Windows 7 SP1 Outlook versendet Mails an Adressbuch

brbrb83 · 10.11.2015, 11:07

Hallo zusammen,

ich kümmere mich für einen Freund um sein oben beschriebenes Problem, also verzeiht wenn ich mich ggf. mal "dumm" anstelle, aber ich versuch mal möglichst vollständig zu erklären.

Der Mailaccount scheint in unregelmässigen Abständen Spam Mails an Adressen, sowohl aus dem Adressbuch, als auch an Adressen die in empfangenen Mails im CC waren (also solche die er gar nicht verwendet und auch nicht in seinem Adressbuch hinterlegt sind...)
Meistens lauten die Mails etwa so:

"New Message

Hello! New message.. etc. und ein link der verwendet werden soll"
oft noch mit einem Namen signiert der auch aus den Mails oder dem Adressbuch stammt."

Die Passwörter wurden geändert.
Kaspersky Internet Security
Malwarebytes Anti-Malware

wurden angewendet, haben auch einige "Infektionen" entdeckt und vermeintlich entfernt.

Es war eine zeitlang Ruhe und seit gestern kommen wieder diese Mails an (auch bei mir, habe ihn drauf aufmerksam geamcht und er bat mich um Hilfe, also schau ich was ich tun kann)

Ich bin durch google auf "martina1976" thread auf euch aufmerksam geworden, klingt sehr ähnlich.

Angehängt findet ihr alle Logs die ich bis jetzt "produziert" habe.
(Der GMRlog ist mit 121kb zu groß, was tu ich? zippen?

Ich muss dazusagen dass er den Rechner als Selbstständiger nutzt (IT Abteilung gibts aber keine

Ich werd ihm die Spendensache nahelegen

VLG

Stefan

cosinus · 10.11.2015, 11:14

Hi und

Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

brbrb83 · 13.11.2015, 10:03

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:31-10-2015
durchgeführt von RN (2015-11-04 11:57:19)
Gestartet von C:\Users\RN\Desktop
Windows 7 Professional Service Pack 1 (X64) (2012-01-24 14:18:08)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-629771004-421938228-456569351-500 - Administrator - Disabled)
Gast (S-1-5-21-629771004-421938228-456569351-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-629771004-421938228-456569351-1002 - Limited - Enabled)
RN (S-1-5-21-629771004-421938228-456569351-1000 - Administrator - Enabled) => C:\Users\RN

