die
Addition -Logdatei,
[CODE]
Additional
FRST Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Asterix at 2015-06-19 12:18:39
Running from C:\Users\Asterix\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1399061574-1972378148-1948253659-500 - Administrator - Disabled)
Asterix (S-1-5-21-1399061574-1972378148-1948253659-1000 - Administrator - Enabled) => C:\Users\Asterix
Gast (S-1-5-21-1399061574-1972378148-1948253659-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1399061574-1972378148-1948253659-1003 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Anki (HKLM-x32\...\Anki) (Version: - )
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.07021 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.07021 - Cisco Systems, Inc.) Hidden
Citavi 5 (HKLM-x32\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.0.0.11 - Swiss Academic Software)
Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
Dell System Detect (HKU\S-1-5-21-1399061574-1972378148-1948253659-1000\...\73f463568823ebbe) (Version: 5.14.0.9 - Dell)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-302 303 305 306 Series Printer Uninstall (HKLM\...\EPSON XP-302 303 305 306 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.15) (Version: 9.15 - Artifex Software Inc.)
GSview 5.0 (HKLM\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd)
Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4101 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.24 - Intel(R) Corporation) Hidden
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{eddf4201-b72e-4e94-9e7b-ac1ba97c029f}) (Version: 16.11.0 - Intel Corporation)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
L.A. Noire (HKLM-x32\...\Steam App 110800) (Version: - Team Bondi)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MATLAB R2014b (HKLM\...\Matlab R2014b) (Version: 8.4 - The MathWorks, Inc.)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1399061574-1972378148-1948253659-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MiKTeX 2.9 (HKU\S-1-5-21-1399061574-1972378148-1948253659-1000\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
NVIDIA 3D Vision Treiber 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 350.12 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Grafiktreiber 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Poseidon64 14.0 (HKLM\...\Poseidon64) (Version: 14.0 - DNV GL SE)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.27.0 - Renesas Electronics Corporation) Hidden
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
SimCity 4 Deluxe (HKLM-x32\...\Steam App 24780) (Version: - EA - Maxis)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
Sound Blaster Tactic(3D) (HKLM-x32\...\{92000C16-939B-44CA-802F-0D552019D7C8}) (Version: 1.0 - Creative Technology Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.6.0 - Synaptics Incorporated)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
TeamSpeak 3 Client (HKU\S-1-5-21-1399061574-1972378148-1948253659-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Texmaker (HKLM-x32\...\Texmaker) (Version: - )
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version: - CD PROJEKT RED)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1399061574-1972378148-1948253659-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Asterix\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1399061574-1972378148-1948253659-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Asterix\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1399061574-1972378148-1948253659-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Asterix\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1399061574-1972378148-1948253659-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Asterix\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1399061574-1972378148-1948253659-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Asterix\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
19-06-2015 11:48:29 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1DA3345A-F739-456B-8020-F81A16CB11CE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-29] (Google Inc.)
Task: {24CC45C7-2763-4DAF-BDC9-173F9CAD73A6} - System32\Tasks\avast! Emergency Update => C:\Program Files\Avast\AvastEmUpdate.exe [2015-06-18] (Avast Software s.r.o.)
Task: {42B1F115-527A-41B6-B135-4AB4CF0B5C77} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Idexif-Asterix Idexif => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)
Task: {45509DCE-0A96-43BE-BADA-D4695FDC7162} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {6B12437C-3B10-4B94-AC89-E44DDAF0A1C4} - System32\Tasks\MATLAB R2014b Startup Accelerator => C:\Program Files\MATLAB\R2014b\bin\win64\MATLABStartupAccelerator.exe [2014-07-26] ()
Task: {6ECDB4E0-8BC5-4605-B3CF-BD3388441B53} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-19] (Microsoft Corporation)
Task: {7FA4B018-513E-4125-8D1C-36A109A6BD49} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-29] (Google Inc.)
