-03 00:48 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Battle.net
2015-04-28 19:52 - 2014-08-29 21:13 - 631035299 _____ () C:\Windows\MEMORY.DMP
2015-04-28 19:52 - 2014-08-29 21:13 - 00000000 ____D () C:\Windows\Minidump
2015-04-26 18:01 - 2014-11-17 18:28 - 00000000 ____D () C:\ProgramData\Unity
2015-04-26 11:41 - 2015-03-14 02:50 - 00000000 ____D () C:\Program Files (x86)\MOUSE Editor
2015-04-26 11:41 - 2014-08-29 16:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-25 12:08 - 2014-10-25 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2015-04-24 18:51 - 2014-09-11 21:16 - 00000000 ____D () C:\Users\Fabian\Documents\Bluetooth Folder
2015-04-24 18:49 - 2014-08-29 17:05 - 00243932 _____ () C:\Windows\PFRO.log
2015-04-23 20:43 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-23 18:46 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-23 18:44 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-23 18:26 - 2009-07-14 20:18 - 00000000 ____D () C:\Windows\ShellNew
2015-04-21 21:09 - 2014-08-29 21:51 - 00000000 ____D () C:\Users\Fabian\AppData\Local\CrashDumps
2015-04-19 14:09 - 2014-09-03 21:16 - 00000099 _____ () C:\Users\Public\LMDebug.log
2015-04-19 01:38 - 2014-08-29 21:51 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\vlc
2015-04-16 06:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-16 06:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-16 06:08 - 2014-12-11 09:18 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 06:08 - 2014-08-29 18:32 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 23:23 - 2014-09-25 17:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 23:22 - 2014-08-29 17:03 - 01628824 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 23:20 - 2014-11-29 13:35 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-15 23:20 - 2014-11-29 13:35 - 00000000 ____D () C:\ProgramData\Skype
2015-04-15 23:20 - 2014-08-29 18:13 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 23:17 - 2014-08-29 18:13 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 22:22 - 2014-10-04 21:16 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Eclipse
2015-04-14 18:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-14 18:58 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-04-13 19:28 - 2014-11-10 18:36 - 00000000 ____D () C:\Program Files\DIFX
2015-04-13 19:28 - 2014-09-08 14:00 - 00034542 _____ () C:\Windows\DPINST.LOG
2015-04-13 19:12 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-13 19:11 - 2014-08-29 18:14 - 00254907 _____ () C:\Windows\DirectX.log
2015-04-12 16:30 - 2014-09-05 14:42 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-04-09 20:43 - 2014-09-03 14:34 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Mp3tag
2015-03-30 15:25 - 2015-01-29 18:58 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
==================== Files in the root of some directories =======
2014-11-25 00:36 - 2014-11-25 00:36 - 0000793 _____ () C:\Users\Fabian\AppData\Roaming\MPQEditor.ini
2014-12-23 13:49 - 2014-12-23 13:49 - 0006099 _____ () C:\Users\Fabian\AppData\Local\recently-used.xbel
2015-03-04 00:58 - 2015-03-04 00:58 - 0007614 _____ () C:\Users\Fabian\AppData\Local\Resmon.ResmonCfg
2014-08-29 16:39 - 2014-08-29 16:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some content of TEMP:
====================
C:\Users\Fabian\AppData\Local\Temp\proxy_vole5764226451692624574.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-24 20:44
==================== End Of Log ============================
GMER Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-29 22:20:32
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 Samsung_SSD_840_EVO_120GB rev.EXT0BB0Q 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\Fabian\AppData\Local\Temp\uxdiipod.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe[2248] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 000000007732faa4 5 bytes JMP 0000000172352e10
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe[2248] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077330034 5 bytes JMP 0000000172352dd0
.text D:\Programme\Hamachi\hamachi-2-ui.exe[3292] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExW + 17 0000000074ef1401 2 bytes JMP 7557b1ef C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Hamachi\hamachi-2-ui.exe[3292] C:\Windows\syswow64\PsApi.dll!EnumProcessModules + 17 0000000074ef1419 2 bytes JMP 7557b31a C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Hamachi\hamachi-2-ui.exe[3292] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 17 0000000074ef1431 2 bytes JMP 755f8f09 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Hamachi\hamachi-2-ui.exe[3292] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 42 0000000074ef144a 2 bytes CALL 75554885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text D:\Programme\Hamachi\hamachi-2-ui.exe[3292] C:\Windows\syswow64\PsApi.dll!EnumDeviceDrivers + 17 0000000074ef14dd 2 bytes JMP 755f8802 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Hamachi\hamachi-2-ui.exe[3292] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameA + 17 0000000074ef14f5 2 bytes JMP 755f89d8 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Hamachi\hamachi-2-ui.exe[3292] C:\Windows\syswow64\PsApi.dll!QueryWorkingSetEx + 17 0000000074ef150d 2 bytes JMP 755f86f8 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Hamachi\hamachi-2-ui.exe[3292] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameW + 17 0000000074ef1525 2 bytes JMP 755f8ac2 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Hamachi\hamachi-2-ui.exe[3292] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameW + 17 0000000074ef153d 2 bytes JMP 7556fc78 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Hamachi\hamachi-2-ui.exe[3292] C:\Windows\syswow64\PsApi.dll!EnumProcesses + 17 0000000074ef1555 2 bytes JMP 755768bf C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Hamachi\hamachi-2-ui.exe[3292] C:\Windows\syswow64\PsApi.dll!GetProcessMemoryInfo + 17 0000000074ef156d 2 bytes JMP 755f8fc1 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Hamachi\hamachi-2-ui.exe[3292] C:\Windows\syswow64\PsApi.dll!GetPerformanceInfo + 17 0000000074ef1585 2 bytes JMP 755f8b22 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Hamachi\hamachi-2-ui.exe[3292] C:\Windows\syswow64\PsApi.dll!QueryWorkingSet + 17 0000000074ef159d 2 bytes JMP 755f86bc C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Hamachi\hamachi-2-ui.exe[3292] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameA + 17 0000000074ef15b5 2 bytes JMP 7556fd11 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Hamachi\hamachi-2-ui.exe[3292] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExA + 17 0000000074ef15cd 2 bytes JMP 7557b2b0 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Hamachi\hamachi-2-ui.exe[3292] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 20 0000000074ef16b2 2 bytes JMP 755f8e84 C:\Windows\syswow64\kernel32.dll
.text D:\Programme\Hamachi\hamachi-2-ui.exe[3292] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 31 0000000074ef16bd 2 bytes JMP 755f8651 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000771313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077131544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000771318ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077131ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077131bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077131d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077131e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077131f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077132248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771326f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077132712 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007713276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000771327d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077132b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077132be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000771330bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077133248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000771337c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000771338b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077133a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077133fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077134061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000771340d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077134216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077134254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000771344c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000771346ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077134773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077134867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077134986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077134ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077134b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077134d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077134f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077135007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000771351f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077136006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000771361be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000771363ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000771363ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077136404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007713645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077136c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007717dca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007717de20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007717de50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007717df70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007717e020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007717e650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007717e8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007717f100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074bd13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074bd146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074bd16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074bd19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074bd19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[5872] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074bd1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000771313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077131544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000771318ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077131ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077131bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077131d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077131e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077131f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077132248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771326f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077132712 