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Kaspersky Internet Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Internet Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat X Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.8 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.0.19460 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 9 (HKLM-x32\...\PremElem90) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
AGFEO TK-ServiceProvider3 3.0 (08) (HKLM-x32\...\InstallShield_{1AA8907F-5899-4DF9-8748-9DF89AF83B26}) (Version: 3.00.0008 - AGFEO)
AGFEO TK-Suite Basic 3 (HKLM-x32\...\tksuite_tksuite_basic) (Version:  - AGFEO)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft WebCam Companion 4 (HKLM-x32\...\{B77DE05C-7C84-4011-B93F-A29D0D2840F4}) (Version: 4.0.444 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{B092BB55-6CE5-A4D7-1A24-13B68C8A1911}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
AuthenTec TrueSuite (HKLM\...\{81B43AC9-B334-45D0-8D15-0A3642AFBDA1}) (Version: 4.0.100.26 - AuthenTec, Inc.)
AuthenTec WinBio FingerPrint Software (HKLM\...\{20F5F93B-9A27-4508-87B0-BFD7494FBEC4}) (Version: 3.1.0.80 - AuthenTec, Inc.)
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-6890CDW (HKLM-x32\...\{F9626826-162E-4EFD-9440-3F3B8317C097}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Complemento Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.4308.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Doplnok programu Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Evernote v. 4.6.6 (HKLM-x32\...\{6146B9DC-C33D-11E2-BDE1-984BE15F174E}) (Version: 4.6.6.8360 - Evernote Corp.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gobi_Firmware (HKLM-x32\...\Gobi_Firmware) (Version:  - )
Google Apps Migration For Microsoft Outlook® 4.0.24.0 (HKLM-x32\...\{A3176E61-AFE6-41A1-9C76-C68EC7DF19A7}) (Version: 4.0.24.0 - Google, Inc.)
Google Apps Sync™ for Microsoft Outlook® 3.7.410.1100 (HKLM-x32\...\{799A7E2B-388F-4BDE-B55B-47AF42C6440A}) (Version: 3.7.410.1100 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HKGELD-2000 Version 1.13 (HKLM-x32\...\HKGELD-2000_is1) (Version:  - Holger Krinke Softwareentwicklung)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{8F1A441E-AD6D-4732-BD6A-F38D5F1D1E47}) (Version: 12.0.30.81 - Hewlett-Packard Company)
HW Gobi 3000 Driver 1.08.00.00 (HKLM-x32\...\HW Gobi 3000 Driver) (Version: 1.08.00.00 - Huawei technologies Co., Ltd.)
iCloud (HKLM\...\{4BC310C4-B898-46E2-B5FB-B85A30AA7142}) (Version: 2.0.2.187 - Apple Inc.)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (HKLM\...\{A0E106D2-4815-4B7A-BAA7-7E21B530CFB4}) (Version: 1.1.0.0157 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{0EF86E06-C755-4C6F-8E47-2528D0546C0A}) (Version: 1.1.1.0581 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.)
Java(TM) 6 Update 26 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416026FF}) (Version: 6.0.260 - Oracle)
Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216026FF}) (Version: 6.0.260 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Media Go (HKLM-x32\...\{0F895695-33CC-4203-9C47-25EF2AC9441C}) (Version: 1.7.254 - Sony)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Assistent (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger kísérő (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger-kumppani (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 41.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 de)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OneClick Internet (HKLM-x32\...\OneClickInternet) (Version: 3.0 - OneClick Internet)
PlayStation(R)Network Downloader (HKLM-x32\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.05.00710 - Sony Computer Entertainment Inc.)
PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.1.8.11883 - Sony Computer Entertainment Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pomocnik Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Profi cash (HKLM-x32\...\Profi cash) (Version:  - )
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Direct Connect (x32 Version: 3.0 - Qualcomm Atheros) Hidden
Quick Web Access (HKLM-x32\...\splashtop) (Version: 1.4.7.0 - Sony Corporation)
Quick Web Access (x32 Version: 1.4.7.0 - Sony Corporation) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RealDownloader (x32 Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6225 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.80 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.16.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.16.0 - Renesas Electronics Corporation) Hidden
Roxio Easy Media Creator 10 LJ (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skat! 2000 (HKLM-x32\...\Skat! 2000) (Version:  - )
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartSound Quicktracks for Premiere Elements 9.0 (HKLM-x32\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden
Sony Corporation (Version: 1.0.0 - Default Company Name) Hidden
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
TK-ServiceProvider3 (x32 Version: 3.00.0008 - AGFEO) Hidden
TriDef 3D (Sony) 1.1.3 (HKLM-x32\...\experience-sony-bundle) (Version: 1.1.3 - Dynamic Digital Depth Australia Pty Ltd)
Unlimited Data Manager 9.1.0 (HKLM-x32\...\{A155B015-7FBB-41C1-8277-D88623310F2A}) (Version: 9.1.17491.0 - Swisscom)
V3DPX86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VAIO 3D Portal (HKLM-x32\...\{C14EAE86-C526-4E00-B245-CFF86233C3D2}) (Version: 1.1.1.10182 - Sony Corporation)
VAIO Care (HKLM\...\{4D95D095-8C6F-4357-BDD8-27E295F37FB1}) (Version: 7.3.1.05290 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 5.0.0.07070 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.7.0.05270 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.7.0.05270 - Sony Corporation) Hidden
VAIO Easy Connect (HKLM-x32\...\InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}) (Version: 1.1.2.01120 - Sony Corporation)
VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation) Hidden
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.4.0.06210 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 2.5.0.07080 - Sony Corporation)
VAIO Hero Screensaver - Fall 2011 Screensaver (HKLM-x32\...\VAIO Hero Screensaver - Fall 2011 Screensaver) (Version:  - )
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 1.1.0.06030 - Sony Corporation)
VAIO Improvement Validation (HKLM\...\{75C95C84-264F-4CC7-8A7E-346444E6C7C1}) (Version: 1.0.4.01190 - Sony Corporation)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.10.2.08270 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.1.0.08060 - Sony Corporation)
VAIO*CPU-Lüfterdiagnose (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.0.0.14140 - Sony Corporation)
VAIO-Handbuch (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 1.4.0.05310 - Sony Corporation)
VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.4.0.14230 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Vodafone Mobile Broadband (HKLM-x32\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.2.103.31248 - Vodafone)
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Компаньон Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основи Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Помощник на Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Рупор Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотоколекція Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

