| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Booten langsam, Drucker geht...geht nicht,Programme öffnen geht...geht nichtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.06.2015, 09:33
| #1 |
  |  Booten langsam, Drucker geht...geht nicht,Programme öffnen geht...geht nicht Hallo Experten, bin am verzweifeln und nicht gerade ein Profi. Seit zwei bis drei Wochen spinnt mein Computer. Das booten dauert eine gefühlte Ewigkeit. Mal geht es relativ schnell und dann wieder langsam. Mein Drucker wird mal angesprochen mal geht er nicht.(Brother DCP 195c). Mal reagiert die Task-leiste mal nicht. Habe schon mehrmals mit CCleaner versucht das Problem zu lösen. Mein Kaspersky sagt ....alles in Ordnung. Bin leider mit meinem Latein am Ende Es wäre schön wenn mir da einer helfen könnte. Als Anhang defogger_disable.log, FRST.txt, Gmer.txt und Addition.txt Gruß Monstera Geändert von Monstera (11.06.2015 um 09:39 Uhr) |
|
11.06.2015, 10:20
| #2 |
| /// the machine /// TB-Ausbilder   | Booten langsam, Drucker geht...geht nicht,Programme öffnen geht...geht nicht Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
11.06.2015, 12:42
| #3 |
| | Booten langsam, Drucker geht...geht nicht,Programme öffnen geht...geht nicht Hier die Logs Frst.txt
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Monstera (administrator) on ZUHAUSE on 11-06-2015 08:19:18
Running from C:\Users\Monstera\Desktop
Loaded Profiles: UpdatusUser & Monstera (Available Profiles: UpdatusUser & Monstera)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(DATA BECKER GmbH & Co KG) C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTuneSrvc.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Language Engineering Corporation, LLC) C:\Program Files (x86)\Power Translator 16\LogoMedia TranslateDotNet Server.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dominik Reichl) G:\KeePass2.29\KeePass.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-23] (Hewlett-Packard )
HKLM\...\Run: [HP Remote Solution] => C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [791040 2013-06-11] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-20] (IDT, Inc.)
HKLM-x32\...\Run: [DT_HPO] => C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTuneStartup.exe [142344 2013-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [YouCam Service] => c:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-02] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-12] (Bitleader)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [CLMLServer_For_P2G9] => C:\Program Files (x86)\CyberLink\Power2Go9\CLMLSvc_P2G9.exe [110344 2014-07-08] (CyberLink)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\Run: [rfxsrvtray] => C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [4411488 2014-03-16] ()
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\Run: [Power2GoExpress9] => C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe [2397448 2014-07-08] (CyberLink Corp.)
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\MountPoints2: {282da2d0-8686-11e4-8290-40f02f01180a} - "I:\setup.exe"
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\MountPoints2: {4afc26ad-418b-11e4-826e-40f02f01180a} - "I:\Startme.exe"
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\MountPoints2: {efb1a6b8-86cd-11e4-8291-806e6f6e6963} - "F:\setup.exe"
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\MountPoints2: {efb1a927-86cd-11e4-8291-40f02f01180a} - "F:\setup.exe"
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\MountPoints2: {efb1a980-86cd-11e4-8291-40f02f01180a} - "F:\setup.exe"
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [387536 2013-08-09] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [326224 2013-08-09] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2014-07-12]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\Users\Monstera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2014-12-17]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK14/4
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_secureddownload_15_21¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0ByEzytCzzyCyD0DyEtCyEtCzytDtC0AtN0D0Tzu0StCtBtAzytN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyD0C0EzyyC0F0EtDtGyC0Azz0DtGtCtDtBtDtGyD0AtCyCtGyD0C0AtDtBtDzy0E0Bzy0DyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0E0DtDyE0B0A0CtGtBtC0F0EtGyEyEyEzytGzy0E0AtBtG0AtB0AzytDyEtD0AtD0CyCyE2QtN0A0LzuyE%26cr%3D817529139%26a%3Dwncy_secureddownload_15_21%26os%3DWindows 8.1 Connected
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
URLSearchHook: [S-1-5-21-4175866378-3063520444-1462022353-1001] ATTENTION ==> Default URLSearchHook is missing
SearchScopes: HKLM -> {8391A6F3-90A5-4644-847E-35D03D6DF1BF} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4175866378-3063520444-1462022353-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4175866378-3063520444-1462022353-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-11-18] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Recorder Toolbar -> {120A8821-2BEE-4C29-BCDA-62C577781992} -> C:\Program Files (x86)\MedienTeam66\CHIP Free MP3 converter for YouTube\IEPlugin.dll [2014-01-22] (MedienTeam66)
BHO-x32: LEC -> {4A241D35-F7EB-401b-8C5B-A904A50F280E} -> C:\Program Files (x86)\Power Translator 16\Applications\LEC IE Translation Extension.dll [2012-06-26] (Language Engineering Corporation, LLC)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-11-18] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM-x32 - Recorder Toolbar - {120A8821-2BEE-4C29-BCDA-62C577781992} - C:\Program Files (x86)\MedienTeam66\CHIP Free MP3 converter for YouTube\IEPlugin.dll [2014-01-22] (MedienTeam66)
Toolbar: HKLM-x32 - LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Program Files (x86)\Power Translator 16\Applications\LEC IE Translation Extension.dll [2012-06-26] (Language Engineering Corporation, LLC)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Monstera\AppData\Roaming\Mozilla\Firefox\Profiles\u3hrz55r.default
FF Homepage: hxxp://google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-09] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2012-06-01] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-11-18] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-11-18] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-11-18] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-4175866378-3063520444-1462022353-1002: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-4175866378-3063520444-1462022353-1002: @protectdisc.com/NPPDLicenseHelper -> C:\Users\Monstera\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll [2009-06-25] ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Extension: Extended Copy Menu (fix version) - C:\Users\Monstera\AppData\Roaming\Mozilla\Firefox\Profiles\u3hrz55r.default\Extensions\extended.copy.menu@fix.version.xpi [2014-07-20]
FF Extension: Firebug - C:\Users\Monstera\AppData\Roaming\Mozilla\Firefox\Profiles\u3hrz55r.default\Extensions\firebug@software.joehewitt.com.xpi [2015-04-12]
FF Extension: Google™ Translator - C:\Users\Monstera\AppData\Roaming\Mozilla\Firefox\Profiles\u3hrz55r.default\Extensions\jid1-dgnIBwQga0SIBw@jetpack.xpi [2015-05-07]
FF Extension: ImTranslator - C:\Users\Monstera\AppData\Roaming\Mozilla\Firefox\Profiles\u3hrz55r.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2015-04-28]
FF Extension: Adblock Plus - C:\Users\Monstera\AppData\Roaming\Mozilla\Firefox\Profiles\u3hrz55r.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-12]
FF Extension: Recorder Toolbar - C:\Program Files (x86)\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2} [2015-04-28]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-11-18]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-11-18]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-11-18]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-11-18]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-11-18]
FF Extension: LEC Translation Toolbar - C:\Program Files (x86)\Power Translator 16\Addins\LECToolbar [2015-02-07]
Chrome:
=======
CHR Profile: C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-09]
CHR Extension: (Beautiful landscape) - C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambfimhigppdidfmelpjmojccbfdoeig [2014-11-26]
CHR Extension: (Google Docs) - C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-09]
CHR Extension: (Google Drive) - C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-09]
CHR Extension: (LEC Chrome Extension) - C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Extensions\bckdajmkckkeodiknclojpadabahafnh [2015-02-07]
CHR Extension: (YouTube) - C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-09]
CHR Extension: (Google Search) - C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-09]
CHR Extension: (Google Sheets) - C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Skype Click to Call) - C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-04-13]
CHR Extension: (Google Wallet) - C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-09]
CHR Extension: (Gmail) - C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-09]
CHR HKLM-x32\...\Chrome\Extension: [bckdajmkckkeodiknclojpadabahafnh] - C:\Program Files (x86)\Power Translator 16\Addins\ChromeAddon.crx [2011-03-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2013-11-20] (Andrea Electronics Corporation) [File not signed]
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R2 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [189776 2010-10-28] (DATA BECKER GmbH & Co KG)
R2 DTuneSrvc; C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTuneSrvc.exe [120328 2013-07-17] (Portrait Displays, Inc.)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-08] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
R2 LEC TranslateDotNet Server; C:\Program Files (x86)\Power Translator 16\LogoMedia TranslateDotNet Server.exe [2048736 2012-06-26] (Language Engineering Corporation, LLC)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-08-01] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [418312 2014-08-01] ()
R2 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe [72344 2008-05-19] (SiSoftware) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-11-20] (IDT, Inc.) [File not signed]
R2 StarMoney 10 OnlineUpdate; C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe [688272 2015-04-15] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [41984 2010-11-20] (Microsoft Corporation)
S3 AVerAF35; C:\Windows\System32\Drivers\AVerAF35.sys [804992 2013-07-16] (AVerMedia TECHNOLOGIES, Inc.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7569112 2015-02-09] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 CLVirtualBus01; C:\Windows\System32\drivers\CLVirtualBus01.sys [103176 2014-03-12] (CyberLink)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows (R) Codename Longhorn DDK provider)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [142344 2014-11-18] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [771272 2014-11-18] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [67680 2014-03-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
S3 qcusbnet; C:\Windows\system32\DRIVERS\innosusbnet.sys [510976 2012-10-26] (QUALCOMM Incorporated)
S3 qcusbser; C:\Windows\system32\DRIVERS\innosusbser.sys [369792 2012-10-26] (QUALCOMM Incorporated)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [293592 2014-12-04] (Realtek Semiconductor Corp.)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-11 08:19 - 2015-06-11 08:19 - 00032761 _____ C:\Users\Monstera\Desktop\FRST.txt
2015-06-11 08:18 - 2015-06-11 08:18 - 02108928 _____ (Farbar) C:\Users\Monstera\Desktop\FRST64.exe
2015-06-11 08:16 - 2015-06-11 08:16 - 00050477 _____ C:\Users\Monstera\Desktop\Defogger.exe
2015-06-11 08:16 - 2015-06-11 08:16 - 00000478 _____ C:\Users\Monstera\Desktop\defogger_disable.log
2015-06-11 08:16 - 2015-06-11 08:16 - 00000000 _____ C:\Users\Monstera\defogger_reenable
2015-06-09 14:38 - 2015-06-11 08:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-06-08 15:32 - 2015-05-22 15:08 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-06-08 15:32 - 2015-05-21 15:08 - 01119232 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-06-08 15:32 - 2015-05-21 15:08 - 01020928 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-06-08 15:32 - 2015-05-21 15:08 - 00756736 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-06-08 15:32 - 2015-05-21 15:08 - 00422912 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-06-08 15:32 - 2015-05-21 15:08 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-06-08 15:32 - 2015-05-21 15:08 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-06-08 15:32 - 2015-04-17 00:07 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-06-08 13:09 - 2015-06-08 13:09 - 00000000 ____D C:\ProgramData\HP
2015-06-07 19:05 - 2015-06-11 08:19 - 00000000 ____D C:\FRST
2015-06-07 12:17 - 2015-06-07 12:17 - 00302011 _____ C:\Users\Monstera\Desktop\WindowsUpdateDiagnostic.diagcab
2015-06-06 18:43 - 2015-06-07 08:23 - 00000000 ____D C:\Users\Monstera\AppData\Local\Abelssoft
2015-06-06 18:43 - 2015-06-06 20:02 - 00000000 ____D C:\windows\System32\Tasks\Abelssoft
2015-06-06 18:43 - 2015-06-06 20:02 - 00000000 ____D C:\ProgramData\XDMessagingv4
2015-06-06 18:43 - 2015-06-06 18:43 - 00000000 ____D C:\Users\Monstera\AppData\Roaming\Abelssoft
2015-06-06 18:19 - 2015-06-06 20:00 - 00007626 _____ C:\Users\Monstera\AppData\Local\resmon.resmoncfg
2015-06-06 16:18 - 2015-06-06 16:18 - 00000000 ____D C:\Users\Monstera\AppData\Roaming\InstallShield
2015-06-06 16:18 - 2015-06-06 16:18 - 00000000 ____D C:\ProgramData\InstallShield
2015-06-02 08:17 - 2015-06-02 08:17 - 00000000 ____D C:\Users\Monstera\AppData\Local\GWX
2015-05-22 21:51 - 2015-05-22 21:51 - 00003100 _____ C:\windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-4175866378-3063520444-1462022353-1002
2015-05-17 23:52 - 2015-06-11 07:57 - 00001134 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-17 23:52 - 2015-06-11 07:03 - 00001130 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-17 22:30 - 2015-06-08 16:30 - 00003180 _____ C:\windows\System32\Tasks\HPCeeScheduleForMonstera
2015-05-17 22:30 - 2015-06-08 16:30 - 00000360 _____ C:\windows\Tasks\HPCeeScheduleForMonstera.job
2015-05-13 11:05 - 2015-05-05 19:59 - 00792568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-05-13 11:05 - 2015-05-05 19:59 - 00178168 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-13 08:58 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 08:58 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 08:26 - 2015-05-13 08:26 - 00000000 ____D C:\ProgramData\StarMoney 10
2015-05-13 08:26 - 2015-05-13 08:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 10
2015-05-13 08:25 - 2015-06-11 07:05 - 00000000 ____D C:\Program Files (x86)\StarMoney 10
2015-05-13 08:20 - 2015-04-24 23:32 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-05-13 08:20 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2015-05-13 08:20 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2015-05-13 08:20 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-05-13 08:20 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-05-13 08:20 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-05-13 08:20 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-05-13 08:20 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
2015-05-13 08:20 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\windows\system32\Drivers\bthhfenum.sys
2015-05-13 08:20 - 2015-03-05 01:09 - 01429504 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-05-13 08:20 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers.dll
2015-05-13 08:19 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-05-13 08:19 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-05-13 08:19 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-05-13 08:19 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-05-13 08:19 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-05-13 08:19 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-05-13 08:19 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-05-13 08:19 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-05-13 08:19 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-05-13 08:19 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-05-13 08:19 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2015-05-13 08:19 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-05-13 08:19 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-05-13 08:19 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-05-13 08:19 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-05-13 08:19 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-05-13 08:19 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-05-13 08:19 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-05-13 08:19 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-05-13 08:19 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-05-13 08:19 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-05-13 08:19 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-05-13 08:19 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-05-13 08:19 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-05-13 08:19 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-05-13 08:19 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-05-13 08:19 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-05-13 08:19 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-05-13 08:19 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-05-13 08:19 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-05-13 08:19 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-05-13 08:19 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-05-13 08:19 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-05-13 08:19 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-05-13 08:19 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-05-13 08:19 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-05-13 08:19 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-05-13 08:19 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-05-13 08:19 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-05-13 08:19 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-05-13 08:19 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-05-13 08:19 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-05-13 08:19 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-05-13 08:19 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-05-13 08:19 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-05-13 08:19 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-05-13 08:19 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\PhotoMetadataHandler.dll
2015-05-13 08:19 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\PhotoMetadataHandler.dll
2015-05-13 08:19 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\windows\SysWOW64\dbgeng.dll
2015-05-13 08:19 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\windows\system32\dbgeng.dll
2015-05-13 08:19 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\windows\system32\dbghelp.dll
2015-05-13 08:19 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\windows\SysWOW64\dbghelp.dll
2015-05-13 08:19 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ahcache.sys
2015-05-13 08:19 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys
2015-05-13 08:19 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys
2015-05-13 08:19 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\udfs.sys
2015-05-13 08:19 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\windows\system32\SRH.dll
2015-05-13 08:19 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\SRH.dll
2015-05-13 08:19 - 2015-03-13 02:29 - 00410017 _____ C:\windows\system32\ApnDatabase.xml
2015-05-13 08:19 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-05-13 08:19 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-05-13 08:19 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-05-13 08:19 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\windows\system32\wevtsvc.dll
2015-05-13 08:19 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpdshext.dll
2015-05-13 08:19 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Input.Inking.dll
2015-05-13 08:19 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-13 08:19 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll
2015-05-13 08:16 - 2015-05-13 08:16 - 00000000 ____D C:\Users\Monstera\Downloads\Smoney
2015-05-12 08:38 - 2015-05-12 08:38 - 00000000 ____D C:\Users\Monstera\Downloads\KeePass2.29
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-11 08:16 - 2014-06-25 10:45 - 00000000 ____D C:\Users\Monstera
2015-06-11 08:02 - 2013-08-22 17:36 - 00000000 ____D C:\windows\system32\sru
2015-06-11 07:25 - 2014-06-29 16:55 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-06-11 07:24 - 2014-09-02 20:15 - 00005144 _____ C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ZUHAUSE-Monstera Zuhause
2015-06-11 07:20 - 2014-07-26 21:06 - 00000000 ____D C:\Users\Monstera\.rainlendar2
2015-06-11 07:20 - 2014-07-07 17:44 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-06-11 07:15 - 2014-06-25 10:50 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4175866378-3063520444-1462022353-1002
2015-06-11 07:06 - 2014-06-25 10:47 - 00003938 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{3EFF7CDF-B4D4-493C-B898-8A3F429F93A7}
2015-06-11 07:03 - 2014-06-26 06:10 - 00000000 ___DO C:\Users\Monstera\SkyDrive
2015-06-10 22:13 - 2014-12-02 10:45 - 01102778 _____ C:\windows\WindowsUpdate.log
2015-06-10 19:45 - 2015-03-22 11:23 - 00039623 _____ C:\windows\setupact.log
2015-06-10 16:00 - 2014-09-23 16:00 - 00000336 _____ C:\windows\Tasks\MT66 Software Update.job
2015-06-10 15:23 - 2013-08-22 17:36 - 00000000 ____D C:\windows\AppReadiness
2015-06-10 15:20 - 2013-08-22 17:20 - 00000000 ____D C:\windows\CbsTemp
2015-06-10 15:18 - 2014-03-25 11:50 - 00757756 _____ C:\windows\system32\perfh007.dat
2015-06-10 15:18 - 2014-03-25 11:50 - 00173028 _____ C:\windows\system32\perfc007.dat
2015-06-10 15:18 - 2013-08-24 23:38 - 01783968 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-10 15:12 - 2013-08-22 16:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-09 19:25 - 2014-06-29 16:55 - 00003772 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-06-08 15:49 - 2014-06-29 12:50 - 00000368 _____ C:\windows\lgfwup.ini
2015-06-08 15:49 - 2014-06-29 12:49 - 00000000 ____D C:\Program Files (x86)\lg_fwupdate
2015-06-08 15:46 - 2013-08-22 15:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-06-08 15:45 - 2014-12-12 12:48 - 00000000 ____D C:\windows\system32\appraiser
2015-06-08 15:45 - 2014-07-10 17:24 - 00000000 ___SD C:\windows\system32\CompatTel
2015-06-08 15:35 - 2015-01-21 10:24 - 00057344 ___SH C:\Users\Monstera\Desktop\Thumbs.db
2015-06-08 15:14 - 2015-05-04 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2015-06-08 15:14 - 2015-05-04 13:01 - 00000000 ____D C:\Program Files (x86)\Brother
2015-06-08 15:14 - 2015-04-06 11:20 - 00000000 ___SD C:\windows\system32\GWX
2015-06-08 15:14 - 2014-08-04 00:07 - 00000000 ____D C:\Users\Monstera\AppData\Local\Microsoft Help
2015-06-08 15:14 - 2014-08-04 00:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-06-08 15:14 - 2014-06-29 11:23 - 00000000 ____D C:\ProgramData\Protexis
2015-06-08 15:14 - 2014-06-26 09:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-08 15:14 - 2014-06-25 15:33 - 00000000 ____D C:\Users\Monstera\AppData\Roaming\MediaMonkey
2015-06-08 15:14 - 2014-06-25 10:56 - 00000000 ____D C:\Users\Monstera\AppData\Local\Hewlett-Packard
2015-06-08 15:14 - 2014-03-25 11:44 - 00000000 ____D C:\windows\Hewlett-Packard
2015-06-08 15:14 - 2014-03-25 11:08 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-06-08 15:14 - 2013-08-22 15:36 - 00000000 ____D C:\windows\system32\Sysprep
2015-06-08 15:14 - 2013-08-22 15:36 - 00000000 ____D C:\windows\servicing
2015-06-08 15:06 - 2013-08-22 17:36 - 00000000 ____D C:\windows\registration
2015-06-08 15:04 - 2014-09-23 16:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MedienTeam66
2015-06-08 15:03 - 2014-09-23 16:00 - 00000000 ____D C:\Program Files (x86)\MedienTeam66
2015-06-08 15:03 - 2014-08-04 17:08 - 00000000 __RHD C:\MSOCache
2015-06-08 15:03 - 2014-03-25 11:09 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-08 14:48 - 2015-05-04 10:59 - 00000000 ____D C:\Users\Monstera\AppData\Local\LogMeIn Rescue Applet
2015-06-08 13:55 - 2014-07-29 20:42 - 00000000 ____D C:\Users\Monstera\AppData\Roaming\Nitro PDF
2015-06-08 13:26 - 2015-01-27 20:23 - 00000000 ___HD C:\Program Files (x86)\Temp
2015-06-08 13:14 - 2014-06-29 02:24 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2015-06-07 18:52 - 2015-05-03 07:55 - 00000000 ____D C:\AdwCleaner
2015-06-07 08:23 - 2015-01-29 12:49 - 00000000 ____D C:\windows\Minidump
2015-06-07 08:03 - 2015-03-23 16:24 - 00009070 _____ C:\windows\PFRO.log
2015-05-30 02:34 - 2014-06-29 11:35 - 00000000 ____D C:\Users\Monstera\AppData\Local\CrashDumps
2015-05-28 06:52 - 2014-07-28 11:29 - 00000000 ____D C:\Users\Monstera\AppData\Roaming\Nitro
2015-05-27 20:20 - 2015-04-13 17:36 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-25 14:06 - 2014-03-25 11:14 - 00000000 ____D C:\ProgramData\Temp
2015-05-24 16:17 - 2014-07-09 19:11 - 00000000 ___RD C:\Users\Monstera\Desktop\Wartung
2015-05-24 00:58 - 2015-01-11 20:58 - 00000000 ____D C:\Users\Monstera\AppData\Roaming\Audacity
2015-05-22 21:51 - 2015-05-09 08:59 - 00000000 ___RD C:\Users\Monstera\OneDrive
2015-05-20 08:31 - 2015-04-06 11:20 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-05-19 08:35 - 2014-08-04 00:04 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-05-17 23:52 - 2014-11-09 20:36 - 00004106 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 23:52 - 2014-11-09 20:36 - 00003870 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-17 20:59 - 2014-10-26 21:16 - 00000000 ____D C:\MediaphorAG
2015-05-17 20:52 - 2014-07-09 18:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tobit.Software
2015-05-15 19:41 - 2013-08-22 17:36 - 00000000 ____D C:\windows\rescache
2015-05-13 11:04 - 2014-07-23 22:14 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-13 11:04 - 2014-07-23 22:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 11:04 - 2013-08-22 16:44 - 00491856 _____ C:\windows\system32\FNTCACHE.DAT
2015-05-13 09:46 - 2013-08-22 17:36 - 00000000 ___RD C:\windows\ImmersiveControlPanel
2015-05-13 09:46 - 2013-08-22 15:36 - 00000000 ____D C:\windows\system32\AdvancedInstallers
2015-05-13 09:46 - 2013-08-22 15:25 - 00262144 ___SH C:\windows\system32\config\BBI(2837)
2015-05-13 08:57 - 2014-06-26 06:40 - 00000000 ____D C:\windows\system32\MRT
2015-05-13 08:54 - 2014-07-23 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 08:54 - 2014-06-26 06:40 - 140425016 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-05-13 08:52 - 2013-08-22 21:12 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-13 08:27 - 2014-06-26 01:06 - 00000000 ___RD C:\Users\Monstera\Desktop\Lernen
2015-05-13 08:25 - 2013-08-22 15:25 - 00017486 _____ C:\windows\system32\Drivers\etc\services
2015-05-12 18:14 - 2015-01-06 22:24 - 00000000 ____D C:\temp
2015-05-12 16:58 - 2015-03-19 10:23 - 00000000 ____D C:\Program Files\Recuva
==================== Files in the root of some directories =======
2015-02-03 00:35 - 2010-01-15 11:36 - 0075040 _____ () C:\Program Files (x86)\Common Files\SpeechUninstall.exe
2015-05-03 08:05 - 2015-05-03 08:49 - 0000115 _____ () C:\Users\Monstera\AppData\Roaming\LogFile.txt
2014-07-17 22:07 - 2015-01-27 18:32 - 14155776 _____ () C:\Users\Monstera\AppData\Roaming\Sandra.mdb
2006-12-11 20:13 - 2006-12-11 20:13 - 0097336 _____ (Un4seen Developments) C:\Users\Monstera\AppData\Local\bass.dll
2006-12-11 20:13 - 2006-12-11 20:13 - 0013872 _____ (Un4seen Developments) C:\Users\Monstera\AppData\Local\basscd.dll
2007-08-13 18:46 - 2007-08-13 18:46 - 0102912 _____ (Albert L Faber) C:\Users\Monstera\AppData\Local\CDRip.dll
2007-08-13 18:46 - 2007-08-13 18:46 - 0155136 _____ () C:\Users\Monstera\AppData\Local\lame_enc.dll
2007-01-18 22:09 - 2007-01-18 22:09 - 0623616 _____ (Ivan Bischof ©2003 - 2005) C:\Users\Monstera\AppData\Local\No23 Recorder.exe
2005-08-23 23:34 - 2005-08-23 23:34 - 0029184 _____ () C:\Users\Monstera\AppData\Local\no23xwrapper.dll
2006-10-26 02:06 - 2006-10-26 02:06 - 0015872 _____ () C:\Users\Monstera\AppData\Local\ogg.dll
2015-02-18 20:01 - 2015-04-26 10:26 - 0001576 _____ () C:\Users\Monstera\AppData\Local\RecConfig.xml
2015-06-06 18:19 - 2015-06-06 20:00 - 0007626 _____ () C:\Users\Monstera\AppData\Local\resmon.resmoncfg
2006-10-26 02:06 - 2006-10-26 02:06 - 0143872 _____ () C:\Users\Monstera\AppData\Local\vorbis.dll
2006-10-26 02:06 - 2006-10-26 02:06 - 0064000 _____ () C:\Users\Monstera\AppData\Local\vorbisenc.dll
2006-10-26 02:06 - 2006-10-26 02:06 - 0019456 _____ () C:\Users\Monstera\AppData\Local\vorbisfile.dll
Some files in TEMP:
====================
C:\Users\Monstera\AppData\Local\Temp\Extract.exe
C:\Users\Monstera\AppData\Local\Temp\SP70869.exe
C:\Users\Monstera\AppData\Local\Temp\TOBITCLT.DLL
C:\Users\Monstera\AppData\Local\Temp\_isDEE2.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-11 07:15
==================== End of log ============================
Hier Additions.txt FRST Additions Logfile: [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Monstera at 2015-06-11 08:19:59
Running from C:\Users\Monstera\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4175866378-3063520444-1462022353-500 - Administrator - Disabled)
Gast (S-1-5-21-4175866378-3063520444-1462022353-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4175866378-3063520444-1462022353-1006 - Limited - Enabled)
Monstera (S-1-5-21-4175866378-3063520444-1462022353-1002 - Administrator - Enabled) => C:\Users\Monstera
UpdatusUser (S-1-5-21-4175866378-3063520444-1462022353-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
ANNO 1503 GOLD (HKLM-x32\...\{DB833EF9-A198-49BE-970A-BD46F30BFBB4}) (Version: 1.05.00 - )
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
ArcSoft Family Paint (HKLM-x32\...\{8393D59B-D45F-470B-90EB-EEA15E664AE7}) (Version: 1.0.5.263 - ArcSoft)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version: - AVM Berlin)
Billard2 (HKLM-x32\...\Billard2_is1) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.170 - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: - Broadcom Corporation)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9850 - Broadcom Corporation)
Brother MFL-Pro Suite DCP-195C (HKLM-x32\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.10.2.21 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.4.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.75.0.2014 - Georgy Berdyshev)
CHIP Free MP3 converter for YouTube 3.0 Professional-E (HKLM-x32\...\{2ED4869A-6D7B-4a8f-8261-B842DA4852FA}_is1) (Version: - )
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel PaintShop Pro Picture Tube Content (x32 Version: 1.0.0.40 - Corel Corporation) Hidden
Corel PaintShop Pro Picture Tube Content (x32 Version: 1.00.0000 - Ihr Firmenname) Hidden
Corel PaintShop Pro X5 (HKLM-x32\...\_{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}) (Version: 15.1.0.10 - Corel Corporation)
Corel PaintShop Pro X5 (x32 Version: 15.3.0.8 - Corel Corporation) Hidden
CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0.6603 - CyberLink Corp.)