Task: {A7B78A6F-44BE-46B3-A6BB-B27A3A558C9B} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {BB57AC26-582B-4316-8AA9-F57E24F00057} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {BBF808A9-3ABC-4330-B3F0-13E6F92AD337} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {BC689F85-BA48-487C-B625-B2B12914DE3F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {E2B1C102-56FC-407F-9293-4A51605DB5E6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {F0DD77DF-D1BC-42A4-84A9-D7CF423A8033} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {F2F40284-7754-411C-9408-9EA466C80948} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MATLAB R2014b Startup Accelerator.job => C:\Program Files\MATLAB\R2014b\bin\win64\MATLABStartupAccelerator.exe
==================== Loaded Modules (Whitelisted) ==============
2013-12-18 15:42 - 2015-04-09 02:58 - 00012104 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-02-09 00:17 - 2015-04-08 23:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-09 23:04 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-02-08 22:59 - 2010-11-29 05:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-06-09 18:00 - 2015-06-05 21:20 - 01670472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll
2015-06-09 18:00 - 2015-06-05 21:20 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll
2015-06-19 12:14 - 2015-06-19 12:14 - 00050477 _____ () C:\Users\Asterix\Desktop\Defogger.exe
2015-04-23 21:36 - 2015-04-23 21:36 - 00104400 _____ () C:\Program Files\Avast\log.dll
2015-04-23 21:36 - 2015-04-23 21:36 - 00081728 _____ () C:\Program Files\Avast\JsonRpcServer.dll
2015-06-18 16:44 - 2015-06-18 16:44 - 02952704 _____ () C:\Program Files\Avast\defs\15061800\algo.dll
2015-06-19 11:43 - 2015-06-19 11:43 - 02952704 _____ () C:\Program Files\Avast\defs\15061901\algo.dll
2015-04-22 14:56 - 2015-03-28 05:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-12-18 15:42 - 2015-04-09 02:58 - 00012104 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-03-22 10:11 - 2015-03-22 10:11 - 40540672 _____ () C:\Program Files\Avast\libcef.dll
2015-05-31 18:54 - 2013-07-23 16:55 - 00074240 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2015-05-31 18:54 - 2013-07-23 16:52 - 00263168 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2015-02-09 21:27 - 2015-02-09 21:27 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2015-02-08 23:55 - 2010-11-06 00:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1399061574-1972378148-1948253659-1000\...\dell.com -> dell.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1399061574-1972378148-1948253659-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Asterix\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: vpnagent => 2
MSCONFIG\startupfolder: C:^Users^Asterix^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^An OneNote senden.lnk => C:\Windows\pss\An OneNote senden.lnk.Startup
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{F0F38E0C-92B5-48B4-8727-DEBA583FB74E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{FB0CD448-57BF-4F99-908C-BAAC67B19BD0}] => (Allow) C:\Users\Asterix\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{17A74634-C50B-4A8F-ADF7-BB1FC731DBC1}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{4228C4D1-AFF1-4A73-A843-D72FB36E7B79}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{EB528F02-CDB2-41A0-A359-F30263389529}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FCEDFB2A-E993-452C-AF35-B7EC1686E69E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{91E474CB-00C2-47E6-9CA0-5040134CBD95}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C60F2F81-642D-4F2F-8420-D0612177B41F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{044A516B-B7B6-4816-8D12-B144295358A6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{1130765B-A37A-4A9B-ACE9-ACA74E9020F9}C:\program files\matlab\r2014b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2014b\bin\win64\matlab.exe
FirewallRules: [UDP Query User{C6687622-DE6C-4CA0-BE55-B948E7715DB9}C:\program files\matlab\r2014b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2014b\bin\win64\matlab.exe
FirewallRules: [{3D6E55BE-8FAD-4B68-8098-669A442D793C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{46B49EC8-201C-4BE1-929C-732EA1A8E577}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F1FCBEE6-70CC-48C8-A025-0902E368F559}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BD359587-125C-4F17-B78C-9B2DA20EB195}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{F9B53E09-60A9-4381-8665-EF67575A5B44}C:\program files\matlab\r2014b\bin\win64\matlab.exe] => (Block) C:\program files\matlab\r2014b\bin\win64\matlab.exe
FirewallRules: [UDP Query User{0CC42614-DEE5-4BA9-83F8-5F99CF12CC88}C:\program files\matlab\r2014b\bin\win64\matlab.exe] => (Block) C:\program files\matlab\r2014b\bin\win64\matlab.exe
FirewallRules: [{2730EC4D-C728-4F31-8613-82503AEDF58B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{39EB3CF6-F67A-4846-949B-8DE295224DCE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\L.A.Noire\LANLauncher.exe
FirewallRules: [{9B0E8B26-9F76-4D5B-AFA0-C29C959C1D82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\L.A.Noire\LANLauncher.exe
FirewallRules: [{7D34E823-5A39-4182-B4B1-9D2AFCF5938F}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{AAE5B9B6-F18B-4D8F-8977-05C67B272265}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{FB8692CA-C4A4-4AF8-A0C6-B4CF1F6D89CA}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{A97FF55B-57F5-4BD9-B496-D5A547EE6B00}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{2CAA0A5B-9674-4647-A84F-6FAA2D0C3BEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SimCity 4 Deluxe\Apps\SimCity 4.exe
FirewallRules: [{D2D65A6F-B33D-46D8-970E-87BFBAE9A91B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SimCity 4 Deluxe\Apps\SimCity 4.exe
FirewallRules: [{2D0174C9-B5BA-459C-A94E-5CA0E213ED18}] => (Allow) C:\Program Files\Avast\ng\vbox\aswFe.exe
FirewallRules: [{35B07EEC-307E-482B-BC97-FE58250D3118}] => (Allow) C:\Program Files\Avast\ng\vbox\aswFe.exe
FirewallRules: [{42DD3271-26C9-48A1-B21B-FA5A1C49EFEF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{399A6A59-A332-496F-87BF-D11F7DA58F20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{3E43BD59-35FB-4F04-9A3D-CEDF31883ECA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{21B45F72-FA43-4A33-AAC0-1EA17B7995A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{2E347007-3B59-4E39-B042-CAC4EC34CF64}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{93FD7B17-7B05-4F69-922F-AAF5358613A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{6F1B037F-C4D0-4A97-9F5A-FCF5FD4E181B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/18/2015 04:22:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/13/2015 05:46:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.2.929, Zeitstempel: 0x552d3ec4
Name des fehlerhaften Moduls: mbam.exe, Version: 1.0.2.929, Zeitstempel: 0x552d3ec4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001c3fc0
ID des fehlerhaften Prozesses: 0xa8c
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Error: (06/07/2015 00:10:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ZeroConfigService.exe, Version: 16.10.0.0, Zeitstempel: 0x52cda7eb
Name des fehlerhaften Moduls: MurocApi.dll, Version: 16.10.0.0, Zeitstempel: 0x52cda6c5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002bcd8
ID des fehlerhaften Prozesses: 0xbf4
Startzeit der fehlerhaften Anwendung: 0xZeroConfigService.exe0
Pfad der fehlerhaften Anwendung: ZeroConfigService.exe1
Pfad des fehlerhaften Moduls: ZeroConfigService.exe2
Berichtskennung: ZeroConfigService.exe3
Error: (06/07/2015 02:55:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvvsvc.exe, Version: 8.17.13.5012, Zeitstempel: 0x55259cb8
Name des fehlerhaften Moduls: NVSVC64.DLL, Version: 8.17.13.5012, Zeitstempel: 0x55259652
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000009ef50
ID des fehlerhaften Prozesses: 0x570
Startzeit der fehlerhaften Anwendung: 0xnvvsvc.exe0
Pfad der fehlerhaften Anwendung: nvvsvc.exe1
Pfad des fehlerhaften Moduls: nvvsvc.exe2
Berichtskennung: nvvsvc.exe3
Error: (05/31/2015 06:53:26 PM) (Source: NtServicePack) (EventID: 4373) (User: )
Description: WindowsFür diesen Befehl ist nicht genügend Speicher verfügbar.
