| |
| |||||||
Log-Analyse und Auswertung: Windows7: Excel.EXE ungültiges BildWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
25.07.2015, 09:51
| #1 |
| |  Windows7: Excel.EXE ungültiges Bild Hallo Trojanerboard, ich bekomme seit gestern Abend folgende Fehlermeldungen beim Start von Excel, Word und co und kann mir das nicht erklären, erstens nutze ich meinen Rechner kaum noch und zweitens naja wüsste ich nicht, wo ich mir etwas eingefangen haben könnte:    Von vielen anderen wird das Phänomen auch bei anderen Programmen beschrieben, bei mir nicht. Trotzdem macht mir das ein wenig Schiss. Kaspersky Premium hat die ganze Zeit nicht gemeldet, bis auf gestern Abend: Code:
ATTFilter 24.07.2015 23.30.33 Gefundenes Objekt (datei) wurde gelöscht C:\Documents and Settings\Jan-Niklas\AppData\Local\Temp\CDBurnerXP-updates\cdbxp_setup_4.5.4.5306.exe//data0002 Datei: C:\Documents and Settings\Jan-Niklas\AppData\Local\Temp\CDBurnerXP-updates\cdbxp_setup_4.5.4.5306.exe//data0002 Objektname: not-a-virus:AdWare.Win32.OpenCandy.aa Objekttyp: Adware Zeitpunkt: 24.07.2015, 23:30
24.07.2015 23.30.33 Gefundenes Objekt (datei) wurde gelöscht C:\Documents and Settings\Jan-Niklas\AppData\Local\Temp\CDBurnerXP-updates\cdbxp_setup_4.5.4.5306.exe Datei: C:\Documents and Settings\Jan-Niklas\AppData\Local\Temp\CDBurnerXP-updates\cdbxp_setup_4.5.4.5306.exe Objektname: Objekttyp: Unbekannte Bedrohung Zeitpunkt: 24.07.2015, 23:30
GMER Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-07-25 10:35:37
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1 Samsung_SSD_840_Series rev.DXT06B0Q 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\Admin\AppData\Local\Temp\axdirfow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe[1664] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 00000000772afaf4 5 bytes JMP 00000001730d2e30
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe[1664] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000772b0084 5 bytes JMP 00000001730d2df0
.text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076371401 2 bytes JMP 74e4b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2908] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076371419 2 bytes JMP 74e4b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076371431 2 bytes JMP 74ec8f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007637144a 2 bytes CALL 74e2489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2908] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763714dd 2 bytes JMP 74ec8822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763714f5 2 bytes JMP 74ec89f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2908] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007637150d 2 bytes JMP 74ec8718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076371525 2 bytes JMP 74ec8ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007637153d 2 bytes JMP 74e3fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2908] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076371555 2 bytes JMP 74e468ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007637156d 2 bytes JMP 74ec8fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076371585 2 bytes JMP 74ec8b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2908] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007637159d 2 bytes JMP 74ec86dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763715b5 2 bytes JMP 74e3fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763715cd 2 bytes JMP 74e4b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763716b2 2 bytes JMP 74ec8ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763716bd 2 bytes JMP 74ec8671 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076371401 2 bytes JMP 74e4b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4980] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076371419 2 bytes JMP 74e4b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076371431 2 bytes JMP 74ec8f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007637144a 2 bytes CALL 74e2489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4980] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763714dd 2 bytes JMP 74ec8822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763714f5 2 bytes JMP 74ec89f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4980] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007637150d 2 bytes JMP 74ec8718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076371525 2 bytes JMP 74ec8ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007637153d 2 bytes JMP 74e3fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4980] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076371555 2 bytes JMP 74e468ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007637156d 2 bytes JMP 74ec8fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076371585 2 bytes JMP 74ec8b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4980] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007637159d 2 bytes JMP 74ec86dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763715b5 2 bytes JMP 74e3fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763715cd 2 bytes JMP 74e4b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763716b2 2 bytes JMP 74ec8ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763716bd 2 bytes JMP 74ec8671 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000770b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000770b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000770b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000770b1ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000770b1d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000770b1e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000770b1f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 00000000770b2238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531 00000000770b2683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000770b26a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000770b26c2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000770b271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000770b2788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 4
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000770b2b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 00000000770b2b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000770b306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000770b31f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000770b388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000770b38e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000770b39b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000770b3f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000770b4001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000770b4075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000770b41b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000770b41f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000770b4461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000770b464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 00000000770b4713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 00000000770b4807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 00000000770b4926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 00000000770b4a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 00000000770b4aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000770b4ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000770b4ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000770b4fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000770b5193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000770b5f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198 00000000770b6016 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000770b610e 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000770b62fc 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000770b633d 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000770b6354 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000770b63ac 