27-10-2015 07:51:40 Windows Update
30-10-2015 11:02:47 Windows Update
03-11-2015 10:24:18 Windows Update
04-11-2015 10:26:04 OXtender 2 for Microsoft Outlook wurde entfernt
04-11-2015 10:26:23 Open-Xchange Updater wurde entfernt

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {042BC796-6F2B-440A-B819-B41DB2B98D5C} - System32\Tasks\{704BF242-E5B1-40B7-A6F2-78EDAAA63F11} => C:\Program Files\Folio\VIEWS\autoreg.exe [1999-07-07] (Open Market, Inc.)
Task: {0B723FEB-BC6C-4709-B901-54C26A59CB71} - System32\Tasks\{3BD10BB2-1D93-4FFF-B6E2-06CEE070D25E} => C:\Program Files\Folio\VIEWS\autoreg.exe [1999-07-07] (Open Market, Inc.)
Task: {1D4E1C9A-D3FB-4282-88B9-870E2F14EC5E} - System32\Tasks\{23921B14-840C-4593-8D65-F378CAAF6372} => C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
Task: {25D0AF7F-0C3F-4B07-A88B-F235EF3E0C6D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {27375D11-D05A-4724-AC34-AC5CCCB039B5} - System32\Tasks\{D927B760-1FDB-4C29-BBFF-3FAA89302D82} => C:\Program Files (x86)\Swisscom\Unlimited Data Manager\LSCAGui.exe [2009-12-10] (Swisscom)
Task: {273E6C80-C376-49A6-8C44-E9A4327219ED} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2011-05-31] (Sony Corporation)
Task: {30CBB8EB-8A6E-40AB-AB96-CDC2C910FFD4} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-06-03] (Sony Corporation)
Task: {34CA434F-3948-4545-9968-E4A5C57DA3A4} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2011-05-31] (Sony Corporation)
Task: {3B76A9FA-3261-4F91-8683-F026B58897E3} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-05-28] (Sony Corporation)
Task: {3FD464EB-40B2-40CF-A4E1-C1C41DFFA006} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2011-05-31] (Sony Corporation)
Task: {43262371-302D-4C66-9626-43725CC66B6C} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {4A05549D-3098-4035-A11A-A9188ECAE343} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2015-08-06] (Sony Corporation)
Task: {4AD8B573-0860-4035-BE33-6B276788ADCA} - System32\Tasks\{6D6CFDC8-AE5D-455E-B458-E6714110028C} => C:\Program Files\Folio\VIEWS\Views.exe [1999-07-07] (Open Market, Inc.)
Task: {4B51305F-A2BD-467D-80D4-498C4147E65E} - System32\Tasks\{7B0CD936-E580-493F-9E53-3EF6ABA58A5B} => C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
Task: {53421975-03EA-4651-9A72-0A72D36AE985} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-19] (Adobe Systems Incorporated)
Task: {69E81D7C-2FC1-4A25-864A-214F0D148365} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-05-28] (Sony Corporation)
Task: {6AD56CAC-D039-42CF-B02D-D7E57B5AE7A6} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2011-07-07] (Sony Corporation)
Task: {72551026-EC25-4D98-B1D1-2474D5513008} - System32\Tasks\{4A6DF2F5-5F89-40BB-A1EA-1A95850D4309} => C:\Program Files (x86)\Swisscom\Unlimited Data Manager\LSCAGui.exe [2009-12-10] (Swisscom)
Task: {780CCCF0-C89A-458E-9836-7DD6F268917E} - System32\Tasks\{0BDC0653-40BE-4E0E-A851-9262F88524D6} => pcalua.exe -a "C:\Program Files (x86)\Profi cash\wpc.exe" -d "C:\Program Files (x86)\Profi cash"
Task: {8AD47E61-9E97-4A3F-99A8-1F8B1F27EBEF} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-05-28] (Sony Corporation)
Task: {928FF47E-A964-43AA-BCA6-6F9475F85C32} - System32\Tasks\Sony Corporation\VAIO Care\AutoCheckMessage => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-05-28] (Sony Corporation)