Error: (05/30/2015 06:44:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm League of Legends.exe, Version 5.10.0.330 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 888
Startzeit: 01d09af56b5abce9
Endzeit: 53
Anwendungspfad: C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.91\deploy\League of Legends.exe
Berichts-ID:
Error: (05/30/2015 05:55:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ZeroConfigService.exe, Version: 16.10.0.0, Zeitstempel: 0x52cda7eb
Name des fehlerhaften Moduls: MurocApi.dll, Version: 16.10.0.0, Zeitstempel: 0x52cda6c5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002bcd8
ID des fehlerhaften Prozesses: 0x8a0
Startzeit der fehlerhaften Anwendung: 0xZeroConfigService.exe0
Pfad der fehlerhaften Anwendung: ZeroConfigService.exe1
Pfad des fehlerhaften Moduls: ZeroConfigService.exe2
Berichtskennung: ZeroConfigService.exe3
Error: (05/28/2015 10:47:08 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485933
Error: (05/28/2015 10:47:08 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x5; CorrelationId: {E0E428CB-E8F4-46AF-B7E9-3F966A95E6FC}
Error: (05/26/2015 05:50:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LolClient.exe, Version: 0.0.0.0, Zeitstempel: 0x515663e0
Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 3.7.0.1530, Zeitstempel: 0x5156646c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0006dd76
ID des fehlerhaften Prozesses: 0x18dc
Startzeit der fehlerhaften Anwendung: 0xLolClient.exe0
Pfad der fehlerhaften Anwendung: LolClient.exe1
Pfad des fehlerhaften Moduls: LolClient.exe2
Berichtskennung: LolClient.exe3
System errors:
=============
Error: (06/19/2015 11:40:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (06/19/2015 11:40:14 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MBAMScheduler erreicht.
Error: (06/18/2015 07:46:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (06/18/2015 07:46:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MBAMScheduler erreicht.
Error: (06/15/2015 08:03:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (06/15/2015 08:03:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MBAMService erreicht.
Error: (06/15/2015 08:02:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (06/15/2015 08:02:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MBAMScheduler erreicht.
Error: (06/13/2015 05:45:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Intel(R) PROSet/Wireless Event Log" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (06/13/2015 05:45:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) PROSet/Wireless Event Log erreicht.
Microsoft Office:
=========================
Error: (06/18/2015 04:22:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files\GermanischerLloyd\Poseidon64\Current\bmf2ansys_2_4.exe.Manifest
Error: (06/13/2015 05:46:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.2.929552d3ec4mbam.exe1.0.2.929552d3ec4c0000005001c3fc0a8c01d0a5eff919a9a6C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe6724e2fd-11e3-11e5-b9b4-14feb5c449f3
Error: (06/07/2015 00:10:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ZeroConfigService.exe16.10.0.052cda7ebMurocApi.dll16.10.0.052cda6c5c0000005000000000002bcd8bf401d0a10a0bbb3d36C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Intel\WiFi\bin\MurocApi.dll6cb424d8-0cfd-11e5-8aed-14feb5c449f3
Error: (06/07/2015 02:55:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvvsvc.exe8.17.13.501255259cb8NVSVC64.DLL8.17.13.501255259652c0000005000000000009ef5057001d0a03de2341fd2C:\Windows\system32\nvvsvc.exeC:\Windows\system32\NVSVC64.DLLe75bfecb-0caf-11e5-a9fb-14feb5c449f3
Error: (05/31/2015 06:53:26 PM) (Source: NtServicePack) (EventID: 4373) (User: )
Description: WindowsFür diesen Befehl ist nicht genügend Speicher verfügbar.