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 00000000770b6b76 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000770fdc80 8 bytes {JMP QWORD [RIP-0x47949]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000770fde00 8 bytes {JMP QWORD [RIP-0x47ab2]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000770fde30 8 bytes {JMP QWORD [RIP-0x47e20]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770fdf50 8 bytes {JMP QWORD [RIP-0x47c5a]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000770fe000 8 bytes {JMP QWORD [RIP-0x47ef8]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000770fe630 8 bytes {JMP QWORD [RIP-0x47102]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000770fe880 8 bytes {JMP QWORD [RIP-0x47d10]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770ff0e0 8 bytes {JMP QWORD [RIP-0x48d3a]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074b313cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074b3146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074b316d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074b319db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074b319fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[6372] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074b31a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000770b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000770b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000770b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000770b1ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000770b1d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000770b1e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000770b1f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 00000000770b2238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531 00000000770b2683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000770b26a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000770b26c2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000770b271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000770b2788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 4
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000770b2b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 00000000770b2b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000770b306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000770b31f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000770b388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000770b38e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000770b39b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000770b3f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000770b4001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000770b4075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000770b41b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000770b41f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000770b4461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000770b464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 00000000770b4713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 00000000770b4807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 00000000770b4926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 00000000770b4a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 00000000770b4aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000770b4ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000770b4ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000770b4fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000770b5193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000770b5f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198 00000000770b6016 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000770b610e 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000770b62fc 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000770b633d 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000770b6354 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000770b63ac 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 00000000770b6b76 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000770fdc80 8 bytes {JMP QWORD [RIP-0x47949]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000770fde00 8 bytes {JMP QWORD [RIP-0x47ab2]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000770fde30 8 bytes {JMP QWORD [RIP-0x47e20]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770fdf50 8 bytes {JMP QWORD [RIP-0x47c5a]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000770fe000 8 bytes {JMP QWORD [RIP-0x47ef8]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000770fe630 8 bytes {JMP QWORD [RIP-0x47102]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000770fe880 8 bytes {JMP QWORD [RIP-0x47d10]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770ff0e0 8 bytes {JMP QWORD [RIP-0x48d3a]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074b313cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074b3146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074b316d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074b319db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074b319fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6300] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074b31a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000770b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000770b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000770b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000770b1ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000770b1d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000770b1e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000770b1f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 00000000770b2238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531 00000000770b2683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000770b26a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000770b26c2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000770b271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000770b2788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 4
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000770b2b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 00000000770b2b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000770b306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000770b31f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000770b388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000770b38e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000770b39b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000770b3f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000770b4001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000770b4075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000770b41b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000770b41f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000770b4461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000770b464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 00000000770b4713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 00000000770b4807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 00000000770b4926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 00000000770b4a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 00000000770b4aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000770b4ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000770b4ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000770b4fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000770b5193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000770b5f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198 00000000770b6016 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000770b610e 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000770b62fc 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000770b633d 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000770b6354 