CyberLink Media Suite 8 (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2820b - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4323 - CyberLink Corp.)
CyberLink Power2Go 9 (HKLM-x32\...\InstallShield_{57D68FAE-CB5E-4fd6-AE3B-A0B43375AF18}) (Version: 9.0.1827.0 - CyberLink Corp.)
CyberLink PowerBackup 2.5 (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.9729 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.4223 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.0.4203 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DATA BECKER Graphic Works 10 (HKLM-x32\...\Graphic Works 10_is1) (Version: 1.3.511.0 - DATA BECKER GmbH & Co. KG)
DC Toolkit Pro 2 2D (HKLM-x32\...\DC Toolkit Pro 2 2D_is1) (Version: 2.0.0 - Franzis Verlag)
DesignCAD 23 (HKLM-x32\...\{6A4BD131-24BC-4703-82A0-F4008B6BCFBE}) (Version: 23.0.0 - IMSIDesign)
DesignCAD 3D Max 22 (HKLM-x32\...\{CCB44106-246E-45A5-8507-801F39EFB55B}) (Version: 22.0.0 - IMSIDesign)
DesignCAD Toolkit Architektur & Planung 22 Version 22 (HKLM-x32\...\DesignCAD Toolkit Architektur & Planung 22_is1) (Version: 22 - Franzis Verlag)
DesignCAD Toolkit Holz- & Tischlerarbeiten 22 Version 22 (HKLM-x32\...\DesignCAD Toolkit Holz- & Tischlerarbeiten 22_is1) (Version: 22 - Franzis Verlag)
DesignCAD Toolkit Maschinenbau & Konstruktion 22 Version 22 (HKLM-x32\...\DesignCAD Toolkit Maschinenbau & Konstruktion 22_is1) (Version: 22 - Franzis Verlag)
DIE SIEDLER - Aufstieg eines Königreichs (HKLM-x32\...\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}) (Version: 1.00.0000 - Ubisoft)
EBookToMP3 (HKLM-x32\...\EBookToMP3_is1) (Version: Aktuelle Version - IN MEDIA KG)
Elevated Installer (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Exact Audio Copy 1.0beta4 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta4 - Andre Wiethoff)
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Foxit Reader (HKLM-x32\...\{27E3028E-06C8-4C09-8C3E-07F7F508304E}) (Version: 5.3.1.606 - Foxit Corporation)
Freemake Video Converter Version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
Garmin BaseCamp (HKLM-x32\...\{CBB4288D-2D32-43BB-8FCE-3F102E385956}) (Version: 4.3.5 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{50755d67-ae60-4e47-b3d6-ce44d01b5a95}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP Documentation (HKLM-x32\...\{2BCA9FBB-9606-4689-8BAA-F63981F674FC}) (Version: 1.1.0.0 - Hewlett-Packard)
HP My Display TouchSmart Edition (HKLM-x32\...\{4DCC6015-444F-42A6-9D84-0B8D4B9EFC09}) (Version: 2.06.56.0 - Portrait Displays, Inc.)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7045.4591 - Hewlett-Packard)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.27.0 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.29.01 - Hyperionics Technology LLC)
ICA (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6486.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Interaktive Sprachreise - Sprachkurs 1 Deutsch (HKLM-x32\...\ISRD1_18_689525) (Version: - digital publishing AG)
IPM_PSP_COM (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LEC Translate (HKLM-x32\...\{B593248E-8CD9-4C54-AD3C-F6848C6A4209}) (Version: 1.00.0004 - Ihr Firmenname)
LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
LingvoSoft Dictionary 2008 German<->Polish for Windows (HKLM-x32\...\LingvoSoft Dictionary 2008 German<->Polish for Windows) (Version: 4.1.29 - LingvoSoft)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
MEDUSA4 PERSONAL V5.2.1 (HKLM-x32\...\MEDUSA4_PERSONAL_V5_2_1) (Version: V5.2.1 - CAD Schroer)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Speech SDK 5.1 (HKLM-x32\...\{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}) (Version: 5.1.4324.0 - Microsoft)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
Mp3tag v2.66 (HKLM-x32\...\Mp3tag) (Version: v2.66 - Florian Heidenreich)
MyFreeCodec (HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\MyFreeCodec) (Version: - )
Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski (HKLM-x32\...\{90150000-001F-0415-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Nitro Pro 9 (HKLM-x32\...\{c5237a45-d0a0-4c12-9269-f59919377de1}) (Version: 9.5.3.8 - Nitro)
Nitro Pro 9 (Version: 9.5.3.8 - Nitro) Hidden
No23 Recorder (HKLM-x32\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
NVIDIA Graphics Driver 326.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 326.49 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
PDF24 Creator 6.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.312.1 - Tracker Software Products Ltd)
Protect Disc License Helper 1.0.125 (IE) (HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PSPPContent (x32 Version: 15.3.0.8 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
PSPPro64 (Version: 15.1.0.10 - Corel Corporation) Hidden
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version: - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Recovery Manager (x32 Version: 5.5.0.7001 - CyberLink Corp.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
SDK (x32 Version: 2.39.004 - Portrait Displays, Inc.) Hidden
Setup (x32 Version: 15.1.0.10 - Ihr Firmenname) Hidden
SiSoftware Sandra Lite 2014.SP2a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 20.35.2014.6 - SiSoftware)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Speech Support (HKLM-x32\...\Speech Support) (Version: - LEC)
SPEEDLINK USB GAMEPAD (HKLM-x32\...\{9C42F308-A660-4445-9269-A740EEDCC1F0}) (Version: 09.28.2009 - SPEEDLINK)
StarMoney (x32 Version: 4.0.4.16 - StarFinanz) Hidden
StarMoney (x32 Version: 5.0.0.226 - StarFinanz) Hidden
StarMoney 10 (HKLM-x32\...\{84697C64-F9EB-4E92-851C-CF063FCC2619}) (Version: 10 - Star Finanz GmbH)
SteuerSparErklärung 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.30.147 - Akademische Arbeitsgemeinschaft)
Sun ODF Plugin for Microsoft Office 3.2 (HKLM-x32\...\{BD136CE7-6666-4273-A056-8D92F8625AAB}) (Version: 3.2.9483 - Sun Microsystems)
TextMaker Viewer (HKLM-x32\...\TextMaker Viewer) (Version: - SoftMaker Software GmbH)
Themen aktuell 1 (HKLM-x32\...\Themen aktuell 1) (Version: - )
TrueSync (HKLM-x32\...\{3638D219-4AA5-4700-AC4B-272EF2F2DF1B}) (Version: 1.2.0.120 - sMedio Inc.)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Windows Driver Package - Broadcom Corporation (bcbtums) Bluetooth (08/09/2013 12.0.0.7620) (HKLM\...\7C5445C0C158E0500C2E0AD361C4CBF4BAB2476C) (Version: 08/09/2013 12.0.0.7620 - Broadcom Corporation)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Google, Inc (androidusb) USB (12/11/2012 1.0.0009.00000) (HKLM\...\8E3B176889FB79CA6FE02DF2D2D6DE38BD9FC9F6) (Version: 12/11/2012 1.0.0009.00000 - Google, Inc)
Windows-Treiberpaket - Qualcomm (qcusbnet) Net (10/16/2012 1.0.7.9) (HKLM\...\C03E573DE1B7F7DE10352D707DF6C7E88C0FAA03) (Version: 10/16/2012 1.0.7.9 - Qualcomm)
Windows-Treiberpaket - Qualcomm Incorporated (qcusbser) Modem (10/26/2012 2.1.0.3) (HKLM\...\19E621CD1BB015A1069EB53B72E2877DC34F038C) (Version: 10/26/2012 2.1.0.3 - Qualcomm Incorporated)
Windows-Treiberpaket - Qualcomm Incorporated (qcusbser) Ports (10/26/2012 2.1.0.3) (HKLM\...\521149B020D2896EF887ED07E9FC74DD0C29C17A) (Version: 10/26/2012 2.1.0.3 - Qualcomm Incorporated)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinGeo 2003 (HKLM-x32\...\ST5UNST #1) (Version: - )
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-4 - Bitnami)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4175866378-3063520444-1462022353-1002_Classes\CLSID\{709B46F4-FBCF-ED50-402C-902450FE3277}\InprocServer32 -> C:\windows\system32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4175866378-3063520444-1462022353-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Monstera\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
08-06-2015 13:12:34 Installed HP Support Solutions Framework
08-06-2015 15:00:11 Wiederherstellungsvorgang
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {004FD739-A7BB-4E95-B37A-991822A33CB1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-05-13] (Microsoft Corporation)
Task: {00B9D83B-7FAC-4915-8E4B-5A18081CC592} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {06D19CD4-3F9E-4603-A93C-5B346269021B} - System32\Tasks\HPCeeScheduleForMonstera => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {07E42F17-BDC2-4FCE-AA71-B1468534B155} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {144DEFBE-AF92-44DD-9384-DFF762ECD106} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {208B023F-4978-48F2-B98A-9A7DBA806C97} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {3D04C3BB-B1B7-4570-9CB0-D0A9F9862517} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-18] (Microsoft Corporation)
Task: {52569C6D-8021-4CAE-996E-CACBDA800644} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-4175866378-3063520444-1462022353-1002
Task: {6D2558FE-B7F3-4D59-9745-6FF2C4340637} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {766E3E4D-DDD2-4C0E-A2F5-A6365A38118C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {76C1DC99-9FEB-4D10-945F-E0798D573B3F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ZUHAUSE-Monstera Zuhause => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)
Task: {7B14CB93-1AB5-49BA-BB93-7B960807C3F4} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {7B297CE8-F759-4A1D-8B22-B95E24268492} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-09] (Google Inc.)
Task: {80663FCE-50C8-4741-81E0-AE97FA8DA441} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-09] (Google Inc.)
Task: {93975150-2308-4FC5-AA84-9552B278D8CA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {9A488A16-5D4B-402D-9845-2088932F4F8A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {9C9A2601-94E6-4B10-BA52-8152AD6E4E2B} - System32\Tasks\MT66 Software Update => C:\Program Files (x86)\Common Files\MT66 Software Update\UpdateClient.exe
Task: {B6F81985-21CF-4C77-A2D1-AFCD13CB81FB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {C07FE103-971F-44AD-999F-3210EB27ECE4} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-4175866378-3063520444-1462022353-1002 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {C4BE6DB7-00AD-4442-8B31-2A1E772B814D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {CEF30E15-A78F-4CC4-B8BA-9F541D3AE341} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-09] (Adobe Systems Incorporated)
Task: {D0CACD80-D9C5-40D3-8B1D-1FD2C319E46E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {ECD869D2-BE17-46B6-B79C-566034B419F6} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {F18A70BA-D910-433B-8976-ABC1C2E0F1A8} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Task: {F9821848-7B9A-4D5B-A16F-0116C90682F5} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForMonstera.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\windows\Tasks\MT66 Software Update.job => C:\Program Files (x86)\Common Files\MT66 Software Update\UpdateClient.exe
==================== Loaded Modules (Whitelisted) ==============
2014-09-02 20:00 - 2006-02-23 11:35 - 00020480 _____ () C:\windows\System32\FritzColorPort64.dll
2014-12-02 19:15 - 2014-11-06 16:35 - 00020240 _____ () C:\windows\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2008-10-24 17:35 - 2008-10-24 17:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2015-05-19 08:34 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-08-01 16:03 - 2014-08-01 16:03 - 00418312 _____ () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
2014-07-09 18:57 - 2013-06-03 13:06 - 03999512 _____ () C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
2013-08-09 02:08 - 2013-08-09 02:08 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-03-25 11:13 - 2013-08-01 15:22 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-29 12:25 - 2015-03-29 12:25 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-03-16 19:42 - 2014-03-16 19:42 - 04411488 _____ () C:\Program Files\Rainlendar2\Rainlendar2.exe
2012-05-16 21:12 - 2012-05-16 21:12 - 00179200 _____ () C:\Program Files\Rainlendar2\lua52.dll
2014-03-14 12:24 - 2014-03-14 12:24 - 00324608 _____ () C:\Program Files\Rainlendar2\libical.dll
2014-03-16 19:42 - 2014-03-16 19:42 - 00082528 _____ () C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll
2014-03-14 12:24 - 2014-03-14 12:24 - 00080384 _____ () C:\Program Files\Rainlendar2\libicalss.dll
2012-06-17 15:21 - 2012-06-17 15:21 - 00015360 _____ () C:\Program Files\Rainlendar2\lfs.dll
2014-07-30 18:28 - 2012-04-24 18:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2015-06-07 11:25 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 10\ouservice\PATCHW32.dll
2014-03-25 11:11 - 2013-08-08 23:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-08-09 02:08 - 2013-08-09 02:08 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-12-05 11:42 - 2014-07-08 08:37 - 00866056 _____ () C:\Program Files (x86)\CyberLink\Power2Go9\UNO.dll
2014-12-05 11:42 - 2014-03-06 11:30 - 09488856 _____ () C:\Program Files (x86)\CyberLink\Power2Go9\Language\DEU\P2GRC.dll
2014-12-05 11:42 - 2014-07-08 08:37 - 01693960 _____ () C:\Program Files (x86)\CyberLink\Power2Go9\runtime\authoring\AuroraU.dll
2014-07-30 18:28 - 2012-04-24 18:43 - 00037352 ____N () C:\Program Files (x86)\Cyberlink\Shared files\RichVideops.dll
2014-12-05 11:42 - 2011-12-20 05:30 - 00249344 _____ () C:\Program Files (x86)\CyberLink\Power2Go9\runtime\mediacache\libebml.dll
2014-12-05 11:42 - 2011-12-20 05:30 - 00548352 _____ () C:\Program Files (x86)\CyberLink\Power2Go9\runtime\mediacache\libmatroska.dll
2014-12-05 11:42 - 2014-07-08 08:37 - 00175880 _____ () C:\Program Files (x86)\CyberLink\Power2Go9\CLVistaAudioMixer.dll
2014-12-05 11:42 - 2014-07-08 08:37 - 00302344 _____ () C:\Program Files (x86)\CyberLink\Power2Go9\runtime\authoring\EditingMgrWrapperU.dll
2014-12-05 11:42 - 2011-04-26 10:33 - 00084264 _____ () C:\Program Files (x86)\CyberLink\Power2Go9\GpuUtility.dll
2014-12-05 11:42 - 2009-10-09 10:30 - 00192512 _____ () C:\Program Files (x86)\CyberLink\Power2Go9\cudart.dll
2012-01-18 01:21 - 2012-01-18 01:21 - 00068104 _____ () C:\Program Files (x86)\Hewlett-Packard\HP My Display\PEGAACPIDLL.dll
2014-03-06 16:00 - 2014-03-06 16:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2015-03-29 12:25 - 2015-03-29 12:25 - 00039384 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2015-06-09 21:58 - 2015-06-05 20:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll
2015-06-09 21:58 - 2015-06-05 20:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll
2015-06-09 21:58 - 2015-06-05 20:22 - 15003464 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:8D09CB9B
AlternateDataStreams: C:\ProgramData\Temp:9EFFD26D
AlternateDataStreams: C:\Users\Monstera\SkyDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Monstera\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "ImageBrowser EX Agent.lnk"
HKLM\...\StartupApproved\Run32: => "ControlCenter3"
HKLM\...\StartupApproved\Run32: => "BrMfcWnd"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G9"
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\StartupApproved\Run: => "rfxsrvtray"
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\StartupApproved\Run: => "Browser Infrastructure Helper"
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\StartupApproved\Run: => "KiesPreload"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D84FA73F-FD9C-4E4E-953A-DB0D57169FF4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{A75F79D3-00C8-4E93-B4D7-7E2AE15AA8B8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{617D5179-6437-45DF-A39F-9E4AC66AAA92}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{05F01972-82E9-4B16-8384-E05C929398F9}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{C3972112-95E0-4FA0-AB70-2A8F58BA2C37}] => (Allow) LPort=8182
FirewallRules: [{09368204-F452-4066-8E5E-1070FC77666F}] => (Allow) LPort=5353
FirewallRules: [{0085D229-5825-4D54-B73D-E291B21C8405}] => (Allow) LPort=8088
FirewallRules: [{56705213-A75A-4BDA-8DB5-C9B660F4A152}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{735585C4-AEC6-4C45-98FE-C2094869F124}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{50BF67A7-CA63-4619-92FD-B97C2DEF422C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{356EC2CE-34D6-4025-99BF-4EB81C5CC681}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EEE1177F-201C-417E-8A1E-044C4C3EBFC1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B536863A-3926-4E85-B720-AA8FCEB42059}] => (Allow) C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
FirewallRules: [{17B6FF74-86A4-41DC-A1B5-776940633219}] => (Allow) C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
FirewallRules: [{1E02272D-7E1B-43E6-8F55-77389B9CDDC2}] => (Allow) C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-client.exe
FirewallRules: [{04A4D5D2-005E-47FC-9298-A9D3F407B0A1}] => (Allow) C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-client.exe
FirewallRules: [{5D02EC5F-B5DB-47EB-82D1-04AB797C26AF}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe
FirewallRules: [{83B58603-B807-447F-AB9B-F52E807D2678}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{81533655-1886-4FDE-98CA-DB0BBC04AAE2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{CC5F9F6F-DB09-4C60-9C22-8F68D9681D32}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{07D32250-39D5-4850-8ABD-EB184557FAB2}] => (Allow) LPort=2869
FirewallRules: [{17976139-DBB6-4D73-BE81-FB288BA48A71}] => (Allow) LPort=1900
FirewallRules: [{8E47A96A-27D5-47DF-BA0F-BD0E7225808B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{927FBF67-404D-40C5-88D8-DF01BE380AB5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{812A7373-C94F-47CC-A154-5184474EA474}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\WNt500x64\RpcSandraSrv.exe
FirewallRules: [TCP Query User{F4C75863-360F-4ABE-BCDF-3504C2257018}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [UDP Query User{F965599E-0311-4616-81C9-21B3A9B8FDD4}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [{491CA7A9-D41C-482B-89B0-BFA1C3B6DF7D}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{745AA406-9219-4B8F-ACCC-76D721B7FBEB}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{7C643DCA-AD51-4676-8E0C-BA9293C7DFA0}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe
FirewallRules: [{FD0B51E1-C7A1-4E99-9C87-6129C2683B0D}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe
FirewallRules: [{59E152F3-B0C6-4AF1-BCB5-F147875F6762}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{FCB6777C-4BEB-4DDF-B85D-7BAB93A80BF0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
==================== Faulty Device Manager Devices =============
Name: USB-Massenspeichergerät
Description: USB-Massenspeichergerät
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Kompatibles USB-Speichergerät
Service: USBSTOR
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/10/2015 05:41:37 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
Error: (06/10/2015 04:46:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1125
Error: (06/10/2015 04:46:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1125
Error: (06/10/2015 04:46:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/10/2015 03:12:58 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet. 0x0.
Error: (06/10/2015 03:12:58 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
Kontext: Anwendung, SystemIndex Katalog
Error: (06/10/2015 03:12:57 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Die Leistungsüberwachung kann für den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
Error: (06/09/2015 05:20:33 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
Error: (06/08/2015 04:06:18 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
Error: (06/08/2015 03:48:39 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet. 0x0.
System errors:
=============
Error: (06/10/2015 07:18:58 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20. Der Windows-SChannel-Fehlerstatus lautet: 960.
Error: (06/10/2015 03:12:35 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 10.06.2015 um 15:03:17 unerwartet heruntergefahren.
Error: (06/10/2015 03:02:49 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error: (06/08/2015 03:01:26 PM) (Source: DCOM) (EventID: 10010) (User: ZUHAUSE)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (06/07/2015 06:56:26 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Gerätezuordnungsdienst" wurde nicht richtig gestartet.
Error: (06/07/2015 06:55:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Smartcard" ist vom Dienst "Windows Driver Foundation - Benutzermodus-Treiberframework" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1070
Error: (06/07/2015 06:55:33 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Driver Foundation - Benutzermodus-Treiberframework" wurde nicht richtig gestartet.
Error: (06/07/2015 01:06:23 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Gerätezuordnungsdienst" wurde nicht richtig gestartet.
Error: (06/07/2015 01:05:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Smartcard" ist vom Dienst "Windows Driver Foundation - Benutzermodus-Treiberframework" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1070
Error: (06/07/2015 01:05:27 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Driver Foundation - Benutzermodus-Treiberframework" wurde nicht richtig gestartet.
Microsoft Office:
=========================
Error: (06/10/2015 05:41:37 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
Error: (06/10/2015 04:46:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1125
Error: (06/10/2015 04:46:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1125
Error: (06/10/2015 04:46:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/10/2015 03:12:58 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: WSearchIdxPiDer Vorgang wurde erfolgreich beendet. 0x0
Error: (06/10/2015 03:12:58 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Error: (06/10/2015 03:12:57 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description:
Error: (06/09/2015 05:20:33 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
Error: (06/08/2015 04:06:18 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
Error: (06/08/2015 03:48:39 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: WSearchIdxPiDer Vorgang wurde erfolgreich beendet. 0x0
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4570T CPU @ 2.90GHz
Percentage of memory in use: 30%
Total physical RAM: 8082.58 MB
Available physical RAM: 5643.74 MB
Total Pagefile: 9362.58 MB
Available Pagefile: 6523.15 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:918.56 GB) (Free:751.78 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:11.47 GB) (Free:1.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (windows 10-Daten) (Fixed) (Total:58.59 GB) (Free:58.49 GB) NTFS
Drive g: (Elements) (Fixed) (Total:872.89 GB) (Free:591.23 GB) NTFS
Drive k: (BootStick) (Fixed) (Total:59.62 GB) (Free:35.26 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C0CF919E)
Partition: GPT Partition Type.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: E97BA250)
Partition 1: (Active) - (Size=59.6 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: CA8D065F)
Partition 1: (Not Active) - (Size=872.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=58.6 GB) - (Type=07 NTFS)
==================== End of log ============================
--- --- --- Hier defogger_disable.log Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 08:16 on 11/06/2015 (Monstera)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
|
|
11.06.2015, 12:53
| #4 |
| | Booten langsam, Drucker geht...geht nicht,Programme öffnen geht...geht nicht hier Gmer.txt Teil 1 Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-06-11 08:41:19
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000034 ST1000LM014-1EJ164-SSHD rev.HPD3 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Monstera\AppData\Local\Temp\pxrdypow.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\windows\System32\win32k.sys!W32pServiceTable fffff960000ad900 15 bytes [00, 57, F4, 01, 40, 8F, 6E, ...]