Error: (05/30/2015 06:44:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: League of Legends.exe5.10.0.33088801d09af56b5abce953C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.91\deploy\League of Legends.exe
Error: (05/30/2015 05:55:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ZeroConfigService.exe16.10.0.052cda7ebMurocApi.dll16.10.0.052cda6c5c0000005000000000002bcd88a001d09af0eab35891C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Intel\WiFi\bin\MurocApi.dll4584bf50-06e4-11e5-87f4-14feb5c449f3
Error: (05/28/2015 10:47:08 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485933
Error: (05/28/2015 10:47:08 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x5; CorrelationId: {E0E428CB-E8F4-46AF-B7E9-3F966A95E6FC}
Error: (05/26/2015 05:50:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LolClient.exe0.0.0.0515663e0Adobe AIR.dll3.7.0.15305156646cc00000050006dd7618dc01d097cba4c4f969C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.144\deploy\LolClient.exeC:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.144\deploy\Adobe AIR\Versions\1.0\Adobe AIR.dllfb43f535-03be-11e5-87f0-14feb5c449f3
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 34%
Total physical RAM: 8086.17 MB
Available physical RAM: 5294.24 MB
Total Pagefile: 16170.54 MB
Available Pagefile: 13124.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:377.32 GB) (Free:270.93 GB) NTFS
Drive d: (Daten) (Fixed) (Total:218.75 GB) (Free:167.59 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: E7D5FB28)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=377.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218.8 GB) - (Type=07 NTFS)
==================== End of log ============================
--- --- ---
die
Gmer -Logdatei,
Code:
Alles auswählen Aufklappen ATTFilter
GMER Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-06-19 12:31:59
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.MC00 596,17GB
Running: Gmer-19357.exe; Driver: C:\Users\Asterix\AppData\Local\Temp\pwldrpog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1356] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000771aa3e0 7 bytes JMP 000000016fff0228
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1356] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771b3f00 5 bytes JMP 000000016fff0180
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1356] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771cffd0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1356] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771df350 5 bytes JMP 000000016fff0110
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1356] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077209aa0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1356] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077219530 5 bytes JMP 000000016fff0148
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1356] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077238850 7 bytes JMP 000000016fff01f0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1356] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3c2db0 5 bytes JMP 000007fffd3b0180
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1356] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3c37d0 7 bytes JMP 000007fffd3b00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1356] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3ca410 2 bytes JMP 000007fffd3b0110
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1356] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd3ca413 2 bytes [FE, FF]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1356] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3caec0 6 bytes JMP 000007fffd3b0148
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1356] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd897490 11 bytes JMP 000007fffd3b0228
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1356] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd8abf00 7 bytes JMP 000007fffd3b0260
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1356] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff5689e0 8 bytes JMP 000007fffd3b01f0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1356] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff56be40 8 bytes JMP 000007fffd3b01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000771aa3e0 7 bytes JMP 000000016fff0228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771b3f00 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771cffd0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771df350 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077209aa0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077219530 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077238850 7 bytes JMP 000000016fff01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3c2db0 5 bytes JMP 000007fffd3b0180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3c37d0 7 bytes JMP 000007fffd3b00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3ca410 2 bytes JMP 000007fffd3b0110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd3ca413 2 bytes [FE, FF]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3caec0 6 bytes JMP 000007fffd3b0148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff5689e0 8 bytes JMP 000007fffd3b01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff56be40 8 bytes JMP 000007fffd3b01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd897490 11 bytes JMP 000007fffd3b0228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1372] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd8abf00 7 bytes JMP 000007fffd3b0260
.text C:\Windows\system32\Dwm.exe[1716] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3c2db0 5 bytes JMP 000007fffd3b0180
.text C:\Windows\system32\Dwm.exe[1716] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3c37d0 7 bytes JMP 000007fffd3b00d8
.text C:\Windows\system32\Dwm.exe[1716] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3ca410 2 bytes JMP 000007fffd3b0110
.text C:\Windows\system32\Dwm.exe[1716] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd3ca413 2 bytes [FE, FF]
.text C:\Windows\system32\Dwm.exe[1716] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3caec0 6 bytes JMP 000007fffd3b0148
.text C:\Windows\system32\Dwm.exe[1716] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff5689e0 8 bytes JMP 000007fffd3b01f0
.text C:\Windows\system32\Dwm.exe[1716] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff56be40 8 bytes JMP 000007fffd3b01b8
.text C:\Windows\system32\Dwm.exe[1716] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef8e7dc88 5 bytes JMP 000007fff8c700d8
.text C:\Windows\system32\Dwm.exe[1716] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef8e7de10 5 bytes JMP 000007fff8c70110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2536] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000771aa3e0 7 bytes JMP 000000016fff0228
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2536] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771b3f00 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2536] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771cffd0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2536] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771df350 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2536] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077209aa0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2536] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077219530 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2536] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077238850 7 bytes JMP 000000016fff01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2536] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3c2db0 5 bytes JMP 000007fffd3b0180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2536] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3c37d0 7 bytes JMP 000007fffd3b00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2536] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3ca410 2 bytes JMP 000007fffd3b0110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2536] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd3ca413 2 bytes [FE, FF]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2536] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3caec0 6 bytes JMP 000007fffd3b0148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2536] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff5689e0 8 bytes JMP 000007fffd3b01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2536] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff56be40 8 bytes JMP 000007fffd3b01b8
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2544] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075b61efe 7 bytes JMP 0000000174833910