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000770b63ac 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 00000000770b6b76 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000770fdc80 8 bytes {JMP QWORD [RIP-0x47949]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000770fde00 8 bytes {JMP QWORD [RIP-0x47ab2]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000770fde30 8 bytes {JMP QWORD [RIP-0x47e20]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770fdf50 8 bytes {JMP QWORD [RIP-0x47c5a]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000770fe000 8 bytes {JMP QWORD [RIP-0x47ef8]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000770fe630 8 bytes {JMP QWORD [RIP-0x47102]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000770fe880 8 bytes {JMP QWORD [RIP-0x47d10]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770ff0e0 8 bytes {JMP QWORD [RIP-0x48d3a]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074b313cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074b3146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074b316d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074b319db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074b319fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5956] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074b31a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000770b13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000770b1544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000770b18ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000770b1ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000770b1d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000770b1e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000770b1f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 00000000770b2238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531 00000000770b2683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000770b26a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000770b26c2 8 bytes {JMP 0x10}
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000770b271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000770b2788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 4
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000770b2b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 00000000770b2b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000770b306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 00000000770b31f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000770b388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000770b38e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000770b39b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000770b3f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 00000000770b4001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000770b4075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 00000000770b41b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 00000000770b41f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000770b4461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000770b464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 00000000770b4713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 00000000770b4807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 00000000770b4926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 00000000770b4a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 00000000770b4aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 00000000770b4ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 00000000770b4ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 00000000770b4fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000770b5193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 00000000770b5f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198 00000000770b6016 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000770b610e 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000770b62fc 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000770b633d 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 00000000770b6354 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 00000000770b63ac 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 00000000770b6b76 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000770fdc80 8 bytes {JMP QWORD [RIP-0x47949]}
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000770fde00 8 bytes {JMP QWORD [RIP-0x47ab2]}
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000770fde30 8 bytes {JMP QWORD [RIP-0x47e20]}
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770fdf50 8 bytes {JMP QWORD [RIP-0x47c5a]}
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000770fe000 8 bytes {JMP QWORD [RIP-0x47ef8]}
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000770fe630 8 bytes {JMP QWORD [RIP-0x47102]}
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000770fe880 8 bytes {JMP QWORD [RIP-0x47d10]}
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000770ff0e0 8 bytes {JMP QWORD [RIP-0x48d3a]}
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074b313cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074b3146b 8 bytes {JMP 0xffffffffffffffb0}
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074b316d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074b319db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074b319fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text G:\Download\Gmer-19357.exe[5632] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074b31a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
---- EOF - GMER 2.1 ----
[CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Admin at 2015-07-25 10:09:05
Running from G:\Download
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Admin (S-1-5-21-1548718597-2050854838-366616425-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1548718597-2050854838-366616425-500 - Administrator - Disabled)
Gast (S-1-5-21-1548718597-2050854838-366616425-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1548718597-2050854838-366616425-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ACER ICONIA 3G DRIVER INSTALL (HKLM-x32\...\InstallShield_{582B87B4-BFA2-402F-88CA-986C67AA474A}) (Version: 1.00.0524 - acer)
ACER ICONIA 3G DRIVER INSTALL (x32 Version: 1.00.0524 - acer) Hidden
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
aTube Catcher Version 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
AviSynth (HKLM-x32\...\AviSynth) (Version: 2.6.0 MT - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - Canon Inc.)
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Gameforge Live 2.0.8 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.8 - Gameforge)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
Logitech Gaming Software 8.55 (HKLM\...\Logitech Gaming Software) (Version: 8.55.137 - Logitech Inc.)
Metin2 (HKLM-x32\...\Metin2_is1) (Version: - Gameforge 4D GmbH)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKU\S-1-5-21-1548718597-2050854838-366616425-1000\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
Nero CoverDesigner (HKLM-x32\...\{6F4B3CA0-8872-4F68-B972-E9D5306DCDD3}) (Version: 12.0.02900 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1007 - Nero AG)
Prerequisite installer (x32 Version: 12.0.0010 - Nero AG) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer)
The Elder Scrolls V - Skyrim (HKLM-x32\...\The Elder Scrolls V - Skyrim_is1) (Version: - )
The Elder Scrolls V Skyrim Update 11 (1.8.151.0.7) Deutsche Version 1.00 (HKLM-x32\...\The Elder Scrolls V Skyrim Update 11 (1.8.151.0.7) Deutsche Version 1.00) (Version: - )
Universal Media Server (HKLM-x32\...\Universal Media Server) (Version: 5.1.3 - Universal Media Server)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
15-07-2015 22:24:06 Windows Update
19-07-2015 20:18:55 Windows Update
19-07-2015 21:53:03 Windows Update
20-07-2015 23:14:04 Windows Update
24-07-2015 22:10:25 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {20FBC686-4C17-404D-AA5C-81F48563E72F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-15] (Google Inc.)