Task: {95A6AF68-92D5-416C-B157-6C59D115E9F9} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-629771004-421938228-456569351-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {9DDE2E9C-3D24-45F7-8367-9F7CF9F8BD07} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-629771004-421938228-456569351-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {A16D2C88-AD33-4A0F-8F20-AEE1D4C74496} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {A2ABC8F6-E6A6-4273-A70D-7B50526A82B8} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2011-07-07] (Sony Corporation)
Task: {A36AFC4A-41D3-452C-800D-7B72B3FDF72B} - System32\Tasks\{E22DBA27-B2DC-4334-B101-085DE8033C12} => C:\Program Files (x86)\DATA BECKER\Skat! 2000\Skat2000.exe [1999-04-12] (Nitro Software)
Task: {A3E4DB34-7467-4FC4-A495-F6E7E71C1736} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-629771004-421938228-456569351-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {A8584F27-56CE-4DCB-AB36-43239E7E94D2} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-05-28] (Sony Corporation)
Task: {CB0DFF8A-DAE3-4282-86C7-895DA221AF0B} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-05-28] (Sony Corporation)
Task: {CD181261-0FE2-46CE-B012-306B14DC8A7B} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2015-07-31] (Sony Corporation)
Task: {CD4A9518-2385-4036-94C9-DE5B0F739B13} - System32\Tasks\Sony Corporation\VAIO Care\VAU => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-05-28] (Sony Corporation)
Task: {CFBC7E45-B457-409A-BD08-B7AB3C557EFF} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2011-06-21] (Sony Corporation)
Task: {D912F617-0489-4179-B9D2-4E69A41669F8} - System32\Tasks\Sony Corporation\VAIO Update\VUSU Trigger Task => C:\Program Files\Sony\VAIO Update\VUSUTrigger.exe [2015-07-31] (Sony Corporation)
Task: {E5B0F962-18E4-4770-9D54-BA267282B397} - System32\Tasks\{0F53B566-1A90-4F37-A734-AFDB4081E767} => C:\Program Files (x86)\Swisscom\Unlimited Data Manager\LSCAGui.exe [2009-12-10] (Swisscom)
Task: {E813201E-791D-490A-82B7-E7D61CBA829B} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2011-06-21] (Sony Corporation)
Task: {F101339A-DDBC-45BC-949D-B03E701E40E2} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-629771004-421938228-456569351-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {F3DDE86B-EF48-460E-8D22-11E491C049A8} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => C:\Program Files\Sony\VAIO Smart Network\VSNClient
Task: {FD855713-29BE-434B-8E6C-93AB95D35ABE} - System32\Tasks\Sony Corporation\VAIO Improvement Validation\VAIO Improvement Validation => C:\Program Files\Sony\VAIO Improvement Validation\viv.exe [2011-01-20] (Sony Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2011-05-02 12:41 - 2011-05-02 12:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-04-16 02:07 - 2013-04-16 02:07 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-05-15 13:53 - 2005-04-22 12:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2011-09-02 05:18 - 2011-03-09 11:40 - 00342984 ____N () C:\Program Files (x86)\OneClickInternet\WTGService.exe
2012-09-08 02:32 - 2012-09-08 02:32 - 00943504 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2011-05-02 12:41 - 2011-05-02 12:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-07-20 01:29 - 2011-07-19 23:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-04-11 16:04 - 2011-04-11 16:04 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-10-11 06:55 - 2011-10-11 06:55 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-05-15 10:08 - 2012-05-15 10:08 - 00320512 _____ () C:\Program Files\Sony\VAIO Care\CRM\ManagedVAIORecoveryMedia.dll
2012-05-15 10:08 - 2012-05-15 10:08 - 00179712 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIORecovery.dll