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2544] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075b65b9d 7 bytes JMP 0000000174833f90
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2544] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075b713f9 7 bytes JMP 0000000174833ba0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2544] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075b7ea45 7 bytes JMP 0000000174833900
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2544] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c08ea4 7 bytes JMP 00000001748334a0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2544] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c08f29 5 bytes JMP 0000000174833550
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2544] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c09281 5 bytes JMP 00000001748334b0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2544] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076351d29 5 bytes JMP 0000000174833460
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2544] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076351dd7 5 bytes JMP 0000000174833420
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2544] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076352ab1 5 bytes JMP 00000001000a2ac0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2544] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076352d1d 5 bytes JMP 0000000174833250
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2544] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075fa8a29 5 bytes JMP 0000000174832890
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2544] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075fb4572 5 bytes JMP 00000001748331d0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2544] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075fce567 5 bytes JMP 0000000174833240
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2544] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075ff07d7 5 bytes JMP 0000000174832710
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2544] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076007a5c 5 bytes JMP 00000001748331c0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2544] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000760de96b 5 bytes JMP 0000000174832970
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2544] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000760deba5 5 bytes JMP 0000000174832980
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2544] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000751a5ea5 5 bytes JMP 0000000174832850
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2544] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000751d9d0b 5 bytes JMP 00000001748327e0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4252] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000771aa3e0 7 bytes JMP 000000016fff0228
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4252] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771b3f00 5 bytes JMP 000000016fff0180
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4252] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771cffd0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4252] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771df350 5 bytes JMP 000000016fff0110
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4252] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077209aa0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4252] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077219530 5 bytes JMP 000000016fff0148
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4252] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077238850 7 bytes JMP 000000016fff01f0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4252] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3c2db0 5 bytes JMP 000007fffd3b0180
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4252] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3c37d0 7 bytes JMP 000007fffd3b00d8
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4252] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3ca410 2 bytes JMP 000007fffd3b0110
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4252] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd3ca413 2 bytes [FE, FF]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4252] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3caec0 6 bytes JMP 000007fffd3b0148
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4252] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff5689e0 8 bytes JMP 000007fffd3b01f0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4252] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff56be40 8 bytes JMP 000007fffd3b01b8
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4252] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd897490 11 bytes JMP 000007fffd3b0228
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[4252] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd8abf00 7 bytes JMP 000007fffd3b0260
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4900] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000771aa3e0 7 bytes JMP 000000016fff0228
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4900] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771b3f00 5 bytes JMP 000000016fff0180
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4900] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771cffd0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4900] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771df350 5 bytes JMP 000000016fff0110
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4900] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077209aa0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4900] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077219530 5 bytes JMP 000000016fff0148
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4900] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077238850 7 bytes JMP 000000016fff01f0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4900] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3c2db0 5 bytes JMP 000007fffd3b0180
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4900] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3c37d0 7 bytes JMP 000007fffd3b00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4900] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3ca410 2 bytes JMP 000007fffd3b0110
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4900] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd3ca413 2 bytes [FE, FF]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4900] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3caec0 6 bytes JMP 000007fffd3b0148
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4900] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd897490 11 bytes JMP 000007fffd3b0228
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4900] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd8abf00 7 bytes JMP 000007fffd3b0260
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4900] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff5689e0 8 bytes JMP 000007fffd3b01f0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[4900] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff56be40 8 bytes JMP 000007fffd3b01b8
.text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3c2db0 5 bytes JMP 000007fffd3b0180
.text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3c37d0 7 bytes JMP 000007fffd3b00d8
.text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3ca410 2 bytes JMP 000007fffd3b0110
.text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd3ca413 2 bytes [FE, FF]
.text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3caec0 6 bytes JMP 000007fffd3b0148
.text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff5689e0 8 bytes JMP 000007fffd3b01f0
.text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff56be40 8 bytes JMP 000007fffd3b01b8
.text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd897490 11 bytes JMP 000007fffd3b0228
.text C:\Windows\System32\igfxpers.exe[3244] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd8abf00 7 bytes JMP 000007fffd3b0260
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3320] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000771aa3e0 7 bytes JMP 000000016fff0228
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3320] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771b3f00 5 bytes JMP 000000016fff0180