.text C:\windows\System32\win32k.sys!W32pServiceTable + 16 fffff960000ad910 11 bytes [00, 41, FC, FF, 00, 79, C7, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5092] C:\windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff8c5353e10 7 bytes JMP 00007ff9c3320340
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5092] C:\windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ff8c5353e20 7 bytes JMP 00007ff9c3320378
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5092] C:\windows\system32\KERNEL32.DLL!RegSetValueExW 00007ff8c54039b0 7 bytes JMP 00007ff9c3320420
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5092] C:\windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ff8c5403ef0 7 bytes JMP 00007ff9c33203b0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5092] C:\windows\system32\KERNEL32.DLL!RegSetValueExA 00007ff8c5403fe0 7 bytes JMP 00007ff9c33203e8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5092] C:\windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff8c54306c0 7 bytes JMP 00007ff9c3320298
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5092] C:\windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff8c5430730 7 bytes JMP 00007ff9c3320308
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5092] C:\windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 00007ff8c5430760 7 bytes JMP 00007ff9c33202d0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5092] C:\windows\system32\KERNELBASE.dll!FreeLibrary 00007ff8c33321d0 5 bytes JMP 00007ff9c3320180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5092] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ff8c33329d0 7 bytes JMP 00007ff9c33200d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5092] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff8c3334310 5 bytes JMP 00007ff9c3320110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5092] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ff8c3338d80 5 bytes JMP 00007ff9c3320148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5092] C:\windows\SYSTEM32\combase.dll!CoCreateInstance 00007ff8c54cd050 7 bytes JMP 00007ff9c3320228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5092] C:\windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ff8c54fb170 5 bytes JMP 00007ff9c3320260
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5092] C:\windows\system32\USER32.dll!CreateWindowExW 00007ff8c50e6d90 10 bytes JMP 00007ff9c3320500
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5092] C:\windows\system32\USER32.dll!EnumDisplayDevicesW 00007ff8c50f74a0 5 bytes JMP 00007ff9c33204c8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5092] C:\windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff8c50f7560 9 bytes JMP 00007ff9c3320458
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5092] C:\windows\system32\USER32.dll!EnumDisplayDevicesA 00007ff8c5106b10 5 bytes JMP 00007ff9c3320490
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5092] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff8c56b1500 8 bytes JMP 00007ff9c33201b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5092] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff8c56b1750 8 bytes JMP 00007ff9c33201f0
.text C:\windows\system32\taskhostex.exe[656] C:\windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff8c5353e10 7 bytes JMP 00007ff9c33202d0
.text C:\windows\system32\taskhostex.exe[656] C:\windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ff8c5353e20 7 bytes JMP 00007ff9c3320308
.text C:\windows\system32\taskhostex.exe[656] C:\windows\system32\KERNEL32.DLL!RegSetValueExW 00007ff8c54039b0 7 bytes JMP 00007ff9c33203b0
.text C:\windows\system32\taskhostex.exe[656] C:\windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ff8c5403ef0 7 bytes JMP 00007ff9c3320340
.text C:\windows\system32\taskhostex.exe[656] C:\windows\system32\KERNEL32.DLL!RegSetValueExA 00007ff8c5403fe0 7 bytes JMP 00007ff9c3320378
.text C:\windows\system32\taskhostex.exe[656] C:\windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff8c54306c0 7 bytes JMP 00007ff9c3320228
.text C:\windows\system32\taskhostex.exe[656] C:\windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff8c5430730 7 bytes JMP 00007ff9c3320298
.text C:\windows\system32\taskhostex.exe[656] C:\windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 00007ff8c5430760 7 bytes JMP 00007ff9c3320260
.text C:\windows\system32\taskhostex.exe[656] C:\windows\system32\KERNELBASE.dll!FreeLibrary 00007ff8c33321d0 5 bytes JMP 00007ff9c3320180
.text C:\windows\system32\taskhostex.exe[656] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ff8c33329d0 7 bytes JMP 00007ff9c33200d8
.text C:\windows\system32\taskhostex.exe[656] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff8c3334310 5 bytes JMP 00007ff9c3320110
.text C:\windows\system32\taskhostex.exe[656] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ff8c3338d80 5 bytes JMP 00007ff9c3320148
.text C:\windows\system32\taskhostex.exe[656] C:\windows\SYSTEM32\combase.dll!CoCreateInstance 00007ff8c54cd050 7 bytes JMP 00007ff9c33204c8
.text C:\windows\system32\taskhostex.exe[656] C:\windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ff8c54fb170 5 bytes JMP 00007ff9c3320500
.text C:\windows\system32\taskhostex.exe[656] C:\windows\SYSTEM32\user32.dll!CreateWindowExW 00007ff8c50e6d90 10 bytes JMP 00007ff9c3320490
.text C:\windows\system32\taskhostex.exe[656] C:\windows\SYSTEM32\user32.dll!EnumDisplayDevicesW 00007ff8c50f74a0 5 bytes JMP 00007ff9c3320458
.text C:\windows\system32\taskhostex.exe[656] C:\windows\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo 00007ff8c50f7560 1 byte JMP 00007ff9c33203e8
.text C:\windows\system32\taskhostex.exe[656] C:\windows\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo + 2 00007ff8c50f7562 7 bytes {JMP 0xfffffffffe228e88}
.text C:\windows\system32\taskhostex.exe[656] C:\windows\SYSTEM32\user32.dll!EnumDisplayDevicesA 00007ff8c5106b10 5 bytes JMP 00007ff9c3320420
.text C:\windows\system32\taskhostex.exe[656] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff8c56b1500 8 bytes JMP 00007ff9c33201b8
.text C:\windows\system32\taskhostex.exe[656] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff8c56b1750 8 bytes JMP 00007ff9c33201f0
.text C:\Windows\System32\skydrive.exe[7712] C:\windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff8c5353e10 7 bytes JMP 00007ff9c3320340
.text C:\Windows\System32\skydrive.exe[7712] C:\windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ff8c5353e20 7 bytes JMP 00007ff9c3320378
.text C:\Windows\System32\skydrive.exe[7712] C:\windows\system32\KERNEL32.DLL!RegSetValueExW 00007ff8c54039b0 7 bytes JMP 00007ff9c3320420
.text C:\Windows\System32\skydrive.exe[7712] C:\windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ff8c5403ef0 7 bytes JMP 00007ff9c33203b0
.text C:\Windows\System32\skydrive.exe[7712] C:\windows\system32\KERNEL32.DLL!RegSetValueExA 00007ff8c5403fe0 7 bytes JMP 00007ff9c33203e8
.text C:\Windows\System32\skydrive.exe[7712] C:\windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff8c54306c0 7 bytes JMP 00007ff9c3320298
.text C:\Windows\System32\skydrive.exe[7712] C:\windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff8c5430730 7 bytes JMP 00007ff9c3320308
.text C:\Windows\System32\skydrive.exe[7712] C:\windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 00007ff8c5430760 7 bytes JMP 00007ff9c33202d0
.text C:\Windows\System32\skydrive.exe[7712] C:\windows\system32\KERNELBASE.dll!FreeLibrary 00007ff8c33321d0 5 bytes JMP 00007ff9c3320180
.text C:\Windows\System32\skydrive.exe[7712] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ff8c33329d0 7 bytes JMP 00007ff9c33200d8
.text C:\Windows\System32\skydrive.exe[7712] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff8c3334310 5 bytes JMP 00007ff9c3320110
.text C:\Windows\System32\skydrive.exe[7712] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ff8c3338d80 5 bytes JMP 00007ff9c3320148
.text C:\Windows\System32\skydrive.exe[7712] C:\windows\SYSTEM32\combase.dll!CoCreateInstance 00007ff8c54cd050 7 bytes JMP 00007ff9c3320228
.text C:\Windows\System32\skydrive.exe[7712] C:\windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ff8c54fb170 5 bytes JMP 00007ff9c3320260
.text C:\Windows\System32\skydrive.exe[7712] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff8c56b1500 8 bytes JMP 00007ff9c33201b8
.text C:\Windows\System32\skydrive.exe[7712] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff8c56b1750 8 bytes JMP 00007ff9c33201f0
.text C:\Windows\System32\skydrive.exe[7712] C:\windows\system32\USER32.dll!CreateWindowExW 00007ff8c50e6d90 10 bytes JMP 00007ff9c3320500
.text C:\Windows\System32\skydrive.exe[7712] C:\windows\system32\USER32.dll!EnumDisplayDevicesW 00007ff8c50f74a0 5 bytes JMP 00007ff9c33204c8
.text C:\Windows\System32\skydrive.exe[7712] C:\windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff8c50f7560 9 bytes JMP 00007ff9c3320458
.text C:\Windows\System32\skydrive.exe[7712] C:\windows\system32\USER32.dll!EnumDisplayDevicesA 00007ff8c5106b10 5 bytes JMP 00007ff9c3320490
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3204] C:\windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff8c5353e10 7 bytes JMP 00007ff9c33202d0
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3204] C:\windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ff8c5353e20 7 bytes JMP 00007ff9c3320308
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3204] C:\windows\system32\KERNEL32.DLL!RegSetValueExW 00007ff8c54039b0 7 bytes JMP 00007ff9c33203b0
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3204] C:\windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ff8c5403ef0 7 bytes JMP 00007ff9c3320340
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3204] C:\windows\system32\KERNEL32.DLL!RegSetValueExA 00007ff8c5403fe0 7 bytes JMP 00007ff9c3320378
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3204] C:\windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff8c54306c0 7 bytes JMP 00007ff9c3320228
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3204] C:\windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff8c5430730 7 bytes JMP 00007ff9c3320298
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3204] C:\windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 00007ff8c5430760 7 bytes JMP 00007ff9c3320260
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3204] C:\windows\system32\KERNELBASE.dll!FreeLibrary 00007ff8c33321d0 5 bytes JMP 00007ff9c3320180
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3204] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ff8c33329d0 7 bytes JMP 00007ff9c33200d8
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3204] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff8c3334310 5 bytes JMP 00007ff9c3320110
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3204] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ff8c3338d80 5 bytes JMP 00007ff9c3320148
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3204] C:\windows\system32\USER32.dll!CreateWindowExW 00007ff8c50e6d90 10 bytes JMP 00007ff9c3320490
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3204] C:\windows\system32\USER32.dll!EnumDisplayDevicesW 00007ff8c50f74a0 5 bytes JMP 00007ff9c3320458
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3204] C:\windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff8c50f7560 1 byte JMP 00007ff9c33203e8
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3204] C:\windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ff8c50f7562 7 bytes {JMP 0xfffffffffe228e88}
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3204] C:\windows\system32\USER32.dll!EnumDisplayDevicesA 00007ff8c5106b10 5 bytes JMP 00007ff9c3320420
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3204] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff8c56b1500 8 bytes JMP 00007ff9c33201b8
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3204] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff8c56b1750 8 bytes JMP 00007ff9c33201f0
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ff8c5de4b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ff8c5de4f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ff8c5de5206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ff8c5de53ff 8 bytes {JMP 0xffffffffffffffee}
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ff8c5de579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ff8c5de5954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ff8c5de5ef1 8 bytes {JMP 0xffffffffffffff9e}
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ff8c5de5f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399 00007ff8c5de60ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977 00007ff8c5de64d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310 00007ff8c5de6616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491 00007ff8c5de66cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359 00007ff8c5de8397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67 00007ff8c5de8a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864 00007ff8c5de8d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143 00007ff8c5de8e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510 00007ff8c5de90ae 8 bytes {JMP 0xffffffffffffff96}
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715 00007ff8c5de917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772 00007ff8c5de9d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!LdrAddRefDll + 685 00007ff8c5de9fcd 8 bytes {JMP 0xffffffffffffffaf}
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 352 00007ff8c5deaae0 8 bytes {JMP 0xffffffffffffffcd}
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 488 00007ff8c5deab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!RtlGetVersion + 565 00007ff8c5deb2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78 00007ff8c5deb33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 311 00007ff8c5dec4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 528 00007ff8c5dec5b0 8 bytes {JMP 0xffffffffffffffc7}
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579 00007ff8c5ded0d3 8 bytes {JMP 0xffffffffffffffef}
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47 00007ff8c5ded10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495 00007ff8c5ded57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43 00007ff8c5ded6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456 00007ff8c5ded888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!TpReleaseWait + 180 00007ff8c5ded944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!RtlRegisterWait + 596 00007ff8c5dedba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!TpAllocWait + 424 00007ff8c5dedd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 771 00007ff8c5dee073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 948 00007ff8c5dee124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48 00007ff8c5dee160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!RtlRandomEx + 756 00007ff8c5deeb74 8 bytes {JMP 0xffffffffffffffd0}
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371 00007ff8c5defe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556 00007ff8c5df009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!RtlProtectHeap + 171 00007ff8c5df015b 8 bytes [70, 6C, 47, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744 00007ff8c5df1438 8 bytes [40, 6C, 47, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214 00007ff8c5df15e6 8 bytes [30, 6C, 47, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567 00007ff8c5df1877 8 bytes [20, 6C, 47, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429 00007ff8c5df1a2d 8 bytes [10, 6C, 47, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213 00007ff8c5df1c35 8 bytes [00, 6C, 47, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ff8c5e61290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ff8c5e61410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ff8c5e61440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ff8c5e61560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ff8c5e61610 8 bytes {JMP QWORD [RIP-0x71122]}
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ff8c5e61cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ff8c5e61fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ff8c5e62850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\system32\wow64cpu.dll!CpuSetContext + 438 00000000776613f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077661583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077661621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077661674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000776616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 00000000776616e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077661727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 7
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 16 00000000776625d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\system32\wow64cpu.dll!CpuInitializeStartupContext + 308 0000000077662714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\system32\wow64cpu.dll!CpuResetToConsistentState + 529 0000000077662961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[6684] C:\windows\system32\wow64cpu.dll!CpuProcessTerm + 595 0000000077662bd3 8 bytes [DC, 6A, 47, 7E, 00, 00, 00, ...]
.text C:\Program Files\IDT\WDM\Beats64.exe[6268] C:\windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff8c5353e10 7 bytes JMP 00007ff9c3320340
.text C:\Program Files\IDT\WDM\Beats64.exe[6268] C:\windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ff8c5353e20 7 bytes JMP 00007ff9c3320378
.text C:\Program Files\IDT\WDM\Beats64.exe[6268] C:\windows\system32\KERNEL32.DLL!RegSetValueExW 00007ff8c54039b0 7 bytes JMP 00007ff9c3320420
.text C:\Program Files\IDT\WDM\Beats64.exe[6268] C:\windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ff8c5403ef0 7 bytes JMP 00007ff9c33203b0
.text C:\Program Files\IDT\WDM\Beats64.exe[6268] C:\windows\system32\KERNEL32.DLL!RegSetValueExA 00007ff8c5403fe0 7 bytes JMP 00007ff9c33203e8
.text C:\Program Files\IDT\WDM\Beats64.exe[6268] C:\windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff8c54306c0 7 bytes JMP 00007ff9c3320298
.text C:\Program Files\IDT\WDM\Beats64.exe[6268] C:\windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff8c5430730 7 bytes JMP 00007ff9c3320308
.text C:\Program Files\IDT\WDM\Beats64.exe[6268] C:\windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 00007ff8c5430760 7 bytes JMP 00007ff9c33202d0
.text C:\Program Files\IDT\WDM\Beats64.exe[6268] C:\windows\system32\KERNELBASE.dll!FreeLibrary 00007ff8c33321d0 5 bytes JMP 00007ff9c3320180
.text C:\Program Files\IDT\WDM\Beats64.exe[6268] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ff8c33329d0 7 bytes JMP 00007ff9c33200d8
.text C:\Program Files\IDT\WDM\Beats64.exe[6268] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff8c3334310 5 bytes JMP 00007ff9c3320110
.text C:\Program Files\IDT\WDM\Beats64.exe[6268] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ff8c3338d80 5 bytes JMP 00007ff9c3320148
.text C:\Program Files\IDT\WDM\Beats64.exe[6268] C:\windows\system32\USER32.dll!CreateWindowExW 00007ff8c50e6d90 10 bytes JMP 00007ff9c3320500
.text C:\Program Files\IDT\WDM\Beats64.exe[6268] C:\windows\system32\USER32.dll!EnumDisplayDevicesW 00007ff8c50f74a0 5 bytes JMP 00007ff9c33204c8
.text C:\Program Files\IDT\WDM\Beats64.exe[6268] C:\windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff8c50f7560 9 bytes JMP 00007ff9c3320458
.text C:\Program Files\IDT\WDM\Beats64.exe[6268] C:\windows\system32\USER32.dll!EnumDisplayDevicesA 00007ff8c5106b10 5 bytes JMP 00007ff9c3320490
.text C:\Program Files\IDT\WDM\Beats64.exe[6268] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff8c56b1500 8 bytes JMP 00007ff9c33201b8
.text C:\Program Files\IDT\WDM\Beats64.exe[6268] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff8c56b1750 8 bytes JMP 00007ff9c33201f0
.text C:\Program Files\IDT\WDM\Beats64.exe[6268] C:\windows\SYSTEM32\combase.dll!CoCreateInstance 00007ff8c54cd050 7 bytes JMP 00007ff9c3320228
.text C:\Program Files\IDT\WDM\Beats64.exe[6268] C:\windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ff8c54fb170 5 bytes JMP 00007ff9c3320260
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ff8c5de4b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ff8c5de4f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ff8c5de5206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ff8c5de53ff 8 bytes {JMP 0xffffffffffffffee}
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ff8c5de579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ff8c5de5954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ff8c5de5ef1 8 bytes {JMP 0xffffffffffffff9e}
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ff8c5de5f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399 00007ff8c5de60ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977 00007ff8c5de64d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310 00007ff8c5de6616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491 00007ff8c5de66cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359 00007ff8c5de8397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67 00007ff8c5de8a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864 00007ff8c5de8d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143 00007ff8c5de8e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510 00007ff8c5de90ae 8 bytes {JMP 0xffffffffffffff96}
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715 00007ff8c5de917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772 00007ff8c5de9d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!LdrAddRefDll + 685 00007ff8c5de9fcd 8 bytes {JMP 0xffffffffffffffaf}
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 352 00007ff8c5deaae0 8 bytes {JMP 0xffffffffffffffcd}
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 488 00007ff8c5deab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!RtlGetVersion + 565 00007ff8c5deb2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78 00007ff8c5deb33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 311 00007ff8c5dec4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 528 00007ff8c5dec5b0 8 bytes {JMP 0xffffffffffffffc7}
.text ... * 2
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579 00007ff8c5ded0d3 8 bytes {JMP 0xffffffffffffffef}
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47 00007ff8c5ded10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495 00007ff8c5ded57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43 00007ff8c5ded6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456 00007ff8c5ded888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!TpReleaseWait + 180 00007ff8c5ded944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!RtlRegisterWait + 596 00007ff8c5dedba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!TpAllocWait + 424 00007ff8c5dedd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 771 00007ff8c5dee073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 948 00007ff8c5dee124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48 00007ff8c5dee160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!RtlRandomEx + 756 00007ff8c5deeb74 8 bytes {JMP 0xffffffffffffffd0}
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371 00007ff8c5defe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556 00007ff8c5df009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!RtlProtectHeap + 171 00007ff8c5df015b 8 bytes [70, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744 00007ff8c5df1438 8 bytes [40, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214 00007ff8c5df15e6 8 bytes [30, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567 00007ff8c5df1877 8 bytes [20, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429 00007ff8c5df1a2d 8 bytes [10, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213 00007ff8c5df1c35 8 bytes [00, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ff8c5e61290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ff8c5e61410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ff8c5e61440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ff8c5e61560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ff8c5e61610 8 bytes {JMP QWORD [RIP-0x71122]}
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ff8c5e61cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ff8c5e61fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ff8c5e62850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\system32\wow64cpu.dll!CpuSetContext + 438 00000000776613f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077661583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077661621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077661674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000776616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 00000000776616e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077661727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 7
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 16 00000000776625d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\system32\wow64cpu.dll!CpuInitializeStartupContext + 308 0000000077662714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\system32\wow64cpu.dll!CpuResetToConsistentState + 529 0000000077662961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe[3848] C:\windows\system32\wow64cpu.dll!CpuProcessTerm + 595 0000000077662bd3 8 bytes [DC, 6A, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files\IDT\WDM\sttray64.exe[8184] C:\windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff8c5353e10 7 bytes JMP 00007ff9c3320340
.text C:\Program Files\IDT\WDM\sttray64.exe[8184] C:\windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ff8c5353e20 7 bytes JMP 00007ff9c3320378
.text C:\Program Files\IDT\WDM\sttray64.exe[8184] C:\windows\system32\KERNEL32.DLL!RegSetValueExW 00007ff8c54039b0 7 bytes JMP 00007ff9c3320420
.text C:\Program Files\IDT\WDM\sttray64.exe[8184] C:\windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ff8c5403ef0 7 bytes JMP 00007ff9c33203b0
.text C:\Program Files\IDT\WDM\sttray64.exe[8184] C:\windows\system32\KERNEL32.DLL!RegSetValueExA 00007ff8c5403fe0 7 bytes JMP 00007ff9c33203e8
.text C:\Program Files\IDT\WDM\sttray64.exe[8184] C:\windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff8c54306c0 7 bytes JMP 00007ff9c3320298
.text C:\Program Files\IDT\WDM\sttray64.exe[8184] C:\windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff8c5430730 7 bytes JMP 00007ff9c3320308
.text C:\Program Files\IDT\WDM\sttray64.exe[8184] C:\windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 00007ff8c5430760 7 bytes JMP 00007ff9c33202d0
.text C:\Program Files\IDT\WDM\sttray64.exe[8184] C:\windows\system32\KERNELBASE.dll!FreeLibrary 00007ff8c33321d0 5 bytes JMP 00007ff9c3320180
.text C:\Program Files\IDT\WDM\sttray64.exe[8184] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ff8c33329d0 7 bytes JMP 00007ff9c33200d8
.text C:\Program Files\IDT\WDM\sttray64.exe[8184] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff8c3334310 5 bytes JMP 00007ff9c3320110
.text C:\Program Files\IDT\WDM\sttray64.exe[8184] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ff8c3338d80 5 bytes JMP 00007ff9c3320148
.text C:\Program Files\IDT\WDM\sttray64.exe[8184] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff8c56b1500 8 bytes JMP 00007ff9c33201b8
.text C:\Program Files\IDT\WDM\sttray64.exe[8184] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff8c56b1750 8 bytes JMP 00007ff9c33201f0
.text C:\Program Files\IDT\WDM\sttray64.exe[8184] C:\windows\system32\USER32.dll!CreateWindowExW 00007ff8c50e6d90 10 bytes JMP 00007ff9c3320500
.text C:\Program Files\IDT\WDM\sttray64.exe[8184] C:\windows\system32\USER32.dll!EnumDisplayDevicesW 00007ff8c50f74a0 5 bytes JMP 00007ff9c33204c8
.text C:\Program Files\IDT\WDM\sttray64.exe[8184] C:\windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff8c50f7560 9 bytes JMP 00007ff9c3320458
.text C:\Program Files\IDT\WDM\sttray64.exe[8184] C:\windows\system32\USER32.dll!EnumDisplayDevicesA 00007ff8c5106b10 5 bytes JMP 00007ff9c3320490
.text C:\Program Files\IDT\WDM\sttray64.exe[8184] C:\windows\SYSTEM32\combase.dll!CoCreateInstance 00007ff8c54cd050 7 bytes JMP 00007ff9c3320228
.text C:\Program Files\IDT\WDM\sttray64.exe[8184] C:\windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ff8c54fb170 5 bytes JMP 00007ff9c3320260
.text C:\Windows\System32\igfxpers.exe[4688] C:\windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff8c5353e10 7 bytes JMP 00007ff9c3320340
.text C:\Windows\System32\igfxpers.exe[4688] C:\windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ff8c5353e20 7 bytes JMP 00007ff9c3320378
.text C:\Windows\System32\igfxpers.exe[4688] C:\windows\system32\KERNEL32.DLL!RegSetValueExW 00007ff8c54039b0 7 bytes JMP 00007ff9c3320420
.text C:\Windows\System32\igfxpers.exe[4688] C:\windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ff8c5403ef0 7 bytes JMP 00007ff9c33203b0
.text C:\Windows\System32\igfxpers.exe[4688] C:\windows\system32\KERNEL32.DLL!RegSetValueExA 00007ff8c5403fe0 7 bytes JMP 00007ff9c33203e8
.text C:\Windows\System32\igfxpers.exe[4688] C:\windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff8c54306c0 7 bytes JMP 00007ff9c3320298
.text C:\Windows\System32\igfxpers.exe[4688] C:\windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff8c5430730 7 bytes JMP 00007ff9c3320308
.text C:\Windows\System32\igfxpers.exe[4688] C:\windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 00007ff8c5430760 7 bytes JMP 00007ff9c33202d0
.text C:\Windows\System32\igfxpers.exe[4688] C:\windows\system32\KERNELBASE.dll!FreeLibrary 00007ff8c33321d0 5 bytes JMP 00007ff9c3320180
.text C:\Windows\System32\igfxpers.exe[4688] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ff8c33329d0 7 bytes JMP 00007ff9c33200d8
.text C:\Windows\System32\igfxpers.exe[4688] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff8c3334310 5 bytes JMP 00007ff9c3320110
.text C:\Windows\System32\igfxpers.exe[4688] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ff8c3338d80 5 bytes JMP 00007ff9c3320148
.text C:\Windows\System32\igfxpers.exe[4688] C:\windows\system32\USER32.dll!CreateWindowExW 00007ff8c50e6d90 10 bytes JMP 00007ff9c3320500
.text C:\Windows\System32\igfxpers.exe[4688] C:\windows\system32\USER32.dll!EnumDisplayDevicesW 00007ff8c50f74a0 5 bytes JMP 00007ff9c33204c8
.text C:\Windows\System32\igfxpers.exe[4688] C:\windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff8c50f7560 9 bytes JMP 00007ff9c3320458
.text C:\Windows\System32\igfxpers.exe[4688] C:\windows\system32\USER32.dll!EnumDisplayDevicesA 00007ff8c5106b10 5 bytes JMP 00007ff9c3320490
.text C:\Windows\System32\igfxpers.exe[4688] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff8c56b1500 8 bytes JMP 00007ff9c33201b8
.text C:\Windows\System32\igfxpers.exe[4688] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff8c56b1750 8 bytes JMP 00007ff9c33201f0
.text C:\Windows\System32\igfxpers.exe[4688] C:\windows\SYSTEM32\combase.dll!CoCreateInstance 00007ff8c54cd050 7 bytes JMP 00007ff9c3320228
.text C:\Windows\System32\igfxpers.exe[4688] C:\windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ff8c54fb170 5 bytes JMP 00007ff9c3320260
.text C:\Program Files\Rainlendar2\Rainlendar2.exe[4208] C:\windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff8c5353e10 7 bytes JMP 00007ff9c3320340
.text C:\Program Files\Rainlendar2\Rainlendar2.exe[4208] C:\windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ff8c5353e20 7 bytes JMP 00007ff9c3320378
.text C:\Program Files\Rainlendar2\Rainlendar2.exe[4208] C:\windows\system32\KERNEL32.DLL!RegSetValueExW 00007ff8c54039b0 7 bytes JMP 00007ff9c3320420
.text C:\Program Files\Rainlendar2\Rainlendar2.exe[4208] C:\windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ff8c5403ef0 7 bytes JMP 00007ff9c33203b0
.text C:\Program Files\Rainlendar2\Rainlendar2.exe[4208] C:\windows\system32\KERNEL32.DLL!RegSetValueExA 00007ff8c5403fe0 7 bytes JMP 00007ff9c33203e8
.text C:\Program Files\Rainlendar2\Rainlendar2.exe[4208] C:\windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff8c54306c0 7 bytes JMP 00007ff9c3320298
.text C:\Program Files\Rainlendar2\Rainlendar2.exe[4208] C:\windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff8c5430730 7 bytes JMP 00007ff9c3320308
.text C:\Program Files\Rainlendar2\Rainlendar2.exe[4208] C:\windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 00007ff8c5430760 7 bytes JMP 00007ff9c33202d0
.text C:\Program Files\Rainlendar2\Rainlendar2.exe[4208] C:\windows\system32\KERNELBASE.dll!FreeLibrary 00007ff8c33321d0 5 bytes JMP 00007ff9c3320180
.text C:\Program Files\Rainlendar2\Rainlendar2.exe[4208] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ff8c33329d0 7 bytes JMP 00007ff9c33200d8
.text C:\Program Files\Rainlendar2\Rainlendar2.exe[4208] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff8c3334310 5 bytes JMP 00007ff9c3320110
.text C:\Program Files\Rainlendar2\Rainlendar2.exe[4208] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ff8c3338d80 5 bytes JMP 00007ff9c3320148
.text C:\Program Files\Rainlendar2\Rainlendar2.exe[4208] C:\windows\system32\USER32.dll!CreateWindowExW 00007ff8c50e6d90 10 bytes JMP 00007ff9c3320500
.text C:\Program Files\Rainlendar2\Rainlendar2.exe[4208] C:\windows\system32\USER32.dll!EnumDisplayDevicesW 00007ff8c50f74a0 5 bytes JMP 00007ff9c33204c8
.text C:\Program Files\Rainlendar2\Rainlendar2.exe[4208] C:\windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff8c50f7560 9 bytes JMP 00007ff9c3320458
.text C:\Program Files\Rainlendar2\Rainlendar2.exe[4208] C:\windows\system32\USER32.dll!EnumDisplayDevicesA 00007ff8c5106b10 5 bytes JMP 00007ff9c3320490
.text C:\Program Files\Rainlendar2\Rainlendar2.exe[4208] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff8c56b1500 8 bytes JMP 00007ff9c33201b8
.text C:\Program Files\Rainlendar2\Rainlendar2.exe[4208] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff8c56b1750 8 bytes JMP 00007ff9c33201f0
.text C:\Program Files\Rainlendar2\Rainlendar2.exe[4208] C:\windows\SYSTEM32\combase.dll!CoCreateInstance 00007ff8c54cd050 7 bytes JMP 00007ff9c3320228
.text C:\Program Files\Rainlendar2\Rainlendar2.exe[4208] C:\windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ff8c54fb170 5 bytes JMP 00007ff9c3320260
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ff8c5de4b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ff8c5de4f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ff8c5de5206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ff8c5de53ff 8 bytes {JMP 0xffffffffffffffee}
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ff8c5de579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ff8c5de5954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ff8c5de5ef1 8 bytes {JMP 0xffffffffffffff9e}
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ff8c5de5f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399 00007ff8c5de60ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977 00007ff8c5de64d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310 00007ff8c5de6616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491 00007ff8c5de66cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359 00007ff8c5de8397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67 00007ff8c5de8a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864 00007ff8c5de8d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143 00007ff8c5de8e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510 00007ff8c5de90ae 8 bytes {JMP 0xffffffffffffff96}
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715 00007ff8c5de917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772 00007ff8c5de9d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!LdrAddRefDll + 685 00007ff8c5de9fcd 8 bytes {JMP 0xffffffffffffffaf}
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 352 00007ff8c5deaae0 8 bytes {JMP 0xffffffffffffffcd}
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 488 00007ff8c5deab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!RtlGetVersion + 565 00007ff8c5deb2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78 00007ff8c5deb33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 311 00007ff8c5dec4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 528 00007ff8c5dec5b0 8 bytes {JMP 0xffffffffffffffc7}
.text ... * 2
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579 00007ff8c5ded0d3 8 bytes {JMP 0xffffffffffffffef}
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47 00007ff8c5ded10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495 00007ff8c5ded57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43 00007ff8c5ded6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456 00007ff8c5ded888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!TpReleaseWait + 180 00007ff8c5ded944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!RtlRegisterWait + 596 00007ff8c5dedba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!TpAllocWait + 424 00007ff8c5dedd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 771 00007ff8c5dee073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 948 00007ff8c5dee124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48 00007ff8c5dee160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!RtlRandomEx + 756 00007ff8c5deeb74 8 bytes {JMP 0xffffffffffffffd0}
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371 00007ff8c5defe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556 00007ff8c5df009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!RtlProtectHeap + 171 00007ff8c5df015b 8 bytes [70, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744 00007ff8c5df1438 8 bytes [40, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214 00007ff8c5df15e6 8 bytes [30, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567 00007ff8c5df1877 8 bytes [20, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429 00007ff8c5df1a2d 8 bytes [10, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213 00007ff8c5df1c35 8 bytes [00, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ff8c5e61290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ff8c5e61410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ff8c5e61440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ff8c5e61560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ff8c5e61610 8 bytes {JMP QWORD [RIP-0x71122]}
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ff8c5e61cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ff8c5e61fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ff8c5e62850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\system32\wow64cpu.dll!CpuSetContext + 438 00000000776613f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077661583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077661621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077661674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000776616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 00000000776616e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077661727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 7
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 16 00000000776625d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\system32\wow64cpu.dll!CpuInitializeStartupContext + 308 0000000077662714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\system32\wow64cpu.dll!CpuResetToConsistentState + 529 0000000077662961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe[708] C:\windows\system32\wow64cpu.dll!CpuProcessTerm + 595 0000000077662bd3 8 bytes [DC, 6A, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ff8c5de4b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ff8c5de4f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ff8c5de5206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ff8c5de53ff 8 bytes {JMP 0xffffffffffffffee}
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ff8c5de579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ff8c5de5954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ff8c5de5ef1 8 bytes {JMP 0xffffffffffffff9e}
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ff8c5de5f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399 00007ff8c5de60ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977 00007ff8c5de64d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310 00007ff8c5de6616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491 00007ff8c5de66cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359 00007ff8c5de8397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67 00007ff8c5de8a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864 00007ff8c5de8d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143 00007ff8c5de8e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510 00007ff8c5de90ae 8 bytes {JMP 0xffffffffffffff96}
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715 00007ff8c5de917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772 00007ff8c5de9d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!LdrAddRefDll + 685 00007ff8c5de9fcd 8 bytes {JMP 0xffffffffffffffaf}
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 352 00007ff8c5deaae0 8 bytes {JMP 0xffffffffffffffcd}
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 488 00007ff8c5deab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!RtlGetVersion + 565 00007ff8c5deb2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78 00007ff8c5deb33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 311 00007ff8c5dec4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 528 00007ff8c5dec5b0 8 bytes {JMP 0xffffffffffffffc7}
.text ... * 2
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579 00007ff8c5ded0d3 8 bytes {JMP 0xffffffffffffffef}
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47 00007ff8c5ded10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495 00007ff8c5ded57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43 00007ff8c5ded6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456 00007ff8c5ded888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!TpReleaseWait + 180 00007ff8c5ded944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!RtlRegisterWait + 596 00007ff8c5dedba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!TpAllocWait + 424 00007ff8c5dedd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 771 00007ff8c5dee073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 948 00007ff8c5dee124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48 00007ff8c5dee160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!RtlRandomEx + 756 00007ff8c5deeb74 8 bytes {JMP 0xffffffffffffffd0}
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371 00007ff8c5defe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556 00007ff8c5df009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!RtlProtectHeap + 171 00007ff8c5df015b 8 bytes [70, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744 00007ff8c5df1438 8 bytes [40, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214 00007ff8c5df15e6 8 bytes [30, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567 00007ff8c5df1877 8 bytes [20, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429 00007ff8c5df1a2d 8 bytes [10, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213 00007ff8c5df1c35 8 bytes [00, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ff8c5e61290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ff8c5e61410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ff8c5e61440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ff8c5e61560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ff8c5e61610 8 bytes {JMP QWORD [RIP-0x71122]}
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ff8c5e61cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ff8c5e61fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ff8c5e62850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\system32\wow64cpu.dll!CpuSetContext + 438 00000000776613f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077661583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077661621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077661674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000776616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 00000000776616e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077661727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 7
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 16 00000000776625d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\system32\wow64cpu.dll!CpuInitializeStartupContext + 308 0000000077662714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\system32\wow64cpu.dll!CpuResetToConsistentState + 529 0000000077662961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\PDF24\pdf24.exe[7072] C:\windows\system32\wow64cpu.dll!CpuProcessTerm + 595 0000000077662bd3 8 bytes [DC, 6A, F8, 7F, 00, 00, 00, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ff8c5de4b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ff8c5de4f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ff8c5de5206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ff8c5de53ff 8 bytes {JMP 0xffffffffffffffee}
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ff8c5de579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ff8c5de5954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ff8c5de5ef1 8 bytes {JMP 0xffffffffffffff9e}
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ff8c5de5f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399 00007ff8c5de60ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977 00007ff8c5de64d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310 00007ff8c5de6616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491 00007ff8c5de66cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359 00007ff8c5de8397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67 00007ff8c5de8a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864 00007ff8c5de8d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143 00007ff8c5de8e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510 00007ff8c5de90ae 8 bytes {JMP 0xffffffffffffff96}