Task: {2FFFD800-891B-4525-839C-620C5038EC7A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {69C1643E-F549-4515-9D82-19C023100B2F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {81FC0CC4-CE9F-45C8-898A-F1FC96882F65} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2015-03-04] (Nero AG)
Task: {9EFF7097-A42A-4755-9241-BDAAEB3DDF83} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {B4E79FB5-6C88-49CF-8EDD-9DED3B75F522} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-15] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2014-07-28 20:29 - 2014-07-28 20:29 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-07-28 20:32 - 2014-07-28 20:32 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-07-28 20:29 - 2014-07-28 20:29 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-07-28 20:31 - 2014-07-28 20:31 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-12-14 19:09 - 2013-03-09 15:24 - 01937408 _____ () C:\Program Files (x86)\phoebetria-windows-1.4.0\Phoebetria.exe
2015-07-14 15:30 - 2015-07-13 23:33 - 01670472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
2015-07-14 15:30 - 2015-07-13 23:33 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libegl.dll
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-30 18:12 - 2014-08-30 18:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kpcengine.2.3.dll
2014-12-14 19:09 - 2012-11-21 14:29 - 00011362 _____ () C:\Program Files (x86)\phoebetria-windows-1.4.0\mingwm10.dll
2014-12-14 19:09 - 2012-11-21 14:29 - 00043008 _____ () C:\Program Files (x86)\phoebetria-windows-1.4.0\libgcc_s_dw2-1.dll
2015-07-25 09:57 - 2015-07-25 09:57 - 00008704 _____ () C:\Users\Admin\AppData\Local\Temp\nsgFC4A.tmp\newadvsplash.dll
2015-07-25 09:57 - 2015-07-25 09:57 - 00016384 _____ () C:\Users\Admin\AppData\Local\Temp\nsgFC4A.tmp\registry.dll
2015-06-01 23:40 - 2015-06-01 23:40 - 03350640 _____ () G:\Portable Programme\ThunderbirdPortable\App\thunderbird\mozjs.dll
2015-06-01 23:40 - 2015-06-01 23:40 - 00158832 _____ () G:\Portable Programme\ThunderbirdPortable\App\thunderbird\NSLDAP32V60.dll
2015-06-01 23:40 - 2015-06-01 23:40 - 00023152 _____ () G:\Portable Programme\ThunderbirdPortable\App\thunderbird\NSLDAPPR32V60.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1548718597-2050854838-366616425-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Disc Soft Lite Bus Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iumsvc => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Skype.exe - Verknüpfung.lnk => C:\Windows\pss\Skype.exe - Verknüpfung.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TimeLeft.lnk => C:\Windows\pss\TimeLeft.lnk.Startup
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{6D646AC5-B856-4A6B-896B-556571E86BB8}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{CD210923-008E-476C-BCFF-01C569D52DA0}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{ABAD4A9D-D27C-45D4-B64C-4F8AB68E2269}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{DDF10E7D-189E-402C-BECE-7A650E8F1EB7}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{868E625D-F532-47B1-B4A5-CA00F911E08F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{8A16300A-9CC7-42E5-A560-9D4EC845C224}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7D4A13D2-4DC3-4432-93B9-91348BA678DA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0AA7C04F-84D4-4629-A556-9D1DD4E4E966}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9E3B04EB-F716-43C7-8C46-42F06E3C317B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{36A52F55-EB47-4B50-B39E-9DF45AF1FC4F}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{F03111E0-73C9-4E68-ABBC-93AF850E5125}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{62A5F7AE-35CF-4968-8352-459D4A264AFC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E58DD226-E39B-43BD-A636-01534882627D}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{5B33ED4F-C8CC-43C0-8A17-7B71B3B77FCF}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{5BB0125B-2A3A-4C1B-9383-A1C6FB5E718D}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{57ABA594-3D37-45DA-B701-425D1729972B}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{8EF19007-6289-41F7-867B-BB5166745CD7}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [{15CEF89A-73D4-46AC-A3BA-3759E42B24B4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C75015D9-6F1A-466C-B33F-283465151625}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6464BE4E-DAEF-4F22-9FDD-50EFAF056F9C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9C2D1344-2C22-4D16-B594-5CC9419B40B6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1F383285-5D6C-4CAF-B57E-1CBF2843CE48}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/25/2015 09:59:51 AM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1058, 'StartService', 'Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Ger\xe4ten verbunden.')
Error: (07/25/2015 09:56:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IAStorDataMgrSvc.exe, Version: 11.6.0.1030, Zeitstempel: 0x5042b0f0
Name des fehlerhaften Moduls: ISDI2.dll, Version: 11.6.0.1030, Zeitstempel: 0x5042b0b6
Ausnahmecode: 0xc0000417
Fehleroffset: 0x0004d11f
ID des fehlerhaften Prozesses: 0x1768
Startzeit der fehlerhaften Anwendung: 0xIAStorDataMgrSvc.exe0
Pfad der fehlerhaften Anwendung: IAStorDataMgrSvc.exe1
Pfad des fehlerhaften Moduls: IAStorDataMgrSvc.exe2
Berichtskennung: IAStorDataMgrSvc.exe3
Error: (07/24/2015 10:11:45 PM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1058, 'StartService', 'Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Ger\xe4ten verbunden.')
Error: (07/24/2015 10:10:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
.
Error: (07/24/2015 10:10:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
.
Error: (07/24/2015 10:08:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IAStorDataMgrSvc.exe, Version: 11.6.0.1030, Zeitstempel: 0x5042b0f0
Name des fehlerhaften Moduls: ISDI2.dll, Version: 11.6.0.1030, Zeitstempel: 0x5042b0b6
Ausnahmecode: 0xc0000417
Fehleroffset: 0x0004d11f
ID des fehlerhaften Prozesses: 0x1c8
Startzeit der fehlerhaften Anwendung: 0xIAStorDataMgrSvc.exe0
Pfad der fehlerhaften Anwendung: IAStorDataMgrSvc.exe1
Pfad des fehlerhaften Moduls: IAStorDataMgrSvc.exe2
Berichtskennung: IAStorDataMgrSvc.exe3
Error: (07/22/2015 09:39:10 PM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1058, 'StartService', 'Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Ger\xe4ten verbunden.')