2012-05-15 10:08 - 2012-05-15 10:08 - 00054784 _____ () C:\Program Files\Sony\VAIO Care\CRM\Logging.dll
2012-05-15 10:08 - 2012-05-15 10:08 - 00061440 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOCommon.dll
2012-05-15 10:08 - 2012-05-15 10:08 - 00192000 _____ () C:\Program Files\Sony\VAIO Care\CRM\OsServices.dll
2012-05-15 10:08 - 2012-05-15 10:08 - 00037376 _____ () C:\Program Files\Sony\VAIO Care\CRM\PluginFactory.dll
2012-05-15 10:08 - 2012-05-15 10:08 - 02229760 _____ () C:\Program Files\Sony\VAIO Care\CRM\RecoveryPartitionManager.dll
2012-05-15 10:08 - 2012-05-15 10:08 - 00035840 _____ () C:\Program Files\Sony\VAIO Care\CRM\XMLTools.dll
2012-05-15 10:08 - 2012-05-15 10:08 - 00055296 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOInstallAppsDrivers.dll
2012-05-15 10:08 - 2012-05-15 10:08 - 00137728 _____ () C:\Program Files\Sony\VAIO Care\CRM\InstallDB.dll
2012-05-15 10:08 - 2012-05-15 10:08 - 00134144 _____ () C:\Program Files\Sony\VAIO Care\CRM\InstallationTools.dll
2012-05-15 10:08 - 2012-05-15 10:08 - 00024064 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOUtility.dll
2011-11-30 17:49 - 2011-11-30 17:49 - 00276992 _____ () C:\Program Files\Sony\VAIO Care\READ\RecoveryPartitionManagerREAD.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-08 22:18 - 2015-07-08 22:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\kpcengine.2.3.dll
2009-05-08 06:45 - 2009-05-08 06:45 - 00057344 ____R () C:\Program Files (x86)\Swisscom\Sesam\BIN\boost_thread-vc80-mt-1_39.dll
2009-05-08 06:32 - 2009-05-08 06:32 - 00057344 ____R () C:\Program Files (x86)\Swisscom\Sesam\BIN\boost_date_time-vc80-mt-1_39.dll
2009-05-08 06:43 - 2009-05-08 06:43 - 00577536 ____R () C:\Program Files (x86)\Swisscom\Unlimited Data Manager\boost_regex-vc80-mt-1_39.dll
2009-05-08 06:45 - 2009-05-08 06:45 - 00057344 ____R () C:\Program Files (x86)\Swisscom\Unlimited Data Manager\boost_thread-vc80-mt-1_39.dll
2009-05-08 06:32 - 2009-05-08 06:32 - 00057344 ____R () C:\Program Files (x86)\Swisscom\Unlimited Data Manager\boost_date_time-vc80-mt-1_39.dll
2009-05-08 06:43 - 2009-05-08 06:43 - 00229376 ____R () C:\Program Files (x86)\Swisscom\Unlimited Data Manager\boost_serialization-vc80-mt-1_39.dll
2009-05-08 06:32 - 2009-05-08 06:32 - 00077824 ____R () C:\Program Files (x86)\Swisscom\Unlimited Data Manager\boost_filesystem-vc80-mt-1_39.dll
2009-05-08 06:32 - 2009-05-08 06:32 - 00012800 ____R () C:\Program Files (x86)\Swisscom\Unlimited Data Manager\boost_system-vc80-mt-1_39.dll
2009-09-09 13:08 - 2009-09-09 13:08 - 00438272 ____R () C:\Program Files (x86)\Swisscom\Unlimited Data Manager\sqlite.dll
2011-09-02 04:51 - 2011-07-07 14:44 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Control Center\VESBasePS.dll
2013-09-03 14:54 - 2013-09-03 14:54 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
2011-04-19 16:12 - 2011-04-19 16:12 - 00308736 _____ () C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.View.Taskbar.dll
2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2012-05-15 13:53 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-10-21 09:48 - 2014-10-21 09:48 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b2363cf94faf59386ab4778a39c16e2b\IsdiInterop.ni.dll
2011-09-02 04:40 - 2011-05-20 09:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-09-03 14:54 - 2013-09-03 14:54 - 02897280 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\PDFMaker\Common\AdobePDFMakerX.dll
2013-09-03 14:54 - 2013-09-03 14:54 - 01446400 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\PDFMaker\AdobePDFMakerX.DEU