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715 00007ff8c5de917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772 00007ff8c5de9d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!LdrAddRefDll + 685 00007ff8c5de9fcd 8 bytes {JMP 0xffffffffffffffaf}
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 352 00007ff8c5deaae0 8 bytes {JMP 0xffffffffffffffcd}
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 488 00007ff8c5deab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!RtlGetVersion + 565 00007ff8c5deb2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78 00007ff8c5deb33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 311 00007ff8c5dec4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 528 00007ff8c5dec5b0 8 bytes {JMP 0xffffffffffffffc7}
.text ... * 2
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484]
|
|
11.06.2015, 13:01
| #5 |
| | Booten langsam, Drucker geht...geht nicht,Programme öffnen geht...geht nicht hier Teil 2 Gmer.txt Code:
ATTFilter .text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579 00007ff8c5ded0d3 8 bytes {JMP 0xffffffffffffffef}
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47 00007ff8c5ded10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495 00007ff8c5ded57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43 00007ff8c5ded6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456 00007ff8c5ded888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!TpReleaseWait + 180 00007ff8c5ded944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!RtlRegisterWait + 596 00007ff8c5dedba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!TpAllocWait + 424 00007ff8c5dedd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 771 00007ff8c5dee073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 948 00007ff8c5dee124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48 00007ff8c5dee160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!RtlRandomEx + 756 00007ff8c5deeb74 8 bytes {JMP 0xffffffffffffffd0}
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371 00007ff8c5defe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556 00007ff8c5df009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!RtlProtectHeap + 171 00007ff8c5df015b 8 bytes [70, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744 00007ff8c5df1438 8 bytes [40, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214 00007ff8c5df15e6 8 bytes [30, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567 00007ff8c5df1877 8 bytes [20, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429 00007ff8c5df1a2d 8 bytes [10, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213 00007ff8c5df1c35 8 bytes [00, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ff8c5e61290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ff8c5e61410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ff8c5e61440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ff8c5e61560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ff8c5e61610 8 bytes {JMP QWORD [RIP-0x71122]}
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ff8c5e61cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ff8c5e61fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ff8c5e62850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\system32\wow64cpu.dll!CpuSetContext + 438 00000000776613f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077661583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077661621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077661674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000776616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 00000000776616e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077661727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 7
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 16 00000000776625d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\system32\wow64cpu.dll!CpuInitializeStartupContext + 308 0000000077662714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\system32\wow64cpu.dll!CpuResetToConsistentState + 529 0000000077662961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE[2484] C:\windows\system32\wow64cpu.dll!CpuProcessTerm + 595 0000000077662bd3 8 bytes [DC, 6A, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ff8c5de4b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ff8c5de4f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ff8c5de5206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ff8c5de53ff 8 bytes {JMP 0xffffffffffffffee}
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ff8c5de579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ff8c5de5954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ff8c5de5ef1 8 bytes {JMP 0xffffffffffffff9e}
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ff8c5de5f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399 00007ff8c5de60ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977 00007ff8c5de64d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310 00007ff8c5de6616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491 00007ff8c5de66cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359 00007ff8c5de8397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67 00007ff8c5de8a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864 00007ff8c5de8d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143 00007ff8c5de8e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510 00007ff8c5de90ae 8 bytes {JMP 0xffffffffffffff96}
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715 00007ff8c5de917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772 00007ff8c5de9d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!LdrAddRefDll + 685 00007ff8c5de9fcd 8 bytes {JMP 0xffffffffffffffaf}
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 352 00007ff8c5deaae0 8 bytes {JMP 0xffffffffffffffcd}
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 488 00007ff8c5deab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!RtlGetVersion + 565 00007ff8c5deb2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78 00007ff8c5deb33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 311 00007ff8c5dec4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 528 00007ff8c5dec5b0 8 bytes {JMP 0xffffffffffffffc7}
.text ... * 2
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579 00007ff8c5ded0d3 8 bytes {JMP 0xffffffffffffffef}
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47 00007ff8c5ded10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495 00007ff8c5ded57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43 00007ff8c5ded6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456 00007ff8c5ded888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!TpReleaseWait + 180 00007ff8c5ded944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!RtlRegisterWait + 596 00007ff8c5dedba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!TpAllocWait + 424 00007ff8c5dedd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 771 00007ff8c5dee073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 948 00007ff8c5dee124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48 00007ff8c5dee160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!RtlRandomEx + 756 00007ff8c5deeb74 8 bytes {JMP 0xffffffffffffffd0}
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371 00007ff8c5defe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556 00007ff8c5df009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!RtlProtectHeap + 171 00007ff8c5df015b 8 bytes [70, 6C, 29, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744 00007ff8c5df1438 8 bytes [40, 6C, 29, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214 00007ff8c5df15e6 8 bytes [30, 6C, 29, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567 00007ff8c5df1877 8 bytes [20, 6C, 29, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429 00007ff8c5df1a2d 8 bytes [10, 6C, 29, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213 00007ff8c5df1c35 8 bytes [00, 6C, 29, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ff8c5e61290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ff8c5e61410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ff8c5e61440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ff8c5e61560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ff8c5e61610 8 bytes {JMP QWORD [RIP-0x71122]}
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ff8c5e61cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ff8c5e61fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ff8c5e62850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\system32\wow64cpu.dll!CpuSetContext + 438 00000000776613f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077661583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077661621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077661674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000776616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 00000000776616e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077661727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 7
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 16 00000000776625d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\system32\wow64cpu.dll!CpuInitializeStartupContext + 308 0000000077662714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\system32\wow64cpu.dll!CpuResetToConsistentState + 529 0000000077662961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe[7732] C:\windows\system32\wow64cpu.dll!CpuProcessTerm + 595 0000000077662bd3 8 bytes [DC, 6A, 29, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ff8c5de4b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ff8c5de4f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ff8c5de5206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ff8c5de53ff 8 bytes {JMP 0xffffffffffffffee}
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ff8c5de579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ff8c5de5954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ff8c5de5ef1 8 bytes {JMP 0xffffffffffffff9e}
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ff8c5de5f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399 00007ff8c5de60ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977 00007ff8c5de64d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310 00007ff8c5de6616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491 00007ff8c5de66cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359 00007ff8c5de8397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67 00007ff8c5de8a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864 00007ff8c5de8d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143 00007ff8c5de8e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510 00007ff8c5de90ae 8 bytes {JMP 0xffffffffffffff96}
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715 00007ff8c5de917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772 00007ff8c5de9d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!LdrAddRefDll + 685 00007ff8c5de9fcd 8 bytes {JMP 0xffffffffffffffaf}
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 352 00007ff8c5deaae0 8 bytes {JMP 0xffffffffffffffcd}
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 488 00007ff8c5deab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!RtlGetVersion + 565 00007ff8c5deb2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78 00007ff8c5deb33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 311 00007ff8c5dec4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 528 00007ff8c5dec5b0 8 bytes {JMP 0xffffffffffffffc7}
.text ... * 2
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579 00007ff8c5ded0d3 8 bytes {JMP 0xffffffffffffffef}
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47 00007ff8c5ded10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495 00007ff8c5ded57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43 00007ff8c5ded6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456 00007ff8c5ded888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!TpReleaseWait + 180 00007ff8c5ded944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!RtlRegisterWait + 596 00007ff8c5dedba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!TpAllocWait + 424 00007ff8c5dedd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 771 00007ff8c5dee073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 948 00007ff8c5dee124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48 00007ff8c5dee160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!RtlRandomEx + 756 00007ff8c5deeb74 8 bytes {JMP 0xffffffffffffffd0}
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371 00007ff8c5defe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556 00007ff8c5df009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!RtlProtectHeap + 171 00007ff8c5df015b 8 bytes [70, 6C, AE, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744 00007ff8c5df1438 8 bytes [40, 6C, AE, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214 00007ff8c5df15e6 8 bytes [30, 6C, AE, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567 00007ff8c5df1877 8 bytes [20, 6C, AE, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429 00007ff8c5df1a2d 8 bytes [10, 6C, AE, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213 00007ff8c5df1c35 8 bytes [00, 6C, AE, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ff8c5e61290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ff8c5e61410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ff8c5e61440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ff8c5e61560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ff8c5e61610 8 bytes {JMP QWORD [RIP-0x71122]}
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ff8c5e61cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ff8c5e61fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ff8c5e62850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\system32\wow64cpu.dll!CpuSetContext + 438 00000000776613f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077661583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077661621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077661674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000776616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 00000000776616e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077661727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 7
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 16 00000000776625d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\system32\wow64cpu.dll!CpuInitializeStartupContext + 308 0000000077662714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\system32\wow64cpu.dll!CpuResetToConsistentState + 529 0000000077662961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.EXE[6436] C:\windows\system32\wow64cpu.dll!CpuProcessTerm + 595 0000000077662bd3 8 bytes [DC, 6A, AE, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ff8c5de4b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ff8c5de4f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ff8c5de5206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ff8c5de53ff 8 bytes {JMP 0xffffffffffffffee}
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ff8c5de579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ff8c5de5954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ff8c5de5ef1 8 bytes {JMP 0xffffffffffffff9e}
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ff8c5de5f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399 00007ff8c5de60ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977 00007ff8c5de64d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310 00007ff8c5de6616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491 00007ff8c5de66cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359 00007ff8c5de8397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67 00007ff8c5de8a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864 00007ff8c5de8d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143 00007ff8c5de8e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510 00007ff8c5de90ae 8 bytes {JMP 0xffffffffffffff96}
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715 00007ff8c5de917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772 00007ff8c5de9d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!LdrAddRefDll + 685 00007ff8c5de9fcd 8 bytes {JMP 0xffffffffffffffaf}
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 352 00007ff8c5deaae0 8 bytes {JMP 0xffffffffffffffcd}
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 488 00007ff8c5deab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!RtlGetVersion + 565 00007ff8c5deb2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78 00007ff8c5deb33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 311 00007ff8c5dec4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 528 00007ff8c5dec5b0 8 bytes {JMP 0xffffffffffffffc7}
.text ... * 2
|
|
11.06.2015, 13:04
| #6 |
| | Booten langsam, Drucker geht...geht nicht,Programme öffnen geht...geht nicht Hier Gmer.txt Teil 3 Code:
ATTFilter .text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579 00007ff8c5ded0d3 8 bytes {JMP 0xffffffffffffffef}
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47 00007ff8c5ded10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495 00007ff8c5ded57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43 00007ff8c5ded6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456 00007ff8c5ded888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!TpReleaseWait + 180 00007ff8c5ded944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!RtlRegisterWait + 596 00007ff8c5dedba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!TpAllocWait + 424 00007ff8c5dedd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 771 00007ff8c5dee073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 948 00007ff8c5dee124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48 00007ff8c5dee160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!RtlRandomEx + 756 00007ff8c5deeb74 8 bytes {JMP 0xffffffffffffffd0}
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371 00007ff8c5defe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556 00007ff8c5df009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!RtlProtectHeap + 171 00007ff8c5df015b 8 bytes [70, 6C, 1F, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744 00007ff8c5df1438 8 bytes [40, 6C, 1F, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214 00007ff8c5df15e6 8 bytes [30, 6C, 1F, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567 00007ff8c5df1877 8 bytes [20, 6C, 1F, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429 00007ff8c5df1a2d 8 bytes [10, 6C, 1F, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213 00007ff8c5df1c35 8 bytes [00, 6C, 1F, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ff8c5e61290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ff8c5e61410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ff8c5e61440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ff8c5e61560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ff8c5e61610 8 bytes {JMP QWORD [RIP-0x71122]}
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ff8c5e61cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ff8c5e61fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ff8c5e62850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\system32\wow64cpu.dll!CpuSetContext + 438 00000000776613f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077661583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077661621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077661674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000776616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 00000000776616e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077661727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 7
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 16 00000000776625d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\system32\wow64cpu.dll!CpuInitializeStartupContext + 308 0000000077662714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\system32\wow64cpu.dll!CpuResetToConsistentState + 529 0000000077662961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe[7472] C:\windows\system32\wow64cpu.dll!CpuProcessTerm + 595 0000000077662bd3 8 bytes [DC, 6A, 1F, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ff8c5de4b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ff8c5de4f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ff8c5de5206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ff8c5de53ff 8 bytes {JMP 0xffffffffffffffee}
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ff8c5de579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ff8c5de5954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ff8c5de5ef1 8 bytes {JMP 0xffffffffffffff9e}
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ff8c5de5f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399 00007ff8c5de60ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977 00007ff8c5de64d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310 00007ff8c5de6616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491 00007ff8c5de66cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359 00007ff8c5de8397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67 00007ff8c5de8a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864 00007ff8c5de8d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143 00007ff8c5de8e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510 00007ff8c5de90ae 8 bytes {JMP 0xffffffffffffff96}
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715 00007ff8c5de917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772 00007ff8c5de9d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!LdrAddRefDll + 685 00007ff8c5de9fcd 8 bytes {JMP 0xffffffffffffffaf}
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 352 00007ff8c5deaae0 8 bytes {JMP 0xffffffffffffffcd}
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 488 00007ff8c5deab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!RtlGetVersion + 565 00007ff8c5deb2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78 00007ff8c5deb33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 311 00007ff8c5dec4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 528 00007ff8c5dec5b0 8 bytes {JMP 0xffffffffffffffc7}
.text ... * 2
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579 00007ff8c5ded0d3 8 bytes {JMP 0xffffffffffffffef}
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47 00007ff8c5ded10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495 00007ff8c5ded57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43 00007ff8c5ded6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456 00007ff8c5ded888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!TpReleaseWait + 180 00007ff8c5ded944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!RtlRegisterWait + 596 00007ff8c5dedba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!TpAllocWait + 424 00007ff8c5dedd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 771 00007ff8c5dee073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 948 00007ff8c5dee124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48 00007ff8c5dee160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!RtlRandomEx + 756 00007ff8c5deeb74 8 bytes {JMP 0xffffffffffffffd0}
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371 00007ff8c5defe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556 00007ff8c5df009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!RtlProtectHeap + 171 00007ff8c5df015b 8 bytes [70, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744 00007ff8c5df1438 8 bytes [40, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214 00007ff8c5df15e6 8 bytes [30, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567 00007ff8c5df1877 8 bytes [20, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429 00007ff8c5df1a2d 8 bytes [10, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213 00007ff8c5df1c35 8 bytes [00, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ff8c5e61290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ff8c5e61410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ff8c5e61440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ff8c5e61560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ff8c5e61610 8 bytes {JMP QWORD [RIP-0x71122]}
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ff8c5e61cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ff8c5e61fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ff8c5e62850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\system32\wow64cpu.dll!CpuSetContext + 438 00000000776613f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077661583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077661621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077661674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000776616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 00000000776616e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077661727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 7
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 16 00000000776625d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\system32\wow64cpu.dll!CpuInitializeStartupContext + 308 0000000077662714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\system32\wow64cpu.dll!CpuResetToConsistentState + 529 0000000077662961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe[7948] C:\windows\system32\wow64cpu.dll!CpuProcessTerm + 595 0000000077662bd3 8 bytes [DC, 6A, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[6092] C:\windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff8c5353e10 7 bytes JMP 00007ff9c3320340
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[6092] C:\windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ff8c5353e20 7 bytes JMP 00007ff9c3320378
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[6092] C:\windows\system32\KERNEL32.DLL!RegSetValueExW 00007ff8c54039b0 7 bytes JMP 00007ff9c3320420
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[6092] C:\windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ff8c5403ef0 7 bytes JMP 00007ff9c33203b0
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[6092] C:\windows\system32\KERNEL32.DLL!RegSetValueExA 00007ff8c5403fe0 7 bytes JMP 00007ff9c33203e8
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[6092] C:\windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff8c54306c0 7 bytes JMP 00007ff9c3320298
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[6092] C:\windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff8c5430730 7 bytes JMP 00007ff9c3320308
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[6092] C:\windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 00007ff8c5430760 7 bytes JMP 00007ff9c33202d0
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[6092] C:\windows\system32\KERNELBASE.dll!FreeLibrary 00007ff8c33321d0 5 bytes JMP 00007ff9c3320180
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[6092] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ff8c33329d0 7 bytes JMP 00007ff9c33200d8
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[6092] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff8c3334310 5 bytes JMP 00007ff9c3320110
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[6092] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ff8c3338d80 5 bytes JMP 00007ff9c3320148
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[6092] C:\windows\system32\USER32.dll!CreateWindowExW 00007ff8c50e6d90 10 bytes JMP 00007ff9c3320500
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[6092] C:\windows\system32\USER32.dll!EnumDisplayDevicesW 00007ff8c50f74a0 5 bytes JMP 00007ff9c33204c8
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[6092] C:\windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff8c50f7560 9 bytes JMP 00007ff9c3320458
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[6092] C:\windows\system32\USER32.dll!EnumDisplayDevicesA 00007ff8c5106b10 5 bytes JMP 00007ff9c3320490
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[6092] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff8c56b1500 8 bytes JMP 00007ff9c33201b8
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[6092] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff8c56b1750 8 bytes JMP 00007ff9c33201f0
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[6092] C:\windows\SYSTEM32\combase.dll!CoCreateInstance 00007ff8c54cd050 7 bytes JMP 00007ff9c3320228
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe[6092] C:\windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ff8c54fb170 5 bytes JMP 00007ff9c3320260
.text C:\Windows\System32\SettingSyncHost.exe[4132] C:\windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff8c5353e10 7 bytes JMP 00007ff9c33202d0
.text C:\Windows\System32\SettingSyncHost.exe[4132] C:\windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ff8c5353e20 7 bytes JMP 00007ff9c3320308
.text C:\Windows\System32\SettingSyncHost.exe[4132] C:\windows\system32\KERNEL32.DLL!RegSetValueExW 00007ff8c54039b0 7 bytes JMP 00007ff9c33203b0
.text C:\Windows\System32\SettingSyncHost.exe[4132] C:\windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ff8c5403ef0 7 bytes JMP 00007ff9c3320340
.text C:\Windows\System32\SettingSyncHost.exe[4132] C:\windows\system32\KERNEL32.DLL!RegSetValueExA 00007ff8c5403fe0 7 bytes JMP 00007ff9c3320378
.text C:\Windows\System32\SettingSyncHost.exe[4132] C:\windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff8c54306c0 7 bytes JMP 00007ff9c3320228
.text C:\Windows\System32\SettingSyncHost.exe[4132] C:\windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff8c5430730 7 bytes JMP 00007ff9c3320298
.text C:\Windows\System32\SettingSyncHost.exe[4132] C:\windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 00007ff8c5430760 7 bytes JMP 00007ff9c3320260
.text C:\Windows\System32\SettingSyncHost.exe[4132] C:\windows\system32\KERNELBASE.dll!FreeLibrary 00007ff8c33321d0 5 bytes JMP 00007ff9c3320180
.text C:\Windows\System32\SettingSyncHost.exe[4132] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ff8c33329d0 7 bytes JMP 00007ff9c33200d8
.text C:\Windows\System32\SettingSyncHost.exe[4132] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff8c3334310 5 bytes JMP 00007ff9c3320110
.text C:\Windows\System32\SettingSyncHost.exe[4132] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ff8c3338d80 5 bytes JMP 00007ff9c3320148
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ff8c5de4b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ff8c5de4f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ff8c5de5206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ff8c5de53ff 8 bytes {JMP 0xffffffffffffffee}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ff8c5de579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ff8c5de5954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ff8c5de5ef1 8 bytes {JMP 0xffffffffffffff9e}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ff8c5de5f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399 00007ff8c5de60ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977 00007ff8c5de64d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310 00007ff8c5de6616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491 00007ff8c5de66cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359 00007ff8c5de8397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67 00007ff8c5de8a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864 00007ff8c5de8d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143 00007ff8c5de8e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510 00007ff8c5de90ae 8 bytes {JMP 0xffffffffffffff96}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715 00007ff8c5de917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772 00007ff8c5de9d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!LdrAddRefDll + 685 00007ff8c5de9fcd 8 bytes {JMP 0xffffffffffffffaf}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 352 00007ff8c5deaae0 8 bytes {JMP 0xffffffffffffffcd}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 488 00007ff8c5deab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!RtlGetVersion + 565 00007ff8c5deb2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78 00007ff8c5deb33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 311 00007ff8c5dec4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 528 00007ff8c5dec5b0 8 bytes {JMP 0xffffffffffffffc7}
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579 00007ff8c5ded0d3 8 bytes {JMP 0xffffffffffffffef}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47 00007ff8c5ded10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495 00007ff8c5ded57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43 00007ff8c5ded6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456 00007ff8c5ded888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!TpReleaseWait + 180 00007ff8c5ded944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!RtlRegisterWait + 596 00007ff8c5dedba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!TpAllocWait + 424 00007ff8c5dedd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 771 00007ff8c5dee073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 948 00007ff8c5dee124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48 00007ff8c5dee160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!RtlRandomEx + 756 00007ff8c5deeb74 8 bytes {JMP 0xffffffffffffffd0}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371 00007ff8c5defe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556 00007ff8c5df009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!RtlProtectHeap + 171 00007ff8c5df015b 8 bytes [70, 6C, FD, FE, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744 00007ff8c5df1438 8 bytes [40, 6C, FD, FE, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214 00007ff8c5df15e6 8 bytes [30, 6C, FD, FE, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567 00007ff8c5df1877 8 bytes [20, 6C, FD, FE, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429 00007ff8c5df1a2d 8 bytes [10, 6C, FD, FE, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213 00007ff8c5df1c35 8 bytes [00, 6C, FD, FE, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ff8c5e61290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ff8c5e61410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ff8c5e61440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ff8c5e61560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ff8c5e61610 8 bytes {JMP QWORD [RIP-0x71122]}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ff8c5e61cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ff8c5e61fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ff8c5e62850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\system32\wow64cpu.dll!CpuSetContext + 438 00000000776613f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077661583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077661621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077661674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000776616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 00000000776616e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077661727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 7
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 16 00000000776625d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\system32\wow64cpu.dll!CpuInitializeStartupContext + 308 0000000077662714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\system32\wow64cpu.dll!CpuResetToConsistentState + 529 0000000077662961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\windows\system32\wow64cpu.dll!CpuProcessTerm + 595 0000000077662bd3 8 bytes [DC, 6A, FD, FE, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ff8c5de4b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ff8c5de4f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ff8c5de5206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ff8c5de53ff 8 bytes {JMP 0xffffffffffffffee}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ff8c5de579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ff8c5de5954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ff8c5de5ef1 8 bytes {JMP 0xffffffffffffff9e}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ff8c5de5f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399 00007ff8c5de60ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977 00007ff8c5de64d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310 00007ff8c5de6616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491 00007ff8c5de66cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359 00007ff8c5de8397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67 00007ff8c5de8a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864 00007ff8c5de8d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143 00007ff8c5de8e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510 00007ff8c5de90ae 8 bytes {JMP 0xffffffffffffff96}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715 00007ff8c5de917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772 00007ff8c5de9d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!LdrAddRefDll + 685 00007ff8c5de9fcd 8 bytes {JMP 0xffffffffffffffaf}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 352 00007ff8c5deaae0 8 bytes {JMP 0xffffffffffffffcd}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 488 00007ff8c5deab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!RtlGetVersion + 565 00007ff8c5deb2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78 00007ff8c5deb33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 311 00007ff8c5dec4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 528 00007ff8c5dec5b0 8 bytes {JMP 0xffffffffffffffc7}
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579 00007ff8c5ded0d3 8 bytes {JMP 0xffffffffffffffef}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47 00007ff8c5ded10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495 00007ff8c5ded57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43 00007ff8c5ded6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456 00007ff8c5ded888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!TpReleaseWait + 180 00007ff8c5ded944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!RtlRegisterWait + 596 00007ff8c5dedba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!TpAllocWait + 424 00007ff8c5dedd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 771 00007ff8c5dee073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 948 00007ff8c5dee124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48 00007ff8c5dee160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!RtlRandomEx + 756 00007ff8c5deeb74 8 bytes {JMP 0xffffffffffffffd0}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371 00007ff8c5defe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556 00007ff8c5df009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!RtlProtectHeap + 171 00007ff8c5df015b 8 bytes [70, 6C, 28, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744 00007ff8c5df1438 8 bytes [40, 6C, 28, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214 00007ff8c5df15e6 8 bytes [30, 6C, 28, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567 00007ff8c5df1877 8 bytes [20, 6C, 28, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429 00007ff8c5df1a2d 8 bytes [10, 6C, 28, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213 00007ff8c5df1c35 8 bytes [00, 6C, 28, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ff8c5e61290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ff8c5e61410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ff8c5e61440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ff8c5e61560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ff8c5e61610 8 bytes {JMP QWORD [RIP-0x71122]}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ff8c5e61cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ff8c5e61fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ff8c5e62850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\system32\wow64cpu.dll!CpuSetContext + 438 00000000776613f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077661583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077661621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077661674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000776616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 00000000776616e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077661727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 7
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 16 00000000776625d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\system32\wow64cpu.dll!CpuInitializeStartupContext + 308 0000000077662714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\system32\wow64cpu.dll!CpuResetToConsistentState + 529 0000000077662961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\windows\system32\wow64cpu.dll!CpuProcessTerm + 595 0000000077662bd3 8 bytes [DC, 6A, 28, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ff8c5de4b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ff8c5de4f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ff8c5de5206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ff8c5de53ff 8 bytes {JMP 0xffffffffffffffee}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ff8c5de579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ff8c5de5954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ff8c5de5ef1 8 bytes {JMP 0xffffffffffffff9e}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ff8c5de5f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399 00007ff8c5de60ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977 00007ff8c5de64d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310 00007ff8c5de6616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491 00007ff8c5de66cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359 00007ff8c5de8397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67 00007ff8c5de8a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864 00007ff8c5de8d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143 00007ff8c5de8e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510 00007ff8c5de90ae 8 bytes {JMP 0xffffffffffffff96}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715 00007ff8c5de917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772 00007ff8c5de9d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!LdrAddRefDll + 685 00007ff8c5de9fcd 8 bytes {JMP 0xffffffffffffffaf}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 352 00007ff8c5deaae0 8 bytes {JMP 0xffffffffffffffcd}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 488 00007ff8c5deab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!RtlGetVersion + 565 00007ff8c5deb2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78 00007ff8c5deb33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 311 00007ff8c5dec4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 528 00007ff8c5dec5b0 8 bytes {JMP 0xffffffffffffffc7}
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579 00007ff8c5ded0d3 8 bytes {JMP 0xffffffffffffffef}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47 00007ff8c5ded10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495 00007ff8c5ded57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43 00007ff8c5ded6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456 00007ff8c5ded888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!TpReleaseWait + 180 00007ff8c5ded944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!RtlRegisterWait + 596 00007ff8c5dedba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!TpAllocWait + 424 00007ff8c5dedd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 771 00007ff8c5dee073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 948 00007ff8c5dee124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48 00007ff8c5dee160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!RtlRandomEx + 756 00007ff8c5deeb74 8 bytes {JMP 0xffffffffffffffd0}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371 00007ff8c5defe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556 00007ff8c5df009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!RtlProtectHeap + 171 00007ff8c5df015b 8 bytes [70, 6C, 7A, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744 00007ff8c5df1438 8 bytes [40, 6C, 7A, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214 00007ff8c5df15e6 8 bytes [30, 6C, 7A, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567 00007ff8c5df1877 8 bytes [20, 6C, 7A, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429 00007ff8c5df1a2d 8 bytes [10, 6C, 7A, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213 00007ff8c5df1c35 8 bytes [00, 6C, 7A, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ff8c5e61290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ff8c5e61410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ff8c5e61440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ff8c5e61560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ff8c5e61610 8 bytes {JMP QWORD [RIP-0x71122]}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ff8c5e61cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ff8c5e61fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ff8c5e62850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\system32\wow64cpu.dll!CpuSetContext + 438 00000000776613f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077661583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077661621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077661674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000776616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 00000000776616e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077661727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 7
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 16 00000000776625d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\system32\wow64cpu.dll!CpuInitializeStartupContext + 308 0000000077662714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\system32\wow64cpu.dll!CpuResetToConsistentState + 529 0000000077662961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4932] C:\windows\system32\wow64cpu.dll!CpuProcessTerm + 595 0000000077662bd3 8 bytes [DC, 6A, 7A, FF, 00, 00, 00, ...]