Error: (07/22/2015 09:36:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IAStorDataMgrSvc.exe, Version: 11.6.0.1030, Zeitstempel: 0x5042b0f0
Name des fehlerhaften Moduls: ISDI2.dll, Version: 11.6.0.1030, Zeitstempel: 0x5042b0b6
Ausnahmecode: 0xc0000417
Fehleroffset: 0x0004d11f
ID des fehlerhaften Prozesses: 0x13ac
Startzeit der fehlerhaften Anwendung: 0xIAStorDataMgrSvc.exe0
Pfad der fehlerhaften Anwendung: IAStorDataMgrSvc.exe1
Pfad des fehlerhaften Moduls: IAStorDataMgrSvc.exe2
Berichtskennung: IAStorDataMgrSvc.exe3
Error: (07/20/2015 11:14:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
.
Error: (07/20/2015 11:14:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
.
System errors:
=============
Error: (07/25/2015 09:56:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage-Technologie" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/24/2015 10:08:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage-Technologie" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/22/2015 09:36:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage-Technologie" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/20/2015 10:19:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage-Technologie" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/19/2015 08:17:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage-Technologie" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/16/2015 12:24:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage-Technologie" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/16/2015 09:43:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage-Technologie" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/16/2015 09:40:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kaspersky Anti-Virus Service 15.0.1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/15/2015 04:38:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage-Technologie" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/15/2015 04:36:47 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 15.07.2015 um 13:58:21 unerwartet heruntergefahren.
Microsoft Office:
=========================
Error: (07/25/2015 09:59:51 AM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1058, 'StartService', 'Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Ger\xe4ten verbunden.')
Error: (07/25/2015 09:56:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IAStorDataMgrSvc.exe11.6.0.10305042b0f0ISDI2.dll11.6.0.10305042b0b6c00004170004d11f176801d0c6af7623d77aC:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\ISDI2.dllb4827cf4-32a2-11e5-96c3-bc5ff46ee591
Error: (07/24/2015 10:11:45 PM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1058, 'StartService', 'Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Ger\xe4ten verbunden.')
Error: (07/24/2015 10:10:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
Error: (07/24/2015 10:10:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
Error: (07/24/2015 10:08:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IAStorDataMgrSvc.exe11.6.0.10305042b0f0ISDI2.dll11.6.0.10305042b0b6c00004170004d11f1c801d0c64c89f82b03C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\ISDI2.dllc8db4aaf-323f-11e5-8618-bc5ff46ee591
Error: (07/22/2015 09:39:10 PM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1058, 'StartService', 'Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Ger\xe4ten verbunden.')
Error: (07/22/2015 09:36:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IAStorDataMgrSvc.exe11.6.0.10305042b0f0ISDI2.dll11.6.0.10305042b0b6c00004170004d11f13ac01d0c4b5a7121d64C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\ISDI2.dlle544b0d3-30a8-11e5-9f7b-bc5ff46ee591
Error: (07/20/2015 11:14:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
Error: (07/20/2015 11:14:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
CodeIntegrity Errors:
===================================
Date: 2015-03-10 22:33:21.030
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-10 22:33:21.030
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-10 22:33:21.030
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-10 22:33:21.030
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-10 22:33:21.030
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-10 22:33:21.029
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-09 22:58:22.182
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-09 22:58:22.181
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-09 22:58:22.180
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-03-09 22:58:22.172
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 33%
Total physical RAM: 8131.52 MB
Available physical RAM: 5381.34 MB
Total Virtual: 16261.24 MB
Available Virtual: 12791.63 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.79 GB) (Free:51.72 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive g: (Seagate Barracuda) (Fixed) (Total:931.51 GB) (Free:272.91 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 635DE8BB)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=42)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 635DE8B3)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
==================== End of log ============================
Ich hoffe, Ihr könnt mir helfen und ich bedanke mich im Voraus schon mal. |
| Themen zu Windows7: Excel.EXE ungültiges Bild |
| appdata, bild, bytes, code, datei, download, driver, excel, folge, harddisk, ide, internet, logitech, not-a-virus, programme, rechner, scan, security, setup, software, start, system, system32, temp, windows |
Baum-Darstellung