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3320] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771cffd0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3320] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771df350 5 bytes JMP 000000016fff0110
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3320] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077209aa0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3320] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077219530 5 bytes JMP 000000016fff0148
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3320] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077238850 7 bytes JMP 000000016fff01f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3320] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3c2db0 5 bytes JMP 000007fffd3b0180
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3320] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3c37d0 7 bytes JMP 000007fffd3b00d8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3320] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3ca410 2 bytes JMP 000007fffd3b0110
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3320] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd3ca413 2 bytes [FE, FF]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3320] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3caec0 6 bytes JMP 000007fffd3b0148
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3320] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff5689e0 8 bytes JMP 000007fffd3b01f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3320] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff56be40 8 bytes JMP 000007fffd3b01b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3320] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd897490 11 bytes JMP 000007fffd3b0228
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3320] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd8abf00 7 bytes JMP 000007fffd3b0260
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIIKE.EXE[4512] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000771aa3e0 7 bytes JMP 000000016fff0228
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIIKE.EXE[4512] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000771b3f00 5 bytes JMP 000000016fff0180
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIIKE.EXE[4512] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000771cffd0 5 bytes JMP 000000016fff01b8
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIIKE.EXE[4512] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000771df350 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIIKE.EXE[4512] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077209aa0 7 bytes JMP 000000016fff00d8
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIIKE.EXE[4512] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077219530 5 bytes JMP 000000016fff0148
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIIKE.EXE[4512] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077238850 7 bytes JMP 000000016fff01f0
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIIKE.EXE[4512] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3c2db0 5 bytes JMP 000007fffd3b0180
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIIKE.EXE[4512] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3c37d0 7 bytes JMP 000007fffd3b00d8
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIIKE.EXE[4512] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3ca410 2 bytes JMP 000007fffd3b0110
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIIKE.EXE[4512] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd3ca413 2 bytes [FE, FF]
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIIKE.EXE[4512] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3caec0 6 bytes JMP 000007fffd3b0148
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIIKE.EXE[4512] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff5689e0 8 bytes JMP 000007fffd3b01f0
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIIKE.EXE[4512] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff56be40 8 bytes JMP 000007fffd3b01b8
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIIKE.EXE[4512] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd897490 11 bytes JMP 000007fffd3b0228
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIIKE.EXE[4512] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd8abf00 7 bytes JMP 000007fffd3b0260
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3296] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075b61efe 7 bytes JMP 0000000174833910
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3296] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075b65b9d 7 bytes JMP 0000000174833f90
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3296] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075b713f9 7 bytes JMP 0000000174833ba0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3296] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075b7ea45 7 bytes JMP 0000000174833900
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3296] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c08ea4 7 bytes JMP 00000001748334a0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3296] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c08f29 5 bytes JMP 0000000174833550
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3296] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c09281 5 bytes JMP 00000001748334b0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3296] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076351d29 5 bytes JMP 0000000174833460
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3296] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076351dd7 5 bytes JMP 0000000174833420
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3296] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076352ab1 5 bytes JMP 0000000174833560
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3296] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076352d1d 5 bytes JMP 0000000174833250
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3296] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000760de96b 5 bytes JMP 0000000174832970
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3296] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000760deba5 5 bytes JMP 0000000174832980
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3296] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075fa8a29 5 bytes JMP 0000000174832890
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3296] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075fb4572 5 bytes JMP 00000001748331d0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3296] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075fce567 5 bytes JMP 0000000174833240
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3296] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075ff07d7 5 bytes JMP 0000000174832710
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3296] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076007a5c 5 bytes JMP 00000001748331c0
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3296] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000751a5ea5 5 bytes JMP 0000000174832850
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3296] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000751d9d0b 5 bytes JMP 00000001748327e0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4936] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000075b61efe 7 bytes JMP 0000000174833910
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4936] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000075b65b9d 7 bytes JMP 0000000174833f90
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4936] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000075b713f9 7 bytes JMP 0000000174833ba0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4936] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 0000000075b7ea45 7 bytes JMP 0000000174833900
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4936] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000075c08ea4 7 bytes JMP 00000001748334a0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4936] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000075c08f29 5 bytes JMP 0000000174833550
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4936] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000075c09281 5 bytes JMP 00000001748334b0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4936] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076351d29 5 bytes JMP 0000000174833460
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4936] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076351dd7 5 bytes JMP 0000000174833420