.text C:\windows\system32\DllHost.exe[5292] C:\windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff8c5353e10 7 bytes JMP 00007ff9c33202d0
.text C:\windows\system32\DllHost.exe[5292] C:\windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ff8c5353e20 7 bytes JMP 00007ff9c3320308
.text C:\windows\system32\DllHost.exe[5292] C:\windows\system32\KERNEL32.DLL!RegSetValueExW 00007ff8c54039b0 7 bytes JMP 00007ff9c33203b0
.text C:\windows\system32\DllHost.exe[5292] C:\windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ff8c5403ef0 7 bytes JMP 00007ff9c3320340
.text C:\windows\system32\DllHost.exe[5292] C:\windows\system32\KERNEL32.DLL!RegSetValueExA 00007ff8c5403fe0 7 bytes JMP 00007ff9c3320378
.text C:\windows\system32\DllHost.exe[5292] C:\windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff8c54306c0 7 bytes JMP 00007ff9c3320228
.text C:\windows\system32\DllHost.exe[5292] C:\windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff8c5430730 7 bytes JMP 00007ff9c3320298
.text C:\windows\system32\DllHost.exe[5292] C:\windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 00007ff8c5430760 7 bytes JMP 00007ff9c3320260
.text C:\windows\system32\DllHost.exe[5292] C:\windows\system32\KERNELBASE.dll!FreeLibrary 00007ff8c33321d0 5 bytes JMP 00007ff9c3320180
.text C:\windows\system32\DllHost.exe[5292] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ff8c33329d0 7 bytes JMP 00007ff9c33200d8
.text C:\windows\system32\DllHost.exe[5292] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff8c3334310 5 bytes JMP 00007ff9c3320110
.text C:\windows\system32\DllHost.exe[5292] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ff8c3338d80 5 bytes JMP 00007ff9c3320148
.text C:\windows\system32\DllHost.exe[5292] C:\windows\SYSTEM32\user32.dll!CreateWindowExW 00007ff8c50e6d90 10 bytes JMP 00007ff9c3320490
.text C:\windows\system32\DllHost.exe[5292] C:\windows\SYSTEM32\user32.dll!EnumDisplayDevicesW 00007ff8c50f74a0 5 bytes JMP 00007ff9c3320458
.text C:\windows\system32\DllHost.exe[5292] C:\windows\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo 00007ff8c50f7560 1 byte JMP 00007ff9c33203e8
.text C:\windows\system32\DllHost.exe[5292] C:\windows\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo + 2 00007ff8c50f7562 7 bytes {JMP 0xfffffffffe228e88}
.text C:\windows\system32\DllHost.exe[5292] C:\windows\SYSTEM32\user32.dll!EnumDisplayDevicesA 00007ff8c5106b10 5 bytes JMP 00007ff9c3320420
.text C:\windows\system32\DllHost.exe[5292] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff8c56b1500 8 bytes JMP 00007ff9c33201b8
.text C:\windows\system32\DllHost.exe[5292] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff8c56b1750 8 bytes JMP 00007ff9c33201f0
.text G:\KeePass2.29\KeePass.exe[6464] C:\windows\system32\KERNEL32.dll!K32GetModuleInformation 00007ff8c5353e10 7 bytes JMP 00007ff9c33202d0
.text G:\KeePass2.29\KeePass.exe[6464] C:\windows\system32\KERNEL32.dll!RegQueryValueExW 00007ff8c5353e20 7 bytes JMP 00007ff9c3320308
.text G:\KeePass2.29\KeePass.exe[6464] C:\windows\system32\KERNEL32.dll!RegSetValueExW 00007ff8c54039b0 7 bytes JMP 00007ff9c33203b0
.text G:\KeePass2.29\KeePass.exe[6464] C:\windows\system32\KERNEL32.dll!RegDeleteValueW 00007ff8c5403ef0 7 bytes JMP 00007ff9c3320340
.text G:\KeePass2.29\KeePass.exe[6464] C:\windows\system32\KERNEL32.dll!RegSetValueExA 00007ff8c5403fe0 7 bytes JMP 00007ff9c3320378
.text G:\KeePass2.29\KeePass.exe[6464] C:\windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 00007ff8c54306c0 7 bytes JMP 00007ff9c3320228
.text G:\KeePass2.29\KeePass.exe[6464] C:\windows\system32\KERNEL32.dll!K32GetMappedFileNameW 00007ff8c5430730 7 bytes JMP 00007ff9c3320298
.text G:\KeePass2.29\KeePass.exe[6464] C:\windows\system32\KERNEL32.dll!K32GetModuleFileNameExW 00007ff8c5430760 7 bytes JMP 00007ff9c3320260
.text G:\KeePass2.29\KeePass.exe[6464] C:\windows\system32\KERNELBASE.dll!FreeLibrary 00007ff8c33321d0 5 bytes JMP 00007ff9c3320180
.text G:\KeePass2.29\KeePass.exe[6464] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ff8c33329d0 7 bytes JMP 00007ff9c33200d8
.text G:\KeePass2.29\KeePass.exe[6464] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff8c3334310 5 bytes JMP 00007ff9c3320110
.text G:\KeePass2.29\KeePass.exe[6464] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ff8c3338d80 5 bytes JMP 00007ff9c3320148
.text G:\KeePass2.29\KeePass.exe[6464] C:\windows\SYSTEM32\combase.dll!CoCreateInstance 00007ff8c54cd050 7 bytes JMP 00007ff9c33204c8
.text G:\KeePass2.29\KeePass.exe[6464] C:\windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ff8c54fb170 5 bytes JMP 00007ff9c3320500
.text G:\KeePass2.29\KeePass.exe[6464] C:\windows\system32\USER32.dll!CreateWindowExW 00007ff8c50e6d90 10 bytes JMP 00007ff9c3320490
.text G:\KeePass2.29\KeePass.exe[6464] C:\windows\system32\USER32.dll!EnumDisplayDevicesW 00007ff8c50f74a0 5 bytes JMP 00007ff9c3320458
.text G:\KeePass2.29\KeePass.exe[6464] C:\windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff8c50f7560 1 byte JMP 00007ff9c33203e8
.text G:\KeePass2.29\KeePass.exe[6464] C:\windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ff8c50f7562 7 bytes {JMP 0xfffffffffe228e88}
.text G:\KeePass2.29\KeePass.exe[6464] C:\windows\system32\USER32.dll!EnumDisplayDevicesA 00007ff8c5106b10 5 bytes JMP 00007ff9c3320420
.text G:\KeePass2.29\KeePass.exe[6464] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff8c56b1500 8 bytes JMP 00007ff9c33201b8
.text G:\KeePass2.29\KeePass.exe[6464] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff8c56b1750 8 bytes JMP 00007ff9c33201f0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ff8c5de4b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ff8c5de4f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ff8c5de5206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ff8c5de53ff 8 bytes {JMP 0xffffffffffffffee}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ff8c5de579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ff8c5de5954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ff8c5de5ef1 8 bytes {JMP 0xffffffffffffff9e}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ff8c5de5f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399 00007ff8c5de60ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977 00007ff8c5de64d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310 00007ff8c5de6616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491 00007ff8c5de66cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359 00007ff8c5de8397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67 00007ff8c5de8a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864 00007ff8c5de8d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143 00007ff8c5de8e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510 00007ff8c5de90ae 8 bytes {JMP 0xffffffffffffff96}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715 00007ff8c5de917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772 00007ff8c5de9d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!LdrAddRefDll + 685 00007ff8c5de9fcd 8 bytes {JMP 0xffffffffffffffaf}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 352 00007ff8c5deaae0 8 bytes {JMP 0xffffffffffffffcd}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 488 00007ff8c5deab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!RtlGetVersion + 565 00007ff8c5deb2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78 00007ff8c5deb33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 311 00007ff8c5dec4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 528 00007ff8c5dec5b0 8 bytes {JMP 0xffffffffffffffc7}
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579 00007ff8c5ded0d3 8 bytes {JMP 0xffffffffffffffef}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47 00007ff8c5ded10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495 00007ff8c5ded57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43 00007ff8c5ded6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456 00007ff8c5ded888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!TpReleaseWait + 180 00007ff8c5ded944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!RtlRegisterWait + 596 00007ff8c5dedba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!TpAllocWait + 424 00007ff8c5dedd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 771 00007ff8c5dee073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 948 00007ff8c5dee124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48 00007ff8c5dee160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!RtlRandomEx + 756 00007ff8c5deeb74 8 bytes {JMP 0xffffffffffffffd0}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371 00007ff8c5defe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556 00007ff8c5df009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!RtlProtectHeap + 171 00007ff8c5df015b 8 bytes [70, 6C, 1A, FE, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744 00007ff8c5df1438 8 bytes [40, 6C, 1A, FE, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214 00007ff8c5df15e6 8 bytes [30, 6C, 1A, FE, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567 00007ff8c5df1877 8 bytes [20, 6C, 1A, FE, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429 00007ff8c5df1a2d 8 bytes [10, 6C, 1A, FE, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213 00007ff8c5df1c35 8 bytes [00, 6C, 1A, FE, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ff8c5e61290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ff8c5e61410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ff8c5e61440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ff8c5e61560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ff8c5e61610 8 bytes {JMP QWORD [RIP-0x71122]}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ff8c5e61cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ff8c5e61fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ff8c5e62850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\system32\wow64cpu.dll!CpuSetContext + 438 00000000776613f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077661583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077661621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077661674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000776616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 00000000776616e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077661727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 7
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 16 00000000776625d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\system32\wow64cpu.dll!CpuInitializeStartupContext + 308 0000000077662714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\system32\wow64cpu.dll!CpuResetToConsistentState + 529 0000000077662961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6612] C:\windows\system32\wow64cpu.dll!CpuProcessTerm + 595 0000000077662bd3 8 bytes [DC, 6A, 1A, FE, 00, 00, 00, ...]
.text C:\windows\splwow64.exe[7744] C:\windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff8c5353e10 7 bytes JMP 00007ff9c33202d0
.text C:\windows\splwow64.exe[7744] C:\windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ff8c5353e20 7 bytes JMP 00007ff9c3320308
.text C:\windows\splwow64.exe[7744] C:\windows\system32\KERNEL32.DLL!RegSetValueExW 00007ff8c54039b0 7 bytes JMP 00007ff9c33203b0
.text C:\windows\splwow64.exe[7744] C:\windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ff8c5403ef0 7 bytes JMP 00007ff9c3320340
.text C:\windows\splwow64.exe[7744] C:\windows\system32\KERNEL32.DLL!RegSetValueExA 00007ff8c5403fe0 7 bytes JMP 00007ff9c3320378
.text C:\windows\splwow64.exe[7744] C:\windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff8c54306c0 7 bytes JMP 00007ff9c3320228
.text C:\windows\splwow64.exe[7744] C:\windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff8c5430730 7 bytes JMP 00007ff9c3320298
.text C:\windows\splwow64.exe[7744] C:\windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 00007ff8c5430760 7 bytes JMP 00007ff9c3320260
.text C:\windows\splwow64.exe[7744] C:\windows\system32\KERNELBASE.dll!FreeLibrary 00007ff8c33321d0 5 bytes JMP 00007ff9c3320180
.text C:\windows\splwow64.exe[7744] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ff8c33329d0 7 bytes JMP 00007ff9c33200d8
.text C:\windows\splwow64.exe[7744] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff8c3334310 5 bytes JMP 00007ff9c3320110
.text C:\windows\splwow64.exe[7744] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ff8c3338d80 5 bytes JMP 00007ff9c3320148
.text C:\windows\splwow64.exe[7744] C:\windows\system32\USER32.dll!CreateWindowExW 00007ff8c50e6d90 10 bytes JMP 00007ff9c3320490
.text C:\windows\splwow64.exe[7744] C:\windows\system32\USER32.dll!EnumDisplayDevicesW 00007ff8c50f74a0 5 bytes JMP 00007ff9c3320458
.text C:\windows\splwow64.exe[7744] C:\windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff8c50f7560 1 byte JMP 00007ff9c33203e8
.text C:\windows\splwow64.exe[7744] C:\windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ff8c50f7562 7 bytes {JMP 0xfffffffffe228e88}
.text C:\windows\splwow64.exe[7744] C:\windows\system32\USER32.dll!EnumDisplayDevicesA 00007ff8c5106b10 5 bytes JMP 00007ff9c3320420
.text C:\windows\splwow64.exe[7744] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff8c56b1500 8 bytes JMP 00007ff9c33201b8
.text C:\windows\splwow64.exe[7744] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff8c56b1750 8 bytes JMP 00007ff9c33201f0
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE!wdGetApplicationObject + 18 0000000000aa1950 1 byte [AA]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE!wdGetApplicationObject + 137 0000000000aa19c7 1 byte [AA]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE!wdGetApplicationObject + 202 0000000000aa1a08 1 byte [AA]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE!wdGetApplicationObject + 310 0000000000aa1a74 1 byte [AA]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE!wdGetApplicationObject + 572 0000000000aa1b7a 1 byte [AA]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE!wdGetApplicationObject + 767 0000000000aa1c3d 1 byte [AA]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE!wdGetApplicationObject + 788 0000000000aa1c52 1 byte [AA]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE!wdGetApplicationObject + 800 0000000000aa1c5e 1 byte [AA]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE!wdGetApplicationObject + 836 0000000000aa1c82 1 byte [AA]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE!wdGetApplicationObject + 920 0000000000aa1cd6 1 byte [AA]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ff8c5de4b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ff8c5de4f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ff8c5de5206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ff8c5de53ff 8 bytes {JMP 0xffffffffffffffee}
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ff8c5de579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ff8c5de5954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
|
|
12.06.2015, 14:29
| #7 |
| | Booten langsam, Drucker geht...geht nicht,Programme öffnen geht...geht nicht Hier Gmer.txt Teil 4 und Ende Code:
ATTFilter .text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ff8c5de5ef1 8 bytes {JMP 0xffffffffffffff9e}
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ff8c5de5f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399 00007ff8c5de60ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977 00007ff8c5de64d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310 00007ff8c5de6616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491 00007ff8c5de66cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359 00007ff8c5de8397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67 00007ff8c5de8a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864 00007ff8c5de8d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143 00007ff8c5de8e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510 00007ff8c5de90ae 8 bytes {JMP 0xffffffffffffff96}
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715 00007ff8c5de917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772 00007ff8c5de9d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!LdrAddRefDll + 685 00007ff8c5de9fcd 8 bytes {JMP 0xffffffffffffffaf}
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 352 00007ff8c5deaae0 8 bytes {JMP 0xffffffffffffffcd}
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 488 00007ff8c5deab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!RtlGetVersion + 565 00007ff8c5deb2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78 00007ff8c5deb33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 311 00007ff8c5dec4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 528 00007ff8c5dec5b0 8 bytes {JMP 0xffffffffffffffc7}
.text ... * 2
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579 00007ff8c5ded0d3 8 bytes {JMP 0xffffffffffffffef}
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47 00007ff8c5ded10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495 00007ff8c5ded57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43 00007ff8c5ded6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456 00007ff8c5ded888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!TpReleaseWait + 180 00007ff8c5ded944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!RtlRegisterWait + 596 00007ff8c5dedba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!TpAllocWait + 424 00007ff8c5dedd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 771 00007ff8c5dee073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 948 00007ff8c5dee124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48 00007ff8c5dee160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!RtlRandomEx + 756 00007ff8c5deeb74 8 bytes {JMP 0xffffffffffffffd0}
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371 00007ff8c5defe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556 00007ff8c5df009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!RtlProtectHeap + 171 00007ff8c5df015b 8 bytes [70, 6C, AD, 7E, 00, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744 00007ff8c5df1438 8 bytes [40, 6C, AD, 7E, 00, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214 00007ff8c5df15e6 8 bytes [30, 6C, AD, 7E, 00, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567 00007ff8c5df1877 8 bytes [20, 6C, AD, 7E, 00, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429 00007ff8c5df1a2d 8 bytes [10, 6C, AD, 7E, 00, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213 00007ff8c5df1c35 8 bytes [00, 6C, AD, 7E, 00, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ff8c5e61290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ff8c5e61410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ff8c5e61440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ff8c5e61560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ff8c5e61610 8 bytes {JMP QWORD [RIP-0x71122]}
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ff8c5e61cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ff8c5e61fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ff8c5e62850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\system32\wow64cpu.dll!CpuSetContext + 438 00000000776613f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077661583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077661621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077661674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000776616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 00000000776616e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077661727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 7
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 16 00000000776625d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\system32\wow64cpu.dll!CpuInitializeStartupContext + 308 0000000077662714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\system32\wow64cpu.dll!CpuResetToConsistentState + 529 0000000077662961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE[860] C:\windows\system32\wow64cpu.dll!CpuProcessTerm + 595 0000000077662bd3 8 bytes [DC, 6A, AD, 7E, 00, 00, 00, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132 00007ff8c5de4b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!RtlPrefixString + 316 00007ff8c5de4f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710 00007ff8c5de5206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479 00007ff8c5de53ff 8 bytes {JMP 0xffffffffffffffee}
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911 00007ff8c5de579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!TpAllocWork + 420 00007ff8c5de5954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657 00007ff8c5de5ef1 8 bytes {JMP 0xffffffffffffff9e}
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78 00007ff8c5de5f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399 00007ff8c5de60ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977 00007ff8c5de64d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310 00007ff8c5de6616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491 00007ff8c5de66cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359 00007ff8c5de8397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67 00007ff8c5de8a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864 00007ff8c5de8d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143 00007ff8c5de8e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510 00007ff8c5de90ae 8 bytes {JMP 0xffffffffffffff96}
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715 00007ff8c5de917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772 00007ff8c5de9d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!LdrAddRefDll + 685 00007ff8c5de9fcd 8 bytes {JMP 0xffffffffffffffaf}
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 352 00007ff8c5deaae0 8 bytes {JMP 0xffffffffffffffcd}
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!SbSelectProcedure + 488 00007ff8c5deab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!RtlGetVersion + 565 00007ff8c5deb2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78 00007ff8c5deb33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 311 00007ff8c5dec4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 528 00007ff8c5dec5b0 8 bytes {JMP 0xffffffffffffffc7}
.text ... * 2
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579 00007ff8c5ded0d3 8 bytes {JMP 0xffffffffffffffef}
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47 00007ff8c5ded10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495 00007ff8c5ded57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43 00007ff8c5ded6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456 00007ff8c5ded888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!TpReleaseWait + 180 00007ff8c5ded944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!RtlRegisterWait + 596 00007ff8c5dedba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!TpAllocWait + 424 00007ff8c5dedd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 771 00007ff8c5dee073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!TpSetWaitEx + 948 00007ff8c5dee124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48 00007ff8c5dee160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!RtlRandomEx + 756 00007ff8c5deeb74 8 bytes {JMP 0xffffffffffffffd0}
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371 00007ff8c5defe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556 00007ff8c5df009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!RtlProtectHeap + 171 00007ff8c5df015b 8 bytes [70, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744 00007ff8c5df1438 8 bytes [40, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214 00007ff8c5df15e6 8 bytes [30, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567 00007ff8c5df1877 8 bytes [20, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429 00007ff8c5df1a2d 8 bytes [10, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213 00007ff8c5df1c35 8 bytes [00, 6C, F8, 7F, 00, 00, 00, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ff8c5e61290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ff8c5e61410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ff8c5e61440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ff8c5e61560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ff8c5e61610 8 bytes {JMP QWORD [RIP-0x71122]}
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ff8c5e61cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ff8c5e61fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ff8c5e62850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\system32\wow64cpu.dll!CpuSetContext + 438 00000000776613f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\system32\wow64cpu.dll!CpuGetContext + 387 0000000077661583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077661621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077661674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000776616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9 00000000776616e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71 0000000077661727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 7
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\system32\wow64cpu.dll!CpuFlushInstructionCache + 16 00000000776625d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\system32\wow64cpu.dll!CpuInitializeStartupContext + 308 0000000077662714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\system32\wow64cpu.dll!CpuResetToConsistentState + 529 0000000077662961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Monstera\Desktop\Gmer-19357.exe[2088] C:\windows\system32\wow64cpu.dll!CpuProcessTerm + 595 0000000077662bd3 8 bytes [DC, 6A, F8, 7F, 00, 00, 00, ...]