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007713276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000771327d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077132b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077132be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000771330bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077133248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000771337c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000771338b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077133a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077133fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077134061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000771340d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077134216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077134254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000771344c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000771346ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077134773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077134867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077134986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077134ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077134b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077134d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077134f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077135007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000771351f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077136006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000771361be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000771363ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000771363ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077136404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007713645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077136c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007717dca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007717de20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007717de50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007717df70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007717e020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007717e650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007717e8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007717f100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074bd13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074bd146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074bd16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074bd19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074bd19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1336] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074bd1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000771313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077131544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000771318ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077131ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077131bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077131d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077131e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077131f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077132248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000771326f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077132712 8 bytes {JMP 0x10}
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007713276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000771327d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077132b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077132be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000771330bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077133248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000771337c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000771338b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077133a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077133fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077134061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000771340d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077134216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077134254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000771344c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000771346ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077134773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077134867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077134986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077134ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077134b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077134d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077134f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077135007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000771351f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077136006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000771361be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000771363ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000771363ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077136404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007713645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077136c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007717dca0 8 bytes {JMP QWORD [RIP-0x478a2]}
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007717de20 8 bytes {JMP QWORD [RIP-0x479ca]}
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007717de50 8 bytes {JMP QWORD [RIP-0x47c98]}
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007717df70 8 bytes {JMP QWORD [RIP-0x47b89]}
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007717e020 8 bytes {JMP QWORD [RIP-0x47c7a]}
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007717e650 8 bytes {JMP QWORD [RIP-0x46b93]}
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007717e8a0 8 bytes {JMP QWORD [RIP-0x472a2]}
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007717f100 8 bytes {JMP QWORD [RIP-0x484e0]}
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074bd13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074bd146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074bd16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074bd19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074bd19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Fabian\Desktop\Gmer-19357.exe[5604] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074bd1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
---- Threads - GMER 2.1 ----
Thread C:\Windows\SysWOW64\ntdll.dll [3344:3152] 00000000003d1716
Thread C:\Windows\SysWOW64\ntdll.dll [3344:2540] 00000000720a7a30
Thread C:\Windows\SysWOW64\ntdll.dll [3344:2556] 000000007224c59c
Thread C:\Windows\SysWOW64\ntdll.dll [3344:2560] 000000007224c59c
Thread C:\Windows\SysWOW64\ntdll.dll [3344:2488] 000000007224c59c
Thread C:\Windows\SysWOW64\ntdll.dll [3344:2336] 000000007224c59c
Thread C:\Windows\SysWOW64\ntdll.dll [3344:4456] 000000007224c59c
Thread C:\Windows\SysWOW64\ntdll.dll [3344:4460] 000000007224c59c
Thread C:\Windows\SysWOW64\ntdll.dll [3344:4468] 000000007224c59c
Thread C:\Windows\SysWOW64\ntdll.dll [3344:5556] 000000006a9cb73e
Thread C:\Windows\SysWOW64\ntdll.dll [3344:5240] 000000007224c59c
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00027239198e
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{DE6BC663-A8BC-4A3A-8C3F-725461A28682}@LeaseObtainedTime 1430338640
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{DE6BC663-A8BC-4A3A-8C3F-725461A28682}@T1 1430338767
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{DE6BC663-A8BC-4A3A-8C3F-725461A28682}@T2 1430338863
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{DE6BC663-A8BC-4A3A-8C3F-725461A28682}@LeaseTerminatesTime 1430338895
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00027239198e (not active ControlSet)
---- EOF - GMER 2.1 ----
danke schonmal im voraus |
|
30.04.2015, 05:57
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: PC verhält sich komisch update.exe Hi,
__________________Addition.txt fehlt noch 
__________________ |
WARNUNG an die MITLESER: 
+ R Taste und schreibe notepad in das Ausführen Fenster.
Linear-Darstellung