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4936] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076352ab1 5 bytes JMP 0000000174833560
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4936] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076352d1d 5 bytes JMP 0000000174833250
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4936] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000760de96b 5 bytes JMP 0000000174832970
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4936] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000760deba5 5 bytes JMP 0000000174832980
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4936] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075fa8a29 5 bytes JMP 0000000174832890
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4936] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075fb4572 5 bytes JMP 00000001748331d0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4936] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075fce567 5 bytes JMP 0000000174833240
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4936] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075ff07d7 5 bytes JMP 0000000174832710
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4936] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076007a5c 5 bytes JMP 00000001748331c0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4936] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000751a5ea5 5 bytes JMP 0000000174832850
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4936] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000751d9d0b 5 bytes JMP 00000001748327e0
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075b61efe 7 bytes JMP 0000000174833910
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075b65b9d 7 bytes JMP 0000000174833f90
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075b68781 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075b713f9 7 bytes JMP 0000000174833ba0
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075b7ea45 7 bytes JMP 0000000174833900
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c08ea4 7 bytes JMP 00000001748334a0
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c08f29 5 bytes JMP 0000000174833550
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c09281 5 bytes JMP 00000001748334b0
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076351d29 5 bytes JMP 0000000174833460
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076351dd7 5 bytes JMP 0000000174833420
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076352ab1 5 bytes JMP 0000000174833560
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076352d1d 5 bytes JMP 0000000174833250
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075fa8a29 5 bytes JMP 0000000174832890
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075fb4572 5 bytes JMP 00000001748331d0
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075fce567 5 bytes JMP 0000000174833240
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075ff07d7 5 bytes JMP 0000000174832710
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076007a5c 5 bytes JMP 00000001748331c0
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000760de96b 5 bytes JMP 0000000174832970
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000760deba5 5 bytes JMP 0000000174832980
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075081401 2 bytes JMP 75b8b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075081419 2 bytes JMP 75b8b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075081431 2 bytes JMP 75c08f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007508144a 2 bytes CALL 75b6489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750814dd 2 bytes JMP 75c08822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750814f5 2 bytes JMP 75c089f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007508150d 2 bytes JMP 75c08718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075081525 2 bytes JMP 75c08ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007508153d 2 bytes JMP 75b7fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075081555 2 bytes JMP 75b868ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007508156d 2 bytes JMP 75c08fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075081585 2 bytes JMP 75c08b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007508159d 2 bytes JMP 75c086dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750815b5 2 bytes JMP 75b7fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750815cd 2 bytes JMP 75b8b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750816b2 2 bytes JMP 75c08ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750816bd 2 bytes JMP 75c08671 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000751a5ea5 5 bytes JMP 0000000174832850
.text C:\Program Files\Avast\avastui.exe[3304] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000751d9d0b 5 bytes JMP 00000001748327e0
.text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4772] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075b61efe 7 bytes JMP 0000000174833910
.text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4772] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075b65b9d 7 bytes JMP 0000000174833f90
.text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4772] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075b713f9 7 bytes JMP 0000000174833ba0
.text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4772] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075b7ea45 7 bytes JMP 0000000174833900
.text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4772] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c08ea4 7 bytes JMP 00000001748334a0
.text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4772] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c08f29 5 bytes JMP 0000000174833550
.text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4772] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c09281 5 bytes JMP 00000001748334b0
.text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4772] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076351d29 5 bytes JMP 0000000174833460
.text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4772] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076351dd7 5 bytes JMP 0000000174833420
.text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4772] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076352ab1 5 bytes JMP 0000000174833560
.text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4772] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076352d1d 5 bytes JMP 0000000174833250
.text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4772] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075fa8a29 5 bytes JMP 0000000174832890
.text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4772] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075fb4572 5 bytes JMP 00000001748331d0
.text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4772] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075fce567 5 bytes JMP 0000000174833240
.text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4772] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075ff07d7 5 bytes JMP 0000000174832710
.text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4772] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076007a5c 5 bytes JMP 00000001748331c0
.text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4772] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000760de96b 5 bytes JMP 0000000174832970
.text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4772] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000760deba5 5 bytes JMP 0000000174832980
.text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4772] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000751a5ea5 5 bytes JMP 0000000174832850
.text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[4772] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000751d9d0b 5 bytes JMP 00000001748327e0
.text C:\Program Files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe[4640] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075b61efe 7 bytes JMP 0000000174833910
.text C:\Program Files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe[4640] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075b65b9d 7 bytes JMP 0000000174833f90
.text C:\Program Files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe[4640] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075b713f9 7 bytes JMP 0000000174833ba0
.text C:\Program Files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe[4640] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075b7ea45 7 bytes JMP 0000000174833900