---- Threads - GMER 2.1 ----
Thread C:\windows\system32\csrss.exe [7464:5536] fffff960009cd2d0
Thread C:\windows\explorer.exe [3676:8068] 00007ff8ab51e630
Thread C:\windows\explorer.exe [3676:5968] 00007ff8ab51e630
Thread C:\windows\syswow64\wwahost.exe [7396:1444] 00000000543250e0
Thread C:\windows\syswow64\wwahost.exe [7396:5796] 0000000074254ad0
Thread C:\windows\syswow64\wwahost.exe [7396:7800] 0000000074255850
Thread C:\windows\syswow64\wwahost.exe [7396:200] 00000000768180b0
Thread C:\windows\syswow64\wwahost.exe [7396:4820] 00000000768180b0
Thread C:\windows\syswow64\wwahost.exe [7396:2956] 00000000768180b0
---- Processes - GMER 2.1 ----
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE [860] 0000000050bd0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\MSPTLS.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE [860] 0000000056890000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\riched20.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE [860] 00000000543f0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\PROOF\MSLID.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE [860] 0000000065bc0000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
habe da noch was gefunden im Autostart _Wow64 File not found: C:\windows\syswow64\Wow64.dll _Wow64cpu File not found: C:\windows\syswow64\Wow64cpu.dll _Wow64win File not found: C:\windows\syswow64\Wow64win.dll \MT66 Software Update File not found: C:\Program Files (x86)\Common Files\MT66 Software Update\UpdateClient.exe \GarminUpdaterTask File not found: C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe Wobei Garmin mein Navi ist. Was MT66 ist weis ich nicht Und die Wow64.dll's scheinen ja wichtig zu sein. Das wurde auch mal angezeigt, warum der Drucker nicht geht. Gruß Monstera [QUOTE=schrauber;1476845]Hi, Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke. /QUOTE] Habe ich gemacht in meinen Antworten. Gruß Monstera |
|
13.06.2015, 08:20
| #8 |
| /// the machine /// TB-Ausbilder | Booten langsam, Drucker geht...geht nicht,Programme öffnen geht...geht nicht Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.06.2015, 10:34
| #9 |
| | Booten langsam, Drucker geht...geht nicht,Programme öffnen geht...geht nicht Danke für die Hilfe. Punkt1 Malware Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 13.06.2015 Suchlauf-Zeit: 10:04:08 Logdatei: mbam.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.06.13.01 Rootkit Datenbank: v2015.06.02.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Monstera Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 415538 Verstrichene Zeit: 13 Min, 24 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Warnen PUM: Warnen Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 1 PUP.Optional.PhraseFinder.A, HKLM\SOFTWARE\WOW6432NODE\PhraseFinder_1.10.0.9, , [5dd80eacd0ba59ddf87d7c80cd36dc24], Registrierungswerte: 1 PUP.Optional.Binkiland.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Binkiland\\, , [d1648f2b642674c2b7d71ed161a2738d] Registrierungsdaten: 1 PUP.Optional.WinYahoo.A, HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://de.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_secureddownload_15_21¶m1=1¶m2=fGut: (www.google.com)D1%26bGut: (www.google.com)DIE%26ccGut: (www.google.com)Dde%26paGut: (www.google.com)DWincy%26cdGut: (www.google.com)D2XzuyEtN2Y1L1Qzu0ByEzytCzzyCyD0DyEtCyEtCzytDtC0AtN0D0Tzu0StCtBtAzytN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyD0C0EzyyC0F0EtDtGyC0Azz0DtGtCtDtBtDtGyD0AtCyCtGyD0C0AtDtBtDzy0E0Bzy0DyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0E0DtDyE0B0A0CtGtBtC0F0EtGyEyEyEzytGzy0E0AtBtG0AtB0AzytDyEtD0AtD0CyCyE2QtN0A0LzuyE%26crGut: (www.google.com)D817529139%26aGut: (www.google.com)Dwncy_secureddownload_15_21%26osGut: (www.google.com)DWindows 8.1 Connected, Schlecht: (hxxp://de.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_secureddownload_15_21¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0ByEzytCzzyCyD0DyEtCyEtCzytDtC0AtN0D0Tzu0StCtBtAzytN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyD0C0EzyyC0F0EtDtGyC0Azz0DtGtCtDtBtDtGyD0AtCyCtGyD0C0AtDtBtDzy0E0Bzy0DyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0E0DtDyE0B0A0CtGtBtC0F0EtGyEyEyEzytGzy0E0AtBtG0AtB0AzytDyEtD0AtD0CyCyE2QtN0A0LzuyE%26cr%3D817529139%26a%3Dwncy_secureddownload_15_21%26os%3DWindows 8.1 Connected),,[d85d2a90fa905dd9b563ab9737cf0ef2], %5 Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 2 PUP.Optional.ReImageRepair.A, C:\Users\Monstera\Desktop\ReimageRepair.exe, , [5ed700ba7614a88ebc48ef7a49b94ab6], PUP.Optional.Binkiland.C, C:\Users\Monstera\AppData\LocalLow\Microsoft\Internet Explorer\Services\FAVICON.ICOWSE_BINKILAND, , [b67f9b1f296160d6097adc13eb18b050], Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.203 - Bericht erstellt 03/05/2015 um 07:57:33
# Aktualisiert 30/04/2015 von Xplode
# Datenbank : 2015-05-02.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Monstera - ZUHAUSE
# Gestarted von : C:\Users\Monstera\Downloads\adwcleaner_4.203.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\{f489113b-edd6-f94d-f489-9113bedd44ef}
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v37.0.2 (x86 de)
-\\ Google Chrome v42.0.2311.135
[C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : dcpfhaghaadpjpgocojgnlhjcieeooel
[C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : ljmibnagodajacnnbifpamhggcohblip
[C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : elggllhppljlljkgfeokjpehmdamkejk
*************************
AdwCleaner[R0].txt - [1319 Bytes] - [03/05/2015 07:56:24]
AdwCleaner[S0].txt - [1239 Bytes] - [03/05/2015 07:57:33]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1298 Bytes] ##########
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.113 - Bericht erstellt 06/06/2015 um 16:00:48
# Aktualisiert 22/03/2015 von Xplode
# Datenbank : 2015-06-05.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Monstera - ZUHAUSE
# Gestarted von : C:\Users\Monstera\Desktop\Wartung\adwcleaner_4.113.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\SpeedMaxPc
Ordner Gelöscht : C:\Program Files (x86)\Common Files\SpeedMaxPc
Ordner Gelöscht : C:\Users\Monstera\AppData\Roaming\SpeedMaxPc
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17416
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v37.0.2 (x86 de)
-\\ Google Chrome v43.0.2357.81
[C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
*************************
AdwCleaner[R0].txt - [3170 Bytes] - [06/06/2015 15:58:38]
AdwCleaner[S0].txt - [2545 Bytes] - [03/05/2015 07:57:36]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2604 Bytes] ##########
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.113 - Bericht erstellt 07/06/2015 um 18:52:39
# Aktualisiert 22/03/2015 von Xplode
# Datenbank : 2015-06-05.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Monstera - ZUHAUSE
# Gestarted von : C:\Users\Monstera\Desktop\Wartung\adwcleaner_4.113.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17416
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v37.0.2 (x86 de)
-\\ Google Chrome v43.0.2357.81
*************************
AdwCleaner[R0].txt - [4686 Bytes] - [07/06/2015 18:51:47]
AdwCleaner[S0].txt - [3516 Bytes] - [06/06/2015 16:00:50]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3575 Bytes] ##########
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.206 - Bericht erstellt 13/06/2015 um 10:38:35
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-06-09.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Monstera - ZUHAUSE
# Gestarted von : C:\Users\Monstera\Desktop\AdwCleaner_4.206.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Monstera\AppData\Roaming\Tobit
Ordner Gelöscht : C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Datei Gelöscht : C:\Users\Monstera\AppData\Local\GDIPFONTCACHEV1.DAT
Datei Gelöscht : C:\Users\Monstera\AppData\Roaming\GDIPFONTCACHEV1.DAT
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17840
-\\ Mozilla Firefox v38.0.5 (x86 de)
-\\ Google Chrome v43.0.2357.124
[C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
*************************
AdwCleaner[R0].txt - [6045 Bytes] - [13/06/2015 10:36:21]
AdwCleaner[S0].txt - [4875 Bytes] - [07/06/2015 18:52:41]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4934 Bytes] ##########
[/CODE] Punkt3 Junkware JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.3 (06.13.2015:1)
OS: Windows 8.1 x64
Ran by Monstera on 13.06.2015 at 10:54:02,22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] C:\Program Files (x86)\myfree codec
Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\Users\Monstera\AppData\Roaming\productdata
Successfully deleted: [Folder] C:\Users\Monstera\AppData\Roaming\software informer
~~~ FireFox
~~~ Chrome
[C:\Users\Monstera\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Monstera\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\Monstera\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Monstera\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
dcpfhaghaadpjpgocojgnlhjcieeooel,
ljmibnagodajacnnbifpamhggcohblip
]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.06.2015 at 10:57:57,07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Punkt4 FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Monstera (administrator) on ZUHAUSE on 13-06-2015 11:17:47
Running from C:\Users\Monstera\Desktop
Loaded Profiles: Monstera (Available Profiles: UpdatusUser & Monstera)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Language Engineering Corporation, LLC) C:\Program Files (x86)\Power Translator 16\LogoMedia TranslateDotNet Server.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-23] (Hewlett-Packard )
HKLM\...\Run: [HP Remote Solution] => C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [791040 2013-06-11] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-20] (IDT, Inc.)
HKLM-x32\...\Run: [DT_HPO] => C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTuneStartup.exe [142344 2013-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [YouCam Service] => c:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-02] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-12] (Bitleader)
HKLM-x32\...\Run: [CLMLServer_For_P2G9] => C:\Program Files (x86)\CyberLink\Power2Go9\CLMLSvc_P2G9.exe [110344 2014-07-08] (CyberLink)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [4411488 2014-03-16] ()
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\Run: [Power2GoExpress9] => C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe [2397448 2014-07-08] (CyberLink Corp.)
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\Run: [RfxSrvTray] => C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\MountPoints2: {282da2d0-8686-11e4-8290-40f02f01180a} - "I:\setup.exe"
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\MountPoints2: {4afc26ad-418b-11e4-826e-40f02f01180a} - "I:\Startme.exe"
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\MountPoints2: {efb1a6b8-86cd-11e4-8291-806e6f6e6963} - "F:\setup.exe"
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\MountPoints2: {efb1a927-86cd-11e4-8291-40f02f01180a} - "F:\setup.exe"
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\MountPoints2: {efb1a980-86cd-11e4-8291-40f02f01180a} - "F:\setup.exe"
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [387536 2013-08-09] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [326224 2013-08-09] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2014-07-12]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\Users\Monstera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2014-12-17]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK14/4
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
SearchScopes: HKLM -> {8391A6F3-90A5-4644-847E-35D03D6DF1BF} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4175866378-3063520444-1462022353-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-11-18] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Recorder Toolbar -> {120A8821-2BEE-4C29-BCDA-62C577781992} -> C:\Program Files (x86)\MedienTeam66\CHIP Free MP3 converter for YouTube\IEPlugin.dll [2014-01-22] (MedienTeam66)
BHO-x32: LEC -> {4A241D35-F7EB-401b-8C5B-A904A50F280E} -> C:\Program Files (x86)\Power Translator 16\Applications\LEC IE Translation Extension.dll [2012-06-26] (Language Engineering Corporation, LLC)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-11-18] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM-x32 - Recorder Toolbar - {120A8821-2BEE-4C29-BCDA-62C577781992} - C:\Program Files (x86)\MedienTeam66\CHIP Free MP3 converter for YouTube\IEPlugin.dll [2014-01-22] (MedienTeam66)
Toolbar: HKLM-x32 - LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Program Files (x86)\Power Translator 16\Applications\LEC IE Translation Extension.dll [2012-06-26] (Language Engineering Corporation, LLC)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Monstera\AppData\Roaming\Mozilla\Firefox\Profiles\u3hrz55r.default
FF Homepage: hxxp://google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-09] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2012-06-01] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-11-18] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-11-18] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-11-18] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-4175866378-3063520444-1462022353-1002: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-4175866378-3063520444-1462022353-1002: @protectdisc.com/NPPDLicenseHelper -> C:\Users\Monstera\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll [2009-06-25] ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Extension: Extended Copy Menu (fix version) - C:\Users\Monstera\AppData\Roaming\Mozilla\Firefox\Profiles\u3hrz55r.default\Extensions\extended.copy.menu@fix.version.xpi [2015-06-11]
FF Extension: Firebug - C:\Users\Monstera\AppData\Roaming\Mozilla\Firefox\Profiles\u3hrz55r.default\Extensions\firebug@software.joehewitt.com.xpi [2015-06-11]
FF Extension: Google™ Translator - C:\Users\Monstera\AppData\Roaming\Mozilla\Firefox\Profiles\u3hrz55r.default\Extensions\jid1-dgnIBwQga0SIBw@jetpack.xpi [2015-06-11]
FF Extension: ImTranslator - C:\Users\Monstera\AppData\Roaming\Mozilla\Firefox\Profiles\u3hrz55r.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2015-06-11]
FF Extension: Adblock Plus - C:\Users\Monstera\AppData\Roaming\Mozilla\Firefox\Profiles\u3hrz55r.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-11]
FF Extension: Recorder Toolbar - C:\Program Files (x86)\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2} [2015-06-12]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-06-12]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-11-18]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-11-18]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-11-18]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-11-18]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-11-18]
FF Extension: LEC Translation Toolbar - C:\Program Files (x86)\Power Translator 16\Addins\LECToolbar [2015-02-07]
Chrome:
=======
CHR Profile: C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-09]
CHR Extension: (Beautiful landscape) - C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambfimhigppdidfmelpjmojccbfdoeig [2014-11-26]
CHR Extension: (Google Docs) - C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-09]
CHR Extension: (Google Drive) - C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-09]
CHR Extension: (LEC Chrome Extension) - C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Extensions\bckdajmkckkeodiknclojpadabahafnh [2015-02-07]
CHR Extension: (YouTube) - C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-09]
CHR Extension: (Google Search) - C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-09]
CHR Extension: (Google Sheets) - C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-09]
CHR Extension: (Skype Click to Call) - C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-04-13]
CHR Extension: (Google Wallet) - C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-09]
CHR Extension: (Gmail) - C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-09]
CHR HKLM-x32\...\Chrome\Extension: [bckdajmkckkeodiknclojpadabahafnh] - C:\Program Files (x86)\Power Translator 16\Addins\ChromeAddon.crx [2011-03-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2013-11-20] (Andrea Electronics Corporation) [File not signed]
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
S2 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [189776 2010-10-28] (DATA BECKER GmbH & Co KG)
S2 DTuneSrvc; C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTuneSrvc.exe [120328 2013-07-17] (Portrait Displays, Inc.)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-08] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
R2 LEC TranslateDotNet Server; C:\Program Files (x86)\Power Translator 16\LogoMedia TranslateDotNet Server.exe [2048736 2012-06-26] (Language Engineering Corporation, LLC)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-08-01] (Nitro PDF Software)
S2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [418312 2014-08-01] ()
R2 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe [72344 2008-05-19] (SiSoftware) [File not signed]
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-11-20] (IDT, Inc.) [File not signed]
S2 StarMoney 10 OnlineUpdate; C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe [688272 2015-04-15] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [41984 2010-11-20] (Microsoft Corporation)
S3 AVerAF35; C:\Windows\System32\Drivers\AVerAF35.sys [804992 2013-07-16] (AVerMedia TECHNOLOGIES, Inc.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7569112 2015-02-09] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 CLVirtualBus01; C:\Windows\System32\drivers\CLVirtualBus01.sys [103176 2014-03-12] (CyberLink)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows (R) Codename Longhorn DDK provider)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [142344 2014-11-18] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [771272 2014-11-18] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [67680 2014-03-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
S3 qcusbnet; C:\Windows\system32\DRIVERS\innosusbnet.sys [510976 2012-10-26] (QUALCOMM Incorporated)
S3 qcusbser; C:\Windows\system32\DRIVERS\innosusbser.sys [369792 2012-10-26] (QUALCOMM Incorporated)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [293592 2014-12-04] (Realtek Semiconductor Corp.)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-13 11:17 - 2015-06-13 11:18 - 00029108 _____ C:\Users\Monstera\Desktop\FRST.txt
2015-06-13 10:57 - 2015-06-13 10:57 - 00001571 _____ C:\Users\Monstera\Desktop\JRT.txt
2015-06-13 10:54 - 2015-06-13 10:54 - 00000207 _____ C:\windows\tweaking.com-regbackup-ZUHAUSE-Windows-8.1-(64-bit).dat
2015-06-13 10:54 - 2015-06-13 10:54 - 00000000 ____D C:\RegBackup
2015-06-13 10:19 - 2015-06-13 10:19 - 00003076 _____ C:\Users\Monstera\Desktop\mbam.txt
2015-06-13 10:03 - 2015-06-13 10:03 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-13 10:03 - 2015-06-13 10:03 - 00001141 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-13 10:03 - 2015-06-13 10:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-06-13 10:03 - 2015-06-13 10:03 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-06-13 10:03 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-06-13 10:03 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-06-13 10:03 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-06-13 09:29 - 2015-06-13 09:30 - 02943090 _____ (Thisisu) C:\Users\Monstera\Desktop\JRT.exe
2015-06-13 09:28 - 2015-06-13 09:28 - 02231296 _____ C:\Users\Monstera\Desktop\AdwCleaner_4.206.exe
2015-06-13 09:26 - 2015-06-13 09:27 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Monstera\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-12 21:18 - 2015-06-12 21:18 - 00002086 _____ C:\Users\Public\Desktop\Brother Utilities.lnk
2015-06-12 21:18 - 2015-06-12 21:18 - 00000000 ____D C:\Program Files (x86)\Brother
2015-06-12 17:43 - 2015-06-12 17:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-12 16:09 - 2015-06-12 16:09 - 00318896 _____ C:\windows\Minidump\061215-167500-01.dmp
2015-06-12 14:56 - 2015-06-12 14:57 - 00004499 _____ C:\Users\Monstera\Desktop\chat.txt
2015-06-12 13:43 - 2015-06-12 13:43 - 05197824 _____ C:\Users\Monstera\Desktop\HPSupportSolutionsFramework-11.51.0049.msi
2015-06-11 14:12 - 2015-06-03 18:18 - 00792568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-06-11 14:12 - 2015-06-03 18:18 - 00178168 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-11 08:18 - 2015-06-11 08:18 - 02108928 _____ (Farbar) C:\Users\Monstera\Desktop\FRST64.exe
2015-06-11 08:16 - 2015-06-11 08:16 - 00000000 _____ C:\Users\Monstera\defogger_reenable
2015-06-10 15:20 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-06-10 15:20 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-06-10 15:20 - 2015-05-25 15:23 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-06-10 15:20 - 2015-05-25 15:07 - 01430528 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-06-10 15:20 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-06-10 15:20 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-06-10 15:20 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-06-10 15:20 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-06-10 15:20 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-06-10 15:20 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-06-10 15:20 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-06-10 15:20 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-06-10 15:20 - 2015-05-23 04:47 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-06-10 15:20 - 2015-05-23 04:43 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-06-10 15:20 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-06-10 15:20 - 2015-05-23 04:38 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-06-10 15:20 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-06-10 15:20 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-06-10 15:20 - 2015-05-23 04:28 - 01042944 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2015-06-10 15:20 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-06-10 15:20 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-06-10 15:20 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-06-10 15:20 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-06-10 15:20 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-06-10 15:20 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-06-10 15:20 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-06-10 15:20 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-06-10 15:20 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-06-10 15:20 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-06-10 15:20 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-06-10 15:20 - 2015-05-22 20:23 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-06-10 15:20 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-06-10 15:20 - 2015-05-22 20:15 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-06-10 15:20 - 2015-05-22 20:09 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-06-10 15:20 - 2015-05-22 20:08 - 00374272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-06-10 15:20 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-06-10 15:20 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-06-10 15:20 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-06-10 15:20 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-06-10 15:20 - 2015-05-22 19:49 - 02865152 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2015-06-10 15:20 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-06-10 15:20 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-06-10 15:20 - 2015-05-21 18:47 - 04177920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-06-10 15:20 - 2015-04-25 04:34 - 00653824 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2015-06-10 15:20 - 2015-04-25 04:33 - 00549888 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2015-06-10 15:20 - 2015-04-16 08:17 - 00325464 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2015-06-10 15:20 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\authz.dll
2015-06-10 15:20 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\authz.dll
2015-06-10 15:20 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\UIAutomationCore.dll
2015-06-10 15:20 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAutomationCore.dll
2015-06-10 15:20 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\rgb9rast.dll
2015-06-10 15:20 - 2015-04-09 00:07 - 00410336 _____ C:\windows\system32\ApnDatabase.xml
2015-06-10 15:20 - 2015-04-02 00:42 - 03097600 _____ (Microsoft Corporation) C:\windows\system32\msftedit.dll
2015-06-10 15:20 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\windows\SysWOW64\msftedit.dll
2015-06-10 15:20 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
2015-06-10 15:20 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
2015-06-10 15:20 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll
2015-06-10 15:20 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
2015-06-10 15:20 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2015-06-10 15:20 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2015-06-10 15:20 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
2015-06-10 15:20 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
2015-06-10 15:20 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
2015-06-10 15:20 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2015-06-10 15:20 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
2015-06-10 15:20 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2015-06-10 15:20 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
2015-06-10 15:20 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\compstui.dll
2015-06-10 15:20 - 2015-03-20 05:08 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2015-06-10 15:20 - 2015-03-20 04:37 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
2015-06-10 15:20 - 2015-03-20 04:07 - 01091072 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2015-06-10 15:20 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\rastapi.dll
2015-06-10 15:20 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastapi.dll
2015-06-09 14:38 - 2015-06-11 08:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-06-08 15:32 - 2015-05-22 15:08 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-06-08 15:32 - 2015-05-21 15:08 - 01119232 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-06-08 15:32 - 2015-05-21 15:08 - 01020928 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-06-08 15:32 - 2015-05-21 15:08 - 00756736 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-06-08 15:32 - 2015-05-21 15:08 - 00422912 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-06-08 15:32 - 2015-05-21 15:08 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-06-08 15:32 - 2015-05-21 15:08 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-06-08 15:32 - 2015-04-17 00:07 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-06-08 13:09 - 2015-06-08 13:09 - 00000000 ____D C:\ProgramData\HP
2015-06-07 19:05 - 2015-06-13 11:17 - 00000000 ____D C:\FRST
2015-06-07 12:17 - 2015-06-07 12:17 - 00302011 _____ C:\Users\Monstera\Desktop\WindowsUpdateDiagnostic.diagcab
2015-06-06 18:43 - 2015-06-07 08:23 - 00000000 ____D C:\Users\Monstera\AppData\Local\Abelssoft
2015-06-06 18:43 - 2015-06-06 20:02 - 00000000 ____D C:\windows\System32\Tasks\Abelssoft
2015-06-06 18:43 - 2015-06-06 20:02 - 00000000 ____D C:\ProgramData\XDMessagingv4
2015-06-06 18:43 - 2015-06-06 18:43 - 00000000 ____D C:\Users\Monstera\AppData\Roaming\Abelssoft
2015-06-06 18:19 - 2015-06-06 20:00 - 00007626 _____ C:\Users\Monstera\AppData\Local\resmon.resmoncfg
2015-06-06 16:18 - 2015-06-06 16:18 - 00000000 ____D C:\Users\Monstera\AppData\Roaming\InstallShield
2015-06-06 01:45 - 2015-06-12 16:09 - 776785978 _____ C:\windows\MEMORY.DMP
2015-06-02 08:17 - 2015-06-02 08:17 - 00000000 ____D C:\Users\Monstera\AppData\Local\GWX
2015-05-22 21:51 - 2015-05-22 21:51 - 00003100 _____ C:\windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-4175866378-3063520444-1462022353-1002
2015-05-17 23:52 - 2015-06-13 10:57 - 00001134 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-17 23:52 - 2015-06-13 10:43 - 00001130 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-17 22:30 - 2015-06-12 16:30 - 00003180 _____ C:\windows\System32\Tasks\HPCeeScheduleForMonstera
2015-05-17 22:30 - 2015-06-12 16:30 - 00000360 _____ C:\windows\Tasks\HPCeeScheduleForMonstera.job
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-13 11:03 - 2014-12-02 10:45 - 01799351 _____ C:\windows\WindowsUpdate.log
2015-06-13 11:03 - 2014-09-02 20:15 - 00005144 _____ C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ZUHAUSE-Monstera Zuhause
2015-06-13 11:03 - 2014-06-26 06:10 - 00000000 ___DO C:\Users\Monstera\SkyDrive
2015-06-13 11:03 - 2014-06-25 10:50 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4175866378-3063520444-1462022353-1002
2015-06-13 11:02 - 2013-08-22 17:36 - 00000000 ____D C:\windows\system32\sru
2015-06-13 10:49 - 2014-03-25 11:50 - 00757756 _____ C:\windows\system32\perfh007.dat
2015-06-13 10:49 - 2014-03-25 11:50 - 00173028 _____ C:\windows\system32\perfc007.dat
2015-06-13 10:49 - 2013-08-24 23:38 - 01783968 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-13 10:44 - 2014-07-26 21:06 - 00000000 ____D C:\Users\Monstera\.rainlendar2
2015-06-13 10:43 - 2015-03-22 11:23 - 00041015 _____ C:\windows\setupact.log
2015-06-13 10:43 - 2014-07-07 17:44 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-06-13 10:43 - 2013-08-22 16:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-13 10:40 - 2015-03-23 16:24 - 00010354 _____ C:\windows\PFRO.log
2015-06-13 10:38 - 2015-05-03 07:55 - 00000000 ____D C:\AdwCleaner
2015-06-13 10:32 - 2014-06-29 12:50 - 00000368 _____ C:\windows\lgfwup.ini
2015-06-13 10:32 - 2014-06-29 12:49 - 00000000 ____D C:\Program Files (x86)\lg_fwupdate
2015-06-13 10:29 - 2013-08-22 17:36 - 00000000 ____D C:\windows\addins
2015-06-13 10:27 - 2014-06-25 10:45 - 00000000 ____D C:\Users\Monstera
2015-06-13 10:27 - 2013-08-22 15:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-06-13 10:25 - 2014-06-29 16:55 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-06-13 09:20 - 2014-06-25 10:47 - 00003938 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{3EFF7CDF-B4D4-493C-B898-8A3F429F93A7}
2015-06-12 21:18 - 2014-06-29 11:12 - 00000050 _____ C:\windows\system32\bridf08b.dat
2015-06-12 20:03 - 2014-06-26 09:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-12 19:32 - 2014-03-25 11:09 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-12 16:09 - 2015-01-29 12:49 - 00000000 ____D C:\windows\Minidump
2015-06-12 13:53 - 2014-03-25 11:44 - 00000000 ____D C:\windows\Hewlett-Packard
2015-06-12 13:50 - 2013-09-03 06:57 - 00000000 ____D C:\SWSETUP
2015-06-12 13:48 - 2014-06-29 02:24 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2015-06-11 20:40 - 2014-07-09 19:11 - 00000000 ___RD C:\Users\Monstera\Desktop\Wartung
2015-06-11 20:35 - 2013-08-22 16:44 - 00491856 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-11 20:30 - 2013-08-22 17:36 - 00000000 ___RD C:\windows\ToastData
2015-06-11 20:30 - 2013-08-22 17:36 - 00000000 ____D C:\windows\PolicyDefinitions
2015-06-11 14:17 - 2014-06-26 06:40 - 00000000 ____D C:\windows\system32\MRT
2015-06-11 14:17 - 2013-08-22 17:36 - 00000000 ____D C:\windows\AppReadiness
2015-06-11 14:17 - 2013-08-22 17:20 - 00000000 ____D C:\windows\CbsTemp
2015-06-11 14:13 - 2014-06-29 11:35 - 00000000 ____D C:\Users\Monstera\AppData\Local\CrashDumps
2015-06-11 14:12 - 2014-06-26 06:40 - 140135120 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-06-11 07:05 - 2015-05-13 08:25 - 00000000 ____D C:\Program Files (x86)\StarMoney 10
2015-06-09 19:25 - 2014-06-29 16:55 - 00003772 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-06-08 15:45 - 2014-12-12 12:48 - 00000000 ____D C:\windows\system32\appraiser
2015-06-08 15:45 - 2014-07-10 17:24 - 00000000 ___SD C:\windows\system32\CompatTel
2015-06-08 15:35 - 2015-01-21 10:24 - 00057344 ___SH C:\Users\Monstera\Desktop\Thumbs.db
2015-06-08 15:14 - 2015-05-04 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2015-06-08 15:14 - 2015-04-06 11:20 - 00000000 ___SD C:\windows\system32\GWX
2015-06-08 15:14 - 2014-08-04 00:07 - 00000000 ____D C:\Users\Monstera\AppData\Local\Microsoft Help
2015-06-08 15:14 - 2014-08-04 00:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-06-08 15:14 - 2014-06-29 11:23 - 00000000 ____D C:\ProgramData\Protexis
2015-06-08 15:14 - 2014-06-25 15:33 - 00000000 ____D C:\Users\Monstera\AppData\Roaming\MediaMonkey
2015-06-08 15:14 - 2014-06-25 10:56 - 00000000 ____D C:\Users\Monstera\AppData\Local\Hewlett-Packard
2015-06-08 15:14 - 2014-03-25 11:08 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-06-08 15:14 - 2013-08-22 15:36 - 00000000 ____D C:\windows\system32\Sysprep
2015-06-08 15:14 - 2013-08-22 15:36 - 00000000 ____D C:\windows\servicing
2015-06-08 15:06 - 2013-08-22 17:36 - 00000000 ____D C:\windows\registration
2015-06-08 15:04 - 2014-09-23 16:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MedienTeam66
2015-06-08 15:03 - 2014-09-23 16:00 - 00000000 ____D C:\Program Files (x86)\MedienTeam66
2015-06-08 15:03 - 2014-08-04 17:08 - 00000000 __RHD C:\MSOCache
2015-06-08 14:48 - 2015-05-04 10:59 - 00000000 ____D C:\Users\Monstera\AppData\Local\LogMeIn Rescue Applet
2015-06-08 13:55 - 2014-07-29 20:42 - 00000000 ____D C:\Users\Monstera\AppData\Roaming\Nitro PDF
2015-06-08 13:26 - 2015-01-27 20:23 - 00000000 ___HD C:\Program Files (x86)\Temp
2015-05-28 06:52 - 2014-07-28 11:29 - 00000000 ____D C:\Users\Monstera\AppData\Roaming\Nitro
2015-05-27 20:20 - 2015-04-13 17:36 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-25 14:06 - 2014-03-25 11:14 - 00000000 ____D C:\ProgramData\Temp
2015-05-24 00:58 - 2015-01-11 20:58 - 00000000 ____D C:\Users\Monstera\AppData\Roaming\Audacity
2015-05-22 21:51 - 2015-05-09 08:59 - 00000000 ___RD C:\Users\Monstera\OneDrive
2015-05-20 08:31 - 2015-04-06 11:20 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-05-19 08:35 - 2014-08-04 00:04 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-05-17 23:52 - 2014-11-09 20:36 - 00004106 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 23:52 - 2014-11-09 20:36 - 00003870 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-17 20:59 - 2014-10-26 21:16 - 00000000 ____D C:\MediaphorAG
2015-05-17 20:52 - 2014-07-09 18:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tobit.Software
2015-05-15 19:41 - 2013-08-22 17:36 - 00000000 ____D C:\windows\rescache
==================== Files in the root of some directories =======
2015-02-03 00:35 - 2010-01-15 11:36 - 0075040 _____ () C:\Program Files (x86)\Common Files\SpeechUninstall.exe
2015-05-03 08:05 - 2015-05-03 08:49 - 0000115 _____ () C:\Users\Monstera\AppData\Roaming\LogFile.txt
2014-07-17 22:07 - 2015-01-27 18:32 - 14155776 _____ () C:\Users\Monstera\AppData\Roaming\Sandra.mdb
2006-12-11 20:13 - 2006-12-11 20:13 - 0097336 _____ (Un4seen Developments) C:\Users\Monstera\AppData\Local\bass.dll
2006-12-11 20:13 - 2006-12-11 20:13 - 0013872 _____ (Un4seen Developments) C:\Users\Monstera\AppData\Local\basscd.dll
2007-08-13 18:46 - 2007-08-13 18:46 - 0102912 _____ (Albert L Faber) C:\Users\Monstera\AppData\Local\CDRip.dll
2007-08-13 18:46 - 2007-08-13 18:46 - 0155136 _____ () C:\Users\Monstera\AppData\Local\lame_enc.dll
2007-01-18 22:09 - 2007-01-18 22:09 - 0623616 _____ (Ivan Bischof ©2003 - 2005) C:\Users\Monstera\AppData\Local\No23 Recorder.exe
2005-08-23 23:34 - 2005-08-23 23:34 - 0029184 _____ () C:\Users\Monstera\AppData\Local\no23xwrapper.dll
2006-10-26 02:06 - 2006-10-26 02:06 - 0015872 _____ () C:\Users\Monstera\AppData\Local\ogg.dll
2015-02-18 20:01 - 2015-04-26 10:26 - 0001576 _____ () C:\Users\Monstera\AppData\Local\RecConfig.xml
2015-06-06 18:19 - 2015-06-06 20:00 - 0007626 _____ () C:\Users\Monstera\AppData\Local\resmon.resmoncfg
2006-10-26 02:06 - 2006-10-26 02:06 - 0143872 _____ () C:\Users\Monstera\AppData\Local\vorbis.dll
2006-10-26 02:06 - 2006-10-26 02:06 - 0064000 _____ () C:\Users\Monstera\AppData\Local\vorbisenc.dll
2006-10-26 02:06 - 2006-10-26 02:06 - 0019456 _____ () C:\Users\Monstera\AppData\Local\vorbisfile.dll
Some files in TEMP:
====================
C:\Users\Monstera\AppData\Local\Temp\Extract.exe
C:\Users\Monstera\AppData\Local\Temp\Quarantine.exe
C:\Users\Monstera\AppData\Local\Temp\SP70869.exe
C:\Users\Monstera\AppData\Local\Temp\sqlite3.dll
C:\Users\Monstera\AppData\Local\Temp\TOBITCLT.DLL
C:\Users\Monstera\AppData\Local\Temp\_isDEE2.exe
C:\Users\Monstera\AppData\Local\Temp\_isF165.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-12 08:47
==================== End of log ============================
Addition [CODE] Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Monstera at 2015-06-13 11:18:16
Running from C:\Users\Monstera\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4175866378-3063520444-1462022353-500 - Administrator - Disabled)
Gast (S-1-5-21-4175866378-3063520444-1462022353-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4175866378-3063520444-1462022353-1006 - Limited - Enabled)
Monstera (S-1-5-21-4175866378-3063520444-1462022353-1002 - Administrator - Enabled) => C:\Users\Monstera
UpdatusUser (S-1-5-21-4175866378-3063520444-1462022353-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
ArcSoft Family Paint (HKLM-x32\...\{8393D59B-D45F-470B-90EB-EEA15E664AE7}) (Version: 1.0.5.263 - ArcSoft)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version: - AVM Berlin)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.170 - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: - Broadcom Corporation)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9850 - Broadcom Corporation)
Brother MFL-Pro Suite DCP-195C (HKLM-x32\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.10.2.21 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.4.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.75.0.2014 - Georgy Berdyshev)
CHIP Free MP3 converter for YouTube 3.0 Professional-E (HKLM-x32\...\{2ED4869A-6D7B-4a8f-8261-B842DA4852FA}_is1) (Version: - )
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel PaintShop Pro Picture Tube Content (x32 Version: 1.0.0.40 - Corel Corporation) Hidden
Corel PaintShop Pro Picture Tube Content (x32 Version: 1.00.0000 - Ihr Firmenname) Hidden
Corel PaintShop Pro X5 (HKLM-x32\...\_{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}) (Version: 15.1.0.10 - Corel Corporation)
Corel PaintShop Pro X5 (x32 Version: 15.3.0.8 - Corel Corporation) Hidden
CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0.6603 - CyberLink Corp.)
CyberLink Media Suite 8 (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2820b - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4323 - CyberLink Corp.)
CyberLink Power2Go 9 (HKLM-x32\...\InstallShield_{57D68FAE-CB5E-4fd6-AE3B-A0B43375AF18}) (Version: 9.0.1827.0 - CyberLink Corp.)
CyberLink PowerBackup 2.5 (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.9729 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.4223 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.0.4203 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DATA BECKER Graphic Works 10 (HKLM-x32\...\Graphic Works 10_is1) (Version: 1.3.511.0 - DATA BECKER GmbH & Co. KG)
DC Toolkit Pro 2 2D (HKLM-x32\...\DC Toolkit Pro 2 2D_is1) (Version: 2.0.0 - Franzis Verlag)
DesignCAD 23 (HKLM-x32\...\{6A4BD131-24BC-4703-82A0-F4008B6BCFBE}) (Version: 23.0.0 - IMSIDesign)
DesignCAD 3D Max 22 (HKLM-x32\...\{CCB44106-246E-45A5-8507-801F39EFB55B}) (Version: 22.0.0 - IMSIDesign)
DesignCAD Toolkit Architektur & Planung 22 Version 22 (HKLM-x32\...\DesignCAD Toolkit Architektur & Planung 22_is1) (Version: 22 - Franzis Verlag)
DesignCAD Toolkit Holz- & Tischlerarbeiten 22 Version 22 (HKLM-x32\...\DesignCAD Toolkit Holz- & Tischlerarbeiten 22_is1) (Version: 22 - Franzis Verlag)
DesignCAD Toolkit Maschinenbau & Konstruktion 22 Version 22 (HKLM-x32\...\DesignCAD Toolkit Maschinenbau & Konstruktion 22_is1) (Version: 22 - Franzis Verlag)
Elevated Installer (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Foxit Reader (HKLM-x32\...\{27E3028E-06C8-4C09-8C3E-07F7F508304E}) (Version: 5.3.1.606 - Foxit Corporation)
Freemake Video Converter Version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
Garmin BaseCamp (HKLM-x32\...\{CBB4288D-2D32-43BB-8FCE-3F102E385956}) (Version: 4.3.5 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{50755d67-ae60-4e47-b3d6-ce44d01b5a95}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP Documentation (HKLM-x32\...\{2BCA9FBB-9606-4689-8BAA-F63981F674FC}) (Version: 1.1.0.0 - Hewlett-Packard)
HP My Display TouchSmart Edition (HKLM-x32\...\{4DCC6015-444F-42A6-9D84-0B8D4B9EFC09}) (Version: 2.06.56.0 - Portrait Displays, Inc.)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7045.4591 - Hewlett-Packard)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.27.0 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.29.01 - Hyperionics Technology LLC)
ICA (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6486.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Interaktive Sprachreise - Sprachkurs 1 Deutsch (HKLM-x32\...\ISRD1_18_689525) (Version: - digital publishing AG)
IPM_PSP_COM (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LEC Translate (HKLM-x32\...\{B593248E-8CD9-4C54-AD3C-F6848C6A4209}) (Version: 1.00.0004 - Ihr Firmenname)
LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
LingvoSoft Dictionary 2008 German<->Polish for Windows (HKLM-x32\...\LingvoSoft Dictionary 2008 German<->Polish for Windows) (Version: 4.1.29 - LingvoSoft)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
MEDUSA4 PERSONAL V5.2.1 (HKLM-x32\...\MEDUSA4_PERSONAL_V5_2_1) (Version: V5.2.1 - CAD Schroer)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Speech SDK 5.1 (HKLM-x32\...\{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}) (Version: 5.1.4324.0 - Microsoft)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
Mp3tag v2.66 (HKLM-x32\...\Mp3tag) (Version: v2.66 - Florian Heidenreich)
MyFreeCodec (HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\MyFreeCodec) (Version: - )
Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski (HKLM-x32\...\{90150000-001F-0415-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Nitro Pro 9 (HKLM-x32\...\{c5237a45-d0a0-4c12-9269-f59919377de1}) (Version: 9.5.3.8 - Nitro)
Nitro Pro 9 (Version: 9.5.3.8 - Nitro) Hidden
No23 Recorder (HKLM-x32\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
NVIDIA Graphics Driver 326.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 326.49 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.312.1 - Tracker Software Products Ltd)
Protect Disc License Helper 1.0.125 (IE) (HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PSPPContent (x32 Version: 15.3.0.8 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
PSPPro64 (Version: 15.1.0.10 - Corel Corporation) Hidden
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version: - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Recovery Manager (x32 Version: 5.5.0.7001 - CyberLink Corp.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
SDK (x32 Version: 2.39.004 - Portrait Displays, Inc.) Hidden
Setup (x32 Version: 15.1.0.10 - Ihr Firmenname) Hidden
SiSoftware Sandra Lite 2014.SP2a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 20.35.2014.6 - SiSoftware)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Speech Support (HKLM-x32\...\Speech Support) (Version: - LEC)
SPEEDLINK USB GAMEPAD (HKLM-x32\...\{9C42F308-A660-4445-9269-A740EEDCC1F0}) (Version: 09.28.2009 - SPEEDLINK)
StarMoney (x32 Version: 4.0.4.16 - StarFinanz) Hidden
StarMoney (x32 Version: 5.0.0.226 - StarFinanz) Hidden
StarMoney 10 (HKLM-x32\...\{84697C64-F9EB-4E92-851C-CF063FCC2619}) (Version: 10 - Star Finanz GmbH)
SteuerSparErklärung 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.30.147 - Akademische Arbeitsgemeinschaft)
Sun ODF Plugin for Microsoft Office 3.2 (HKLM-x32\...\{BD136CE7-6666-4273-A056-8D92F8625AAB}) (Version: 3.2.9483 - Sun Microsystems)
TextMaker Viewer (HKLM-x32\...\TextMaker Viewer) (Version: - SoftMaker Software GmbH)
Themen aktuell 1 (HKLM-x32\...\Themen aktuell 1) (Version: - )
TrueSync (HKLM-x32\...\{3638D219-4AA5-4700-AC4B-272EF2F2DF1B}) (Version: 1.2.0.120 - sMedio Inc.)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Windows Driver Package - Broadcom Corporation (bcbtums) Bluetooth (08/09/2013 12.0.0.7620) (HKLM\...\7C5445C0C158E0500C2E0AD361C4CBF4BAB2476C) (Version: 08/09/2013 12.0.0.7620 - Broadcom Corporation)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Google, Inc (androidusb) USB (12/11/2012 1.0.0009.00000) (HKLM\...\8E3B176889FB79CA6FE02DF2D2D6DE38BD9FC9F6) (Version: 12/11/2012 1.0.0009.00000 - Google, Inc)
Windows-Treiberpaket - Qualcomm (qcusbnet) Net (10/16/2012 1.0.7.9) (HKLM\...\C03E573DE1B7F7DE10352D707DF6C7E88C0FAA03) (Version: 10/16/2012 1.0.7.9 - Qualcomm)
Windows-Treiberpaket - Qualcomm Incorporated (qcusbser) Modem (10/26/2012 2.1.0.3) (HKLM\...\19E621CD1BB015A1069EB53B72E2877DC34F038C) (Version: 10/26/2012 2.1.0.3 - Qualcomm Incorporated)
Windows-Treiberpaket - Qualcomm Incorporated (qcusbser) Ports (10/26/2012 2.1.0.3) (HKLM\...\521149B020D2896EF887ED07E9FC74DD0C29C17A) (Version: 10/26/2012 2.1.0.3 - Qualcomm Incorporated)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinGeo 2003 (HKLM-x32\...\ST5UNST #1) (Version: - )
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-4 - Bitnami)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4175866378-3063520444-1462022353-1002_Classes\CLSID\{709B46F4-FBCF-ED50-402C-902450FE3277}\InprocServer32 -> C:\windows\system32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4175866378-3063520444-1462022353-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Monstera\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
12-06-2015 13:43:55 Installed HP Support Solutions Framework
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00B9D83B-7FAC-4915-8E4B-5A18081CC592} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {06D19CD4-3F9E-4603-A93C-5B346269021B} - System32\Tasks\HPCeeScheduleForMonstera => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {07E42F17-BDC2-4FCE-AA71-B1468534B155} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {144DEFBE-AF92-44DD-9384-DFF762ECD106} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {208B023F-4978-48F2-B98A-9A7DBA806C97} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {3D04C3BB-B1B7-4570-9CB0-D0A9F9862517} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-18] (Microsoft Corporation)
Task: {52569C6D-8021-4CAE-996E-CACBDA800644} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-4175866378-3063520444-1462022353-1002
Task: {5319C33F-9C60-413D-9769-9699CC296A53} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-06-11] (Microsoft Corporation)
Task: {6A36D534-DD79-4606-87B7-6B2D53B59007} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {6D2558FE-B7F3-4D59-9745-6FF2C4340637} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {766E3E4D-DDD2-4C0E-A2F5-A6365A38118C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {76C1DC99-9FEB-4D10-945F-E0798D573B3F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ZUHAUSE-Monstera Zuhause => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)
Task: {7B14CB93-1AB5-49BA-BB93-7B960807C3F4} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {7B297CE8-F759-4A1D-8B22-B95E24268492} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-09] (Google Inc.)
Task: {7DCC1A4F-D46A-47A1-9257-F09292BA4206} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {80663FCE-50C8-4741-81E0-AE97FA8DA441} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-09] (Google Inc.)
Task: {93975150-2308-4FC5-AA84-9552B278D8CA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {B6F81985-21CF-4C77-A2D1-AFCD13CB81FB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {C07FE103-971F-44AD-999F-3210EB27ECE4} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-4175866378-3063520444-1462022353-1002 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {C4BE6DB7-00AD-4442-8B31-2A1E772B814D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {CEF30E15-A78F-4CC4-B8BA-9F541D3AE341} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-09] (Adobe Systems Incorporated)
Task: {E183B514-815B-4474-A453-C4299DE80E0F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {ECD869D2-BE17-46B6-B79C-566034B419F6} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForMonstera.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (Whitelisted) ==============
2013-08-09 02:08 - 2013-08-09 02:08 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-03-29 12:25 - 2015-03-29 12:25 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2015-05-19 08:34 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-07-09 18:57 - 2013-06-03 13:06 - 03999512 _____ () C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
2014-09-02 20:00 - 2006-02-23 11:35 - 00020480 _____ () C:\windows\System32\FritzColorPort64.dll
2014-12-02 19:15 - 2014-11-06 16:35 - 00020240 _____ () C:\windows\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2014-03-06 16:00 - 2014-03-06 16:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2013-08-09 02:08 - 2013-08-09 02:08 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-03-25 11:11 - 2013-08-08 23:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-03-29 12:25 - 2015-03-29 12:25 - 00039384 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2015-06-09 21:58 - 2015-06-05 20:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll
2015-06-09 21:58 - 2015-06-05 20:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:8D09CB9B
AlternateDataStreams: C:\ProgramData\Temp:9EFFD26D
AlternateDataStreams: C:\Users\Monstera\SkyDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Monstera\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "ImageBrowser EX Agent.lnk"
HKLM\...\StartupApproved\Run32: => "ControlCenter3"
HKLM\...\StartupApproved\Run32: => "BrMfcWnd"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G9"
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\StartupApproved\Run: => "rfxsrvtray"
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\StartupApproved\Run: => "Browser Infrastructure Helper"
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\StartupApproved\Run: => "KiesPreload"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D84FA73F-FD9C-4E4E-953A-DB0D57169FF4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{A75F79D3-00C8-4E93-B4D7-7E2AE15AA8B8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{617D5179-6437-45DF-A39F-9E4AC66AAA92}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{05F01972-82E9-4B16-8384-E05C929398F9}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{C3972112-95E0-4FA0-AB70-2A8F58BA2C37}] => (Allow) LPort=8182
FirewallRules: [{09368204-F452-4066-8E5E-1070FC77666F}] => (Allow) LPort=5353
FirewallRules: [{0085D229-5825-4D54-B73D-E291B21C8405}] => (Allow) LPort=8088
FirewallRules: [{56705213-A75A-4BDA-8DB5-C9B660F4A152}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{735585C4-AEC6-4C45-98FE-C2094869F124}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{50BF67A7-CA63-4619-92FD-B97C2DEF422C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{356EC2CE-34D6-4025-99BF-4EB81C5CC681}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EEE1177F-201C-417E-8A1E-044C4C3EBFC1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B536863A-3926-4E85-B720-AA8FCEB42059}] => (Allow) C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
FirewallRules: [{17B6FF74-86A4-41DC-A1B5-776940633219}] => (Allow) C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
FirewallRules: [{1E02272D-7E1B-43E6-8F55-77389B9CDDC2}] => (Allow) C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-client.exe
FirewallRules: [{04A4D5D2-005E-47FC-9298-A9D3F407B0A1}] => (Allow) C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-client.exe
FirewallRules: [{5D02EC5F-B5DB-47EB-82D1-04AB797C26AF}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe
FirewallRules: [{83B58603-B807-447F-AB9B-F52E807D2678}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{81533655-1886-4FDE-98CA-DB0BBC04AAE2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{CC5F9F6F-DB09-4C60-9C22-8F68D9681D32}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{07D32250-39D5-4850-8ABD-EB184557FAB2}] => (Allow) LPort=2869
FirewallRules: [{17976139-DBB6-4D73-BE81-FB288BA48A71}] => (Allow) LPort=1900
FirewallRules: [{8E47A96A-27D5-47DF-BA0F-BD0E7225808B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{927FBF67-404D-40C5-88D8-DF01BE380AB5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{812A7373-C94F-47CC-A154-5184474EA474}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\WNt500x64\RpcSandraSrv.exe
FirewallRules: [TCP Query User{F4C75863-360F-4ABE-BCDF-3504C2257018}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [UDP Query User{F965599E-0311-4616-81C9-21B3A9B8FDD4}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [{491CA7A9-D41C-482B-89B0-BFA1C3B6DF7D}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{745AA406-9219-4B8F-ACCC-76D721B7FBEB}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{7C643DCA-AD51-4676-8E0C-BA9293C7DFA0}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe
FirewallRules: [{FD0B51E1-C7A1-4E99-9C87-6129C2683B0D}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe
FirewallRules: [{59E152F3-B0C6-4AF1-BCB5-F147875F6762}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{FCB6777C-4BEB-4DDF-B85D-7BAB93A80BF0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
==================== Faulty Device Manager Devices =============
Name: USB-Massenspeichergerät
Description: USB-Massenspeichergerät
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Kompatibles USB-Speichergerät
Service: USBSTOR
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/13/2015 11:14:47 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (06/13/2015 11:14:47 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
Error: (06/13/2015 10:43:46 AM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet. 0x0.
Error: (06/13/2015 10:43:46 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
Kontext: Anwendung, SystemIndex Katalog
Error: (06/13/2015 10:43:46 AM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Die Leistungsüberwachung kann für den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
Error: (06/13/2015 10:43:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: HPSupportSolutionsFrameworkService.exe, Version: 1.0.12.0, Zeitstempel: 0x5516ea52
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54504ade
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00014598
ID des fehlerhaften Prozesses: 0x9f0
Startzeit der fehlerhaften Anwendung: 0xHPSupportSolutionsFrameworkService.exe0
Pfad der fehlerhaften Anwendung: HPSupportSolutionsFrameworkService.exe1
Pfad des fehlerhaften Moduls: HPSupportSolutionsFrameworkService.exe2
Berichtskennung: HPSupportSolutionsFrameworkService.exe3
Vollständiger Name des fehlerhaften Pakets: HPSupportSolutionsFrameworkService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: HPSupportSolutionsFrameworkService.exe5
Error: (06/13/2015 10:43:27 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: HPSupportSolutionsFrameworkService.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Configuration.ConfigurationErrorsException
Stapel:
bei System.Configuration.ConfigurationManager.EnsureConfigurationSystem()
bei System.Configuration.ConfigurationManager.PrepareConfigSystem()
bei System.Configuration.ConfigurationManager.GetSection(System.String)
bei System.Configuration.PrivilegedConfigurationManager.GetSection(System.String)
bei System.Diagnostics.DiagnosticsConfiguration.GetConfigSection()
bei System.Diagnostics.DiagnosticsConfiguration.Initialize()
bei System.Diagnostics.DiagnosticsConfiguration.get_Sources()
bei System.Diagnostics.TraceSource.Initialize()
bei System.Net.Logging.InitializeLogging()
bei System.Net.Logging.get_On()
bei System.Net.HttpListener..ctor()
bei SolutionsFrameworkService.SsfWebserver..ctor(Int32)
bei SolutionsFrameworkService.SsfService..ctor()
bei SolutionsFrameworkService.Program.Main()
Error: (06/13/2015 10:38:49 AM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet. 0x0.
Error: (06/13/2015 10:38:49 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
Kontext: Anwendung, SystemIndex Katalog
Error: (06/13/2015 10:38:49 AM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Die Leistungsüberwachung kann für den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
System errors:
=============
Error: (06/13/2015 10:54:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/13/2015 10:54:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/13/2015 10:54:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/13/2015 10:54:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) ME Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/13/2015 10:54:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "HP Support Assistant Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/13/2015 10:54:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "StarMoney 10 OnlineUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/13/2015 10:54:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Radio.fx Server" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/13/2015 10:54:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Protexis Licensing V2" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/13/2015 10:54:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NitroUpdateService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/13/2015 10:54:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office:
=========================
Error: (06/13/2015 11:14:47 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (06/13/2015 11:14:47 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
Error: (06/13/2015 10:43:46 AM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: WSearchIdxPiDer Vorgang wurde erfolgreich beendet. 0x0
Error: (06/13/2015 10:43:46 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Error: (06/13/2015 10:43:46 AM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description:
Error: (06/13/2015 10:43:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: HPSupportSolutionsFrameworkService.exe1.0.12.05516ea52KERNELBASE.dll6.3.9600.1741554504adee0434352000145989f001d0a5b50423cef5C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exeC:\windows\SYSTEM32\KERNELBASE.dll4af3eb31-11a8-11e5-82ee-40f02f01180a
Error: (06/13/2015 10:43:27 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: HPSupportSolutionsFrameworkService.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Configuration.ConfigurationErrorsException
Stapel:
bei System.Configuration.ConfigurationManager.EnsureConfigurationSystem()
bei System.Configuration.ConfigurationManager.PrepareConfigSystem()
bei System.Configuration.ConfigurationManager.GetSection(System.String)
bei System.Configuration.PrivilegedConfigurationManager.GetSection(System.String)
bei System.Diagnostics.DiagnosticsConfiguration.GetConfigSection()
bei System.Diagnostics.DiagnosticsConfiguration.Initialize()
bei System.Diagnostics.DiagnosticsConfiguration.get_Sources()
bei System.Diagnostics.TraceSource.Initialize()
bei System.Net.Logging.InitializeLogging()
bei System.Net.Logging.get_On()
bei System.Net.HttpListener..ctor()
bei SolutionsFrameworkService.SsfWebserver..ctor(Int32)
bei SolutionsFrameworkService.SsfService..ctor()
bei SolutionsFrameworkService.Program.Main()
Error: (06/13/2015 10:38:49 AM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: WSearchIdxPiDer Vorgang wurde erfolgreich beendet. 0x0
Error: (06/13/2015 10:38:49 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Error: (06/13/2015 10:38:49 AM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description:
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4570T CPU @ 2.90GHz
Percentage of memory in use: 28%
Total physical RAM: 8082.58 MB
Available physical RAM: 5756.23 MB
Total Pagefile: 16274.58 MB
Available Pagefile: 13869.18 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:918.56 GB) (Free:756.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:11.47 GB) (Free:1.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (windows 10-Daten) (Fixed) (Total:58.59 GB) (Free:58.49 GB) NTFS
Drive g: (Elements) (Fixed) (Total:872.89 GB) (Free:591.23 GB) NTFS
Drive k: (BootStick) (Fixed) (Total:59.62 GB) (Free:35.24 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C0CF919E)
Partition: GPT Partition Type.
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: CA8D065F)
Partition 1: (Not Active) - (Size=872.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=58.6 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: E97BA250)
Partition 1: (Active) - (Size=59.6 GB) - (Type=07 NTFS)
==================== End of log ============================
Ich habe gestern meinen Drucker alles deinstalliert und neu installiert, da ging der Drucker. Heute starte ich den PC und der Drucker geht wieder nicht. Ich habe die Vermutung, dass da was mit den 32 bit und 64 bit nicht ganz in Ordnung ist. Nur fehlt mir da jegliches Verständniss. Habe mal zu DDR-Zeiten eine Computer mit einem Freund selbst zusammen gelötet, allerdings war da alles in Maschinensprache...die heutigen Programme sind zu schwer für mich. Gruß Monstera |
|
14.06.2015, 06:07
| #10 |
| /// the machine /// TB-Ausbilder | Booten langsam, Drucker geht...geht nicht,Programme öffnen geht...geht nichtESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.06.2015, 12:44
| #11 |
| | Booten langsam, Drucker geht...geht nicht,Programme öffnen geht...geht nicht Hi schrauber, Punkt 1 ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=02cd9fab8413c841a890f878c270d1fc
# end=init
# utc_time=2015-06-14 06:41:45
# local_time=2015-06-14 08:41:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 24317
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=02cd9fab8413c841a890f878c270d1fc
# end=updated
# utc_time=2015-06-14 06:48:28
# local_time=2015-06-14 08:48:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=02cd9fab8413c841a890f878c270d1fc
# engine=24317
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-14 07:47:48
# local_time=2015-06-14 09:47:48 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1296 16777213 100 100 48168 38340750 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 8153739 32302392 0 0
# scanned=293980
# found=0
# cleaned=0
# scan_time=3559
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=02cd9fab8413c841a890f878c270d1fc
# end=init
# utc_time=2015-06-14 07:48:18
# local_time=2015-06-14 09:48:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 24317
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=02cd9fab8413c841a890f878c270d1fc
# end=updated
# utc_time=2015-06-14 07:49:54
# local_time=2015-06-14 09:49:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=02cd9fab8413c841a890f878c270d1fc
# engine=24317
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-14 09:37:16
# local_time=2015-06-14 11:37:16 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1296 16777213 100 100 54736 38347318 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 8160307 32308960 0 0
# scanned=493911
# found=0
# cleaned=0
# scan_time=6441
Code:
ATTFilter Results of screen317's Security Check version 1.002
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 17.0.0.188
Mozilla Firefox (38.0.5)
Mozilla Thunderbird (31.7.0)
Google Chrome (43.0.2357.124)
Google Chrome (43.0.2357.81)
````````Process Check: objlist.exe by Laurent````````
StarMoney 10 ouservice StarMoneyOnlineUpdate.exe
Kaspersky Lab Kaspersky Internet Security 15.0.0 avp.exe
Kaspersky Lab Kaspersky Internet Security 15.0.0 avpui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Monstera (administrator) on ZUHAUSE on 14-06-2015 12:22:16
Running from C:\Users\Monstera\Desktop\pc-Wartung
Loaded Profiles: UpdatusUser & Monstera (Available Profiles: UpdatusUser & Monstera)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(DATA BECKER GmbH & Co KG) C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTuneSrvc.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Language Engineering Corporation, LLC) C:\Program Files (x86)\Power Translator 16\LogoMedia TranslateDotNet Server.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(BitLeader) C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-23] (Hewlett-Packard )
HKLM\...\Run: [HP Remote Solution] => C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [791040 2013-06-11] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-20] (IDT, Inc.)