.text C:\Program Files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe[4640] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c08ea4 7 bytes JMP 00000001748334a0
.text C:\Program Files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe[4640] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c08f29 5 bytes JMP 0000000174833550
.text C:\Program Files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe[4640] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c09281 5 bytes JMP 00000001748334b0
.text C:\Program Files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe[4640] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076351d29 5 bytes JMP 0000000174833460
.text C:\Program Files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe[4640] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076351dd7 5 bytes JMP 0000000174833420
.text C:\Program Files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe[4640] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076352ab1 5 bytes JMP 0000000174833560
.text C:\Program Files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe[4640] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076352d1d 5 bytes JMP 0000000174833250
.text C:\Program Files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe[4640] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075fa8a29 5 bytes JMP 0000000174832890
.text C:\Program Files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe[4640] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075fb4572 5 bytes JMP 00000001748331d0
.text C:\Program Files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe[4640] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075fce567 5 bytes JMP 0000000174833240
.text C:\Program Files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe[4640] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075ff07d7 5 bytes JMP 0000000174832710
.text C:\Program Files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe[4640] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076007a5c 5 bytes JMP 00000001748331c0
.text C:\Program Files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe[4640] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000760de96b 5 bytes JMP 0000000174832970
.text C:\Program Files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe[4640] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000760deba5 5 bytes JMP 0000000174832980
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5372] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3c2db0 5 bytes JMP 000007fffd3b0180
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5372] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3c37d0 7 bytes JMP 000007fffd3b00d8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5372] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3ca410 2 bytes JMP 000007fffd3b0110
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5372] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd3ca413 2 bytes [FE, FF]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5372] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3caec0 6 bytes JMP 000007fffd3b0148
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5372] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff5689e0 8 bytes JMP 000007fffd3b01f0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5372] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff56be40 8 bytes JMP 000007fffd3b01b8
.text C:\Windows\system32\wbem\unsecapp.exe[5852] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd3c2db0 5 bytes JMP 000007fffd3b0180
.text C:\Windows\system32\wbem\unsecapp.exe[5852] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd3c37d0 7 bytes JMP 000007fffd3b00d8
.text C:\Windows\system32\wbem\unsecapp.exe[5852] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd3ca410 2 bytes JMP 000007fffd3b0110
.text C:\Windows\system32\wbem\unsecapp.exe[5852] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefd3ca413 2 bytes [FE, FF]
.text C:\Windows\system32\wbem\unsecapp.exe[5852] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd3caec0 6 bytes JMP 000007fffd3b0148
.text C:\Windows\system32\wbem\unsecapp.exe[5852] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd897490 11 bytes JMP 000007fffd3b0228
.text C:\Windows\system32\wbem\unsecapp.exe[5852] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd8abf00 7 bytes JMP 000007fffd3b0260
.text C:\Windows\system32\wbem\unsecapp.exe[5852] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff5689e0 8 bytes JMP 000007fffd3b01f0
.text C:\Windows\system32\wbem\unsecapp.exe[5852] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff56be40 8 bytes JMP 000007fffd3b01b8
.text C:\Users\Asterix\Desktop\Gmer-19357.exe[1300] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075b61efe 7 bytes JMP 0000000174833910
.text C:\Users\Asterix\Desktop\Gmer-19357.exe[1300] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075b65b9d 7 bytes JMP 0000000174833f90
.text C:\Users\Asterix\Desktop\Gmer-19357.exe[1300] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075b713f9 7 bytes JMP 0000000174833ba0
.text C:\Users\Asterix\Desktop\Gmer-19357.exe[1300] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075b7ea45 7 bytes JMP 0000000174833900
.text C:\Users\Asterix\Desktop\Gmer-19357.exe[1300] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075c08ea4 7 bytes JMP 00000001748334a0
.text C:\Users\Asterix\Desktop\Gmer-19357.exe[1300] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075c08f29 5 bytes JMP 0000000174833550
.text C:\Users\Asterix\Desktop\Gmer-19357.exe[1300] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075c09281 5 bytes JMP 00000001748334b0
.text C:\Users\Asterix\Desktop\Gmer-19357.exe[1300] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076351d29 5 bytes JMP 0000000174833460
.text C:\Users\Asterix\Desktop\Gmer-19357.exe[1300] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076351dd7 5 bytes JMP 0000000174833420
.text C:\Users\Asterix\Desktop\Gmer-19357.exe[1300] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076352ab1 5 bytes JMP 0000000174833560
.text C:\Users\Asterix\Desktop\Gmer-19357.exe[1300] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076352d1d 5 bytes JMP 0000000174833250
.text C:\Users\Asterix\Desktop\Gmer-19357.exe[1300] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000760de96b 5 bytes JMP 0000000174832970
.text C:\Users\Asterix\Desktop\Gmer-19357.exe[1300] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000760deba5 5 bytes JMP 0000000174832980
.text C:\Users\Asterix\Desktop\Gmer-19357.exe[1300] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075fa8a29 5 bytes JMP 0000000174832890
.text C:\Users\Asterix\Desktop\Gmer-19357.exe[1300] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075fb4572 5 bytes JMP 00000001748331d0
.text C:\Users\Asterix\Desktop\Gmer-19357.exe[1300] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075fce567 5 bytes JMP 0000000174833240
.text C:\Users\Asterix\Desktop\Gmer-19357.exe[1300] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075ff07d7 5 bytes JMP 0000000174832710
.text C:\Users\Asterix\Desktop\Gmer-19357.exe[1300] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000076007a5c 5 bytes JMP 00000001748331c0
---- EOF - GMER 2.1 ----
--- --- ---
Anmerkung : Nachdem
Gmer mit dem Scan fertig war und ich meine Antiviren-Programme Avast und
Malwarebytes wieder angeschaltet hatte, konnte ich die Malware-Funde in Malwarebytes
nicht mehr in der Quarantäne finden. Ich habe die Funde auch nicht bewusst gelöscht.
Könnt ihr mir bitte Helfen, mein System wieder sauber und vertrauenswürdig zu machen?
Ein paar Dinge zu meinem Surf-Verhalten und der Historie dieses Systems. Ich hoffe, ihr könnt mir nützliche Tipps geben, um sicherer mit dem PC umzugehen.
-Vor eineinhalb Jahren hatte ich schon einmal Virenprobleme. Ich hatte die Daten auf der Festplatte mit dem Tool
DBAN aus Sorge vor Rootkits komplett gelöscht und das System über eine USB-Installation neu aufgesetzt. Kann Malware dies trotzdem überleben?
-Ich spiele öfters mal League of Legends. Ist es da möglich, sich etwas bösartiges einzufangen?
-Wenn ich auf Gamestar.de unterwegs bin, wird
trotz AdBlock diese Werbung eingeblendet (Anhang). Kann ein Virus diese Werbung anschalten?
-Wie sicher ist der YouTube mp3-Konverter bzw. können in den mp3-Files Viren versteckt sein, obwohl sich die Musik problemlos abspielen lässt?
Ich kopiere auch öfters Dateien aus dem Rechnerpool der Universität auf meinen USB-Stick und dann auf dieses System. Kann man dadurch auch Viren übertragen, sei es durch PDFs oder ein Malware-Programm das sich auf den USB-Stick installiert und beim Einstecken in andere Rechner dort auch weiterinstalliert?
Ich freue mich auf eure Hilfe!
Viele Grüße
AsterixIstDa
19.06.2015, 13:18
Baum-Darstellung