HKLM-x32\...\Run: [DT_HPO] => C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTuneStartup.exe [142344 2013-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [YouCam Service] => c:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-02] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-12] (Bitleader)
HKLM-x32\...\Run: [CLMLServer_For_P2G9] => C:\Program Files (x86)\CyberLink\Power2Go9\CLMLSvc_P2G9.exe [110344 2014-07-08] (CyberLink)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [4411488 2014-03-16] ()
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\Run: [Power2GoExpress9] => C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe [2397448 2014-07-08] (CyberLink Corp.)
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\Run: [RfxSrvTray] => C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\MountPoints2: {282da2d0-8686-11e4-8290-40f02f01180a} - "I:\setup.exe"
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\MountPoints2: {4afc26ad-418b-11e4-826e-40f02f01180a} - "I:\Startme.exe"
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\MountPoints2: {efb1a6b8-86cd-11e4-8291-806e6f6e6963} - "F:\setup.exe"
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\MountPoints2: {efb1a927-86cd-11e4-8291-40f02f01180a} - "F:\setup.exe"
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\...\MountPoints2: {efb1a980-86cd-11e4-8291-40f02f01180a} - "F:\setup.exe"
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [387536 2013-08-09] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [326224 2013-08-09] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2014-07-12]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\Users\Monstera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2014-12-17]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK14/4
HKU\S-1-5-21-4175866378-3063520444-1462022353-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
URLSearchHook: [S-1-5-21-4175866378-3063520444-1462022353-1001] ATTENTION ==> Default URLSearchHook is missing
SearchScopes: HKLM -> {8391A6F3-90A5-4644-847E-35D03D6DF1BF} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4175866378-3063520444-1462022353-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4175866378-3063520444-1462022353-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-11-18] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Recorder Toolbar -> {120A8821-2BEE-4C29-BCDA-62C577781992} -> C:\Program Files (x86)\MedienTeam66\CHIP Free MP3 converter for YouTube\IEPlugin.dll [2014-01-22] (MedienTeam66)
BHO-x32: LEC -> {4A241D35-F7EB-401b-8C5B-A904A50F280E} -> C:\Program Files (x86)\Power Translator 16\Applications\LEC IE Translation Extension.dll [2012-06-26] (Language Engineering Corporation, LLC)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-11-18] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM-x32 - Recorder Toolbar - {120A8821-2BEE-4C29-BCDA-62C577781992} - C:\Program Files (x86)\MedienTeam66\CHIP Free MP3 converter for YouTube\IEPlugin.dll [2014-01-22] (MedienTeam66)
Toolbar: HKLM-x32 - LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Program Files (x86)\Power Translator 16\Applications\LEC IE Translation Extension.dll [2012-06-26] (Language Engineering Corporation, LLC)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Monstera\AppData\Roaming\Mozilla\Firefox\Profiles\u3hrz55r.default
FF Homepage: hxxp://google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-09] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2012-06-01] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-11-18] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-11-18] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-11-18] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-4175866378-3063520444-1462022353-1002: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-4175866378-3063520444-1462022353-1002: @protectdisc.com/NPPDLicenseHelper -> C:\Users\Monstera\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll [2009-06-25] ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Extension: Extended Copy Menu (fix version) - C:\Users\Monstera\AppData\Roaming\Mozilla\Firefox\Profiles\u3hrz55r.default\Extensions\extended.copy.menu@fix.version.xpi [2015-06-11]
FF Extension: Firebug - C:\Users\Monstera\AppData\Roaming\Mozilla\Firefox\Profiles\u3hrz55r.default\Extensions\firebug@software.joehewitt.com.xpi [2015-06-11]
FF Extension: Google™ Translator - C:\Users\Monstera\AppData\Roaming\Mozilla\Firefox\Profiles\u3hrz55r.default\Extensions\jid1-dgnIBwQga0SIBw@jetpack.xpi [2015-06-11]
FF Extension: ImTranslator - C:\Users\Monstera\AppData\Roaming\Mozilla\Firefox\Profiles\u3hrz55r.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2015-06-11]
FF Extension: Adblock Plus - C:\Users\Monstera\AppData\Roaming\Mozilla\Firefox\Profiles\u3hrz55r.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-11]
FF Extension: Recorder Toolbar - C:\Program Files (x86)\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2} [2015-06-12]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-06-12]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-11-18]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-11-18]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-11-18]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-11-18]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-11-18]
FF Extension: LEC Translation Toolbar - C:\Program Files (x86)\Power Translator 16\Addins\LECToolbar [2015-02-07]
Chrome:
=======
CHR Profile: C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-09]
CHR Extension: (Beautiful landscape) - C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambfimhigppdidfmelpjmojccbfdoeig [2014-11-26]
CHR Extension: (Google Docs) - C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-09]
CHR Extension: (Google Drive) - C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-09]
CHR Extension: (LEC Chrome Extension) - C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Extensions\bckdajmkckkeodiknclojpadabahafnh [2015-02-07]
CHR Extension: (YouTube) - C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-09]
CHR Extension: (Google Search) - C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-09]
CHR Extension: (Google Sheets) - C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-09]
CHR Extension: (Skype Click to Call) - C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-04-13]
CHR Extension: (Google Wallet) - C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-09]
CHR Extension: (Gmail) - C:\Users\Monstera\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-09]
CHR HKLM-x32\...\Chrome\Extension: [bckdajmkckkeodiknclojpadabahafnh] - C:\Program Files (x86)\Power Translator 16\Addins\ChromeAddon.crx [2011-03-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2013-11-20] (Andrea Electronics Corporation) [File not signed]
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R2 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [189776 2010-10-28] (DATA BECKER GmbH & Co KG)
R2 DTuneSrvc; C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTuneSrvc.exe [120328 2013-07-17] (Portrait Displays, Inc.)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-08] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
R2 LEC TranslateDotNet Server; C:\Program Files (x86)\Power Translator 16\LogoMedia TranslateDotNet Server.exe [2048736 2012-06-26] (Language Engineering Corporation, LLC)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-08-01] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [418312 2014-08-01] ()
R2 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe [72344 2008-05-19] (SiSoftware) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-11-20] (IDT, Inc.) [File not signed]
R2 StarMoney 10 OnlineUpdate; C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe [688272 2015-04-15] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [41984 2010-11-20] (Microsoft Corporation)
S3 AVerAF35; C:\Windows\System32\Drivers\AVerAF35.sys [804992 2013-07-16] (AVerMedia TECHNOLOGIES, Inc.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7569112 2015-02-09] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 CLVirtualBus01; C:\Windows\System32\drivers\CLVirtualBus01.sys [103176 2014-03-12] (CyberLink)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows (R) Codename Longhorn DDK provider)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [142344 2014-11-18] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [771272 2014-11-18] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [67680 2014-03-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
S3 qcusbnet; C:\Windows\system32\DRIVERS\innosusbnet.sys [510976 2012-10-26] (QUALCOMM Incorporated)
S3 qcusbser; C:\Windows\system32\DRIVERS\innosusbser.sys [369792 2012-10-26] (QUALCOMM Incorporated)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [293592 2014-12-04] (Realtek Semiconductor Corp.)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-14 12:19 - 2015-06-14 12:19 - 00000924 _____ C:\Users\Monstera\Desktop\checkup.txt
2015-06-14 12:09 - 2015-06-14 12:09 - 00000961 _____ C:\Users\Monstera\Desktop\1checkup.txt
2015-06-14 12:07 - 2015-06-14 12:07 - 00852639 _____ C:\Users\Monstera\Desktop\SecurityCheck.exe
2015-06-14 08:41 - 2015-06-14 08:41 - 02870984 _____ (ESET) C:\Users\Monstera\Desktop\esetsmartinstaller_deu.exe
2015-06-14 08:25 - 2015-06-14 08:25 - 00000000 ____D C:\Users\Monstera\Desktop\Konstruktion
2015-06-14 08:20 - 2015-06-14 12:21 - 00000000 ____D C:\Users\Monstera\Desktop\pc-Wartung
2015-06-13 10:54 - 2015-06-13 10:54 - 00000207 _____ C:\windows\tweaking.com-regbackup-ZUHAUSE-Windows-8.1-(64-bit).dat
2015-06-13 10:54 - 2015-06-13 10:54 - 00000000 ____D C:\RegBackup
2015-06-13 10:03 - 2015-06-13 10:03 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-13 10:03 - 2015-06-13 10:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-06-13 10:03 - 2015-06-13 10:03 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-06-13 10:03 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-06-13 10:03 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-06-13 10:03 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-06-12 21:18 - 2015-06-12 21:18 - 00002086 _____ C:\Users\Public\Desktop\Brother Utilities.lnk
2015-06-12 21:18 - 2015-06-12 21:18 - 00000000 ____D C:\Program Files (x86)\Brother
2015-06-12 17:43 - 2015-06-12 17:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-12 16:09 - 2015-06-12 16:09 - 00318896 _____ C:\windows\Minidump\061215-167500-01.dmp
2015-06-11 14:12 - 2015-06-03 18:18 - 00792568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-06-11 14:12 - 2015-06-03 18:18 - 00178168 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-11 08:16 - 2015-06-11 08:16 - 00000000 _____ C:\Users\Monstera\defogger_reenable
2015-06-10 15:20 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-06-10 15:20 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-06-10 15:20 - 2015-05-25 15:23 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-06-10 15:20 - 2015-05-25 15:07 - 01430528 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-06-10 15:20 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-06-10 15:20 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-06-10 15:20 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-06-10 15:20 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-06-10 15:20 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-06-10 15:20 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-06-10 15:20 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-06-10 15:20 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-06-10 15:20 - 2015-05-23 04:47 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-06-10 15:20 - 2015-05-23 04:43 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-06-10 15:20 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-06-10 15:20 - 2015-05-23 04:38 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-06-10 15:20 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-06-10 15:20 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-06-10 15:20 - 2015-05-23 04:28 - 01042944 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2015-06-10 15:20 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-06-10 15:20 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-06-10 15:20 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-06-10 15:20 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-06-10 15:20 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-06-10 15:20 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-06-10 15:20 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-06-10 15:20 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-06-10 15:20 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-06-10 15:20 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-06-10 15:20 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-06-10 15:20 - 2015-05-22 20:23 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-06-10 15:20 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-06-10 15:20 - 2015-05-22 20:15 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-06-10 15:20 - 2015-05-22 20:09 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-06-10 15:20 - 2015-05-22 20:08 - 00374272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-06-10 15:20 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-06-10 15:20 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-06-10 15:20 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-06-10 15:20 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-06-10 15:20 - 2015-05-22 19:49 - 02865152 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2015-06-10 15:20 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-06-10 15:20 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-06-10 15:20 - 2015-05-21 18:47 - 04177920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-06-10 15:20 - 2015-04-25 04:34 - 00653824 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2015-06-10 15:20 - 2015-04-25 04:33 - 00549888 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2015-06-10 15:20 - 2015-04-16 08:17 - 00325464 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2015-06-10 15:20 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\authz.dll
2015-06-10 15:20 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\authz.dll
2015-06-10 15:20 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\UIAutomationCore.dll
2015-06-10 15:20 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAutomationCore.dll
2015-06-10 15:20 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\rgb9rast.dll
2015-06-10 15:20 - 2015-04-09 00:07 - 00410336 _____ C:\windows\system32\ApnDatabase.xml
2015-06-10 15:20 - 2015-04-02 00:42 - 03097600 _____ (Microsoft Corporation) C:\windows\system32\msftedit.dll
2015-06-10 15:20 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\windows\SysWOW64\msftedit.dll
2015-06-10 15:20 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
2015-06-10 15:20 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
2015-06-10 15:20 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll
2015-06-10 15:20 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
2015-06-10 15:20 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2015-06-10 15:20 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2015-06-10 15:20 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
2015-06-10 15:20 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
2015-06-10 15:20 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
2015-06-10 15:20 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2015-06-10 15:20 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
2015-06-10 15:20 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2015-06-10 15:20 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
2015-06-10 15:20 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\compstui.dll
2015-06-10 15:20 - 2015-03-20 05:08 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2015-06-10 15:20 - 2015-03-20 04:37 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
2015-06-10 15:20 - 2015-03-20 04:07 - 01091072 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2015-06-10 15:20 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\rastapi.dll
2015-06-10 15:20 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastapi.dll
2015-06-09 14:38 - 2015-06-11 08:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-06-08 15:32 - 2015-05-22 15:08 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-06-08 15:32 - 2015-05-21 15:08 - 01119232 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-06-08 15:32 - 2015-05-21 15:08 - 01020928 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-06-08 15:32 - 2015-05-21 15:08 - 00756736 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-06-08 15:32 - 2015-05-21 15:08 - 00422912 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-06-08 15:32 - 2015-05-21 15:08 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-06-08 15:32 - 2015-05-21 15:08 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-06-08 15:32 - 2015-04-17 00:07 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-06-08 13:09 - 2015-06-08 13:09 - 00000000 ____D C:\ProgramData\HP
2015-06-07 19:05 - 2015-06-14 12:22 - 00000000 ____D C:\FRST
2015-06-06 18:43 - 2015-06-07 08:23 - 00000000 ____D C:\Users\Monstera\AppData\Local\Abelssoft
2015-06-06 18:43 - 2015-06-06 20:02 - 00000000 ____D C:\windows\System32\Tasks\Abelssoft
2015-06-06 18:43 - 2015-06-06 20:02 - 00000000 ____D C:\ProgramData\XDMessagingv4
2015-06-06 18:43 - 2015-06-06 18:43 - 00000000 ____D C:\Users\Monstera\AppData\Roaming\Abelssoft
2015-06-06 18:19 - 2015-06-06 20:00 - 00007626 _____ C:\Users\Monstera\AppData\Local\resmon.resmoncfg
2015-06-06 16:18 - 2015-06-06 16:18 - 00000000 ____D C:\Users\Monstera\AppData\Roaming\InstallShield
2015-06-06 01:45 - 2015-06-12 16:09 - 776785978 _____ C:\windows\MEMORY.DMP
2015-06-02 08:17 - 2015-06-02 08:17 - 00000000 ____D C:\Users\Monstera\AppData\Local\GWX
2015-05-22 21:51 - 2015-05-22 21:51 - 00003100 _____ C:\windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-4175866378-3063520444-1462022353-1002
2015-05-17 23:52 - 2015-06-14 11:57 - 00001134 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-17 23:52 - 2015-06-14 08:19 - 00001130 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-17 22:30 - 2015-06-12 16:30 - 00003180 _____ C:\windows\System32\Tasks\HPCeeScheduleForMonstera
2015-05-17 22:30 - 2015-06-12 16:30 - 00000360 _____ C:\windows\Tasks\HPCeeScheduleForMonstera.job
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-14 12:12 - 2014-07-07 17:44 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-06-14 12:02 - 2013-08-22 17:36 - 00000000 ____D C:\windows\system32\sru
2015-06-14 11:25 - 2014-06-29 16:55 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-06-14 09:51 - 2014-12-02 10:45 - 02020487 _____ C:\windows\WindowsUpdate.log
2015-06-14 09:17 - 2014-06-25 10:47 - 00003938 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{3EFF7CDF-B4D4-493C-B898-8A3F429F93A7}
2015-06-14 08:36 - 2014-06-25 10:50 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4175866378-3063520444-1462022353-1002
2015-06-14 08:29 - 2013-08-22 17:36 - 00000000 ____D C:\windows\AppReadiness
2015-06-14 08:25 - 2014-07-09 19:11 - 00000000 ___RD C:\Users\Monstera\Desktop\Wartung
2015-06-14 08:24 - 2014-06-26 01:06 - 00000000 ___RD C:\Users\Monstera\Desktop\Lernen
2015-06-14 08:19 - 2014-09-02 20:15 - 00005144 _____ C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ZUHAUSE-Monstera Zuhause
2015-06-14 08:19 - 2014-07-26 21:06 - 00000000 ____D C:\Users\Monstera\.rainlendar2
2015-06-14 08:19 - 2014-06-29 12:50 - 00000368 _____ C:\windows\lgfwup.ini
2015-06-14 08:19 - 2014-06-29 12:49 - 00000000 ____D C:\Program Files (x86)\lg_fwupdate
2015-06-14 08:19 - 2014-06-26 06:10 - 00000000 ___DO C:\Users\Monstera\SkyDrive
2015-06-14 00:15 - 2015-03-22 11:23 - 00041363 _____ C:\windows\setupact.log
2015-06-13 22:25 - 2015-05-13 08:25 - 00000000 ____D C:\Program Files (x86)\StarMoney 10
2015-06-13 20:30 - 2014-03-25 11:50 - 00757756 _____ C:\windows\system32\perfh007.dat
2015-06-13 20:30 - 2014-03-25 11:50 - 00173028 _____ C:\windows\system32\perfc007.dat
2015-06-13 20:30 - 2013-08-24 23:38 - 01783968 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-13 20:24 - 2013-08-22 16:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-13 12:32 - 2013-08-22 17:36 - 00000000 ____D C:\windows\rescache
2015-06-13 10:40 - 2015-03-23 16:24 - 00010354 _____ C:\windows\PFRO.log
2015-06-13 10:38 - 2015-05-03 07:55 - 00000000 ____D C:\AdwCleaner
2015-06-13 10:29 - 2013-08-22 17:36 - 00000000 ____D C:\windows\addins
2015-06-13 10:27 - 2014-06-25 10:45 - 00000000 ____D C:\Users\Monstera
2015-06-13 10:27 - 2013-08-22 15:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-06-12 21:18 - 2014-06-29 11:12 - 00000050 _____ C:\windows\system32\bridf08b.dat
2015-06-12 20:03 - 2014-06-26 09:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-12 19:32 - 2014-03-25 11:09 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-12 16:09 - 2015-01-29 12:49 - 00000000 ____D C:\windows\Minidump
2015-06-12 13:53 - 2014-03-25 11:44 - 00000000 ____D C:\windows\Hewlett-Packard
2015-06-12 13:50 - 2013-09-03 06:57 - 00000000 ____D C:\SWSETUP
2015-06-12 13:48 - 2014-06-29 02:24 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2015-06-11 20:35 - 2013-08-22 16:44 - 00491856 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-11 20:30 - 2013-08-22 17:36 - 00000000 ___RD C:\windows\ToastData
2015-06-11 20:30 - 2013-08-22 17:36 - 00000000 ____D C:\windows\PolicyDefinitions
2015-06-11 14:17 - 2014-06-26 06:40 - 00000000 ____D C:\windows\system32\MRT
2015-06-11 14:17 - 2013-08-22 17:20 - 00000000 ____D C:\windows\CbsTemp
2015-06-11 14:13 - 2014-06-29 11:35 - 00000000 ____D C:\Users\Monstera\AppData\Local\CrashDumps
2015-06-11 14:12 - 2014-06-26 06:40 - 140135120 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-06-09 19:25 - 2014-06-29 16:55 - 00003772 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-06-08 15:45 - 2014-12-12 12:48 - 00000000 ____D C:\windows\system32\appraiser
2015-06-08 15:45 - 2014-07-10 17:24 - 00000000 ___SD C:\windows\system32\CompatTel
2015-06-08 15:35 - 2015-01-21 10:24 - 00057344 ___SH C:\Users\Monstera\Desktop\Thumbs.db
2015-06-08 15:14 - 2015-05-04 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2015-06-08 15:14 - 2015-04-06 11:20 - 00000000 ___SD C:\windows\system32\GWX
2015-06-08 15:14 - 2014-08-04 00:07 - 00000000 ____D C:\Users\Monstera\AppData\Local\Microsoft Help
2015-06-08 15:14 - 2014-08-04 00:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-06-08 15:14 - 2014-06-29 11:23 - 00000000 ____D C:\ProgramData\Protexis
2015-06-08 15:14 - 2014-06-25 15:33 - 00000000 ____D C:\Users\Monstera\AppData\Roaming\MediaMonkey
2015-06-08 15:14 - 2014-06-25 10:56 - 00000000 ____D C:\Users\Monstera\AppData\Local\Hewlett-Packard
2015-06-08 15:14 - 2014-03-25 11:08 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-06-08 15:14 - 2013-08-22 15:36 - 00000000 ____D C:\windows\system32\Sysprep
2015-06-08 15:14 - 2013-08-22 15:36 - 00000000 ____D C:\windows\servicing
2015-06-08 15:06 - 2013-08-22 17:36 - 00000000 ____D C:\windows\registration
2015-06-08 15:04 - 2014-09-23 16:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MedienTeam66
2015-06-08 15:03 - 2014-09-23 16:00 - 00000000 ____D C:\Program Files (x86)\MedienTeam66
2015-06-08 15:03 - 2014-08-04 17:08 - 00000000 __RHD C:\MSOCache
2015-06-08 14:48 - 2015-05-04 10:59 - 00000000 ____D C:\Users\Monstera\AppData\Local\LogMeIn Rescue Applet
2015-06-08 13:55 - 2014-07-29 20:42 - 00000000 ____D C:\Users\Monstera\AppData\Roaming\Nitro PDF
2015-06-08 13:26 - 2015-01-27 20:23 - 00000000 ___HD C:\Program Files (x86)\Temp
2015-05-28 06:52 - 2014-07-28 11:29 - 00000000 ____D C:\Users\Monstera\AppData\Roaming\Nitro
2015-05-27 20:20 - 2015-04-13 17:36 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-25 14:06 - 2014-03-25 11:14 - 00000000 ____D C:\ProgramData\Temp
2015-05-24 00:58 - 2015-01-11 20:58 - 00000000 ____D C:\Users\Monstera\AppData\Roaming\Audacity
2015-05-22 21:51 - 2015-05-09 08:59 - 00000000 ___RD C:\Users\Monstera\OneDrive
2015-05-20 08:31 - 2015-04-06 11:20 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-05-19 08:35 - 2014-08-04 00:04 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-05-17 23:52 - 2014-11-09 20:36 - 00004106 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 23:52 - 2014-11-09 20:36 - 00003870 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-17 20:59 - 2014-10-26 21:16 - 00000000 ____D C:\MediaphorAG
2015-05-17 20:52 - 2014-07-09 18:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tobit.Software
==================== Files in the root of some directories =======
2015-02-03 00:35 - 2010-01-15 11:36 - 0075040 _____ () C:\Program Files (x86)\Common Files\SpeechUninstall.exe
2015-05-03 08:05 - 2015-05-03 08:49 - 0000115 _____ () C:\Users\Monstera\AppData\Roaming\LogFile.txt
2014-07-17 22:07 - 2015-01-27 18:32 - 14155776 _____ () C:\Users\Monstera\AppData\Roaming\Sandra.mdb
2006-12-11 20:13 - 2006-12-11 20:13 - 0097336 _____ (Un4seen Developments) C:\Users\Monstera\AppData\Local\bass.dll
2006-12-11 20:13 - 2006-12-11 20:13 - 0013872 _____ (Un4seen Developments) C:\Users\Monstera\AppData\Local\basscd.dll
2007-08-13 18:46 - 2007-08-13 18:46 - 0102912 _____ (Albert L Faber) C:\Users\Monstera\AppData\Local\CDRip.dll
2007-08-13 18:46 - 2007-08-13 18:46 - 0155136 _____ () C:\Users\Monstera\AppData\Local\lame_enc.dll
2007-01-18 22:09 - 2007-01-18 22:09 - 0623616 _____ (Ivan Bischof ©2003 - 2005) C:\Users\Monstera\AppData\Local\No23 Recorder.exe
2005-08-23 23:34 - 2005-08-23 23:34 - 0029184 _____ () C:\Users\Monstera\AppData\Local\no23xwrapper.dll
2006-10-26 02:06 - 2006-10-26 02:06 - 0015872 _____ () C:\Users\Monstera\AppData\Local\ogg.dll
2015-02-18 20:01 - 2015-04-26 10:26 - 0001576 _____ () C:\Users\Monstera\AppData\Local\RecConfig.xml
2015-06-06 18:19 - 2015-06-06 20:00 - 0007626 _____ () C:\Users\Monstera\AppData\Local\resmon.resmoncfg
2006-10-26 02:06 - 2006-10-26 02:06 - 0143872 _____ () C:\Users\Monstera\AppData\Local\vorbis.dll
2006-10-26 02:06 - 2006-10-26 02:06 - 0064000 _____ () C:\Users\Monstera\AppData\Local\vorbisenc.dll
2006-10-26 02:06 - 2006-10-26 02:06 - 0019456 _____ () C:\Users\Monstera\AppData\Local\vorbisfile.dll
Some files in TEMP:
====================
C:\Users\Monstera\AppData\Local\Temp\Extract.exe
C:\Users\Monstera\AppData\Local\Temp\Quarantine.exe
C:\Users\Monstera\AppData\Local\Temp\SP70869.exe
C:\Users\Monstera\AppData\Local\Temp\sqlite3.dll
C:\Users\Monstera\AppData\Local\Temp\TOBITCLT.DLL
C:\Users\Monstera\AppData\Local\Temp\_isDEE2.exe
C:\Users\Monstera\AppData\Local\Temp\_isF165.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-12 08:47
==================== End of log ============================
Drucker ging immer noch nicht. Konnte einfach nicht die Druckaufträge löschen, wenn ich gesagt habe Druckauftrag abrechen, wurde er zwar gelöscht, gleichzeitig erschienen aber zwei neue Aufträge. Habe dann aber den Drucker im Display zurückgesetzt auf Werkszustand, da waren alle Aufträge weg. PC runter gefahren und wieder hoch....Drucker geht noch. Jetzt scheint er auch schneller zu booten...mal sehen wie sich das entwickelt. Sollte das alles wieder losgehen, kann ich dann in diesem Beitrag auf dich zurückgreifen? Noch eine Frage bitte. Ich will meinen PC auf Windows 10 vorbereiten, das heißt, ich schmeiße jetzt alles was nicht unbedingt gebraucht wird runter. Das deinstallieren mache ich mich REVO Uninstaller. Muss ich dann die Registrie auch noch putzen. Wenn ich das alles fertig habe möchte ich das System spiegeln. Hast du da ein Linke wo das in deutsch beschrieben ist....kann kein englisch Nochmal danke Gruß Monstera |
|
15.06.2015, 06:17
| #12 |
| /// the machine /// TB-Ausbilder | Booten langsam, Drucker geht...geht nicht,Programme öffnen geht...geht nicht Wenn Du Revo nutzt brauchst Du an der Registry nix machen. Wenn Fragen sind einfach hier melden, klar .Was genau meinst Du mit spiegeln?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.06.2015, 10:56
| #13 |
| | Booten langsam, Drucker geht...geht nicht,Programme öffnen geht...geht nicht Mit spiegeln meine ich das mögliche zurück speichern des gesamten Systems mit installierten Programmen. Also ich habe den PC sauber, mache eine Kopie und kann das dann im Ernstfall zurückspielen. Kompliziert ausgedrückt. hoffe du hast mich verstanden. Gruß Monstera |
|
16.06.2015, 05:57
| #14 |
| /// the machine /// TB-Ausbilder | Booten langsam, Drucker geht...geht nicht,Programme öffnen geht...geht nicht Ok, das ist aber nicht spiegeln  Besorg Dir Acronis TrueImage, oder ein anderes ImageTool, und mach dann ein komplettes Backup deines Systems, irgendwo extern. Das kannste dann sauber zurückspielen wenn was ist
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.06.2015, 09:42
| #15 |
| | Booten langsam, Drucker geht...geht nicht,Programme öffnen geht...geht nicht Hi schrauber, der PC ist eigentlich jetzt ok. Nur meldet mein Kaspersky seltsame Dinge die ich nicht deuten kann. (Siehe Anhang) Ich habe das alles erst einmal verboten. Das war schon zum zweiten mal so. Kannst du mir nen Tipp geben was das ist und was ich machen muss. Gruß Monstera |
|
| Themen zu Booten langsam, Drucker geht...geht nicht,Programme öffnen geht...geht nicht |
| ccleaner, experten, kaspersky, programme, pup.optional.binkiland.c, pup.optional.phrasefinder.a, pup.optional.reimagerepair.a, pup.optional.winyahoo.a, reagiert, trojaner, versucht, verzweifel, verzweifeln, windows 8.1 64 bit |
Linear-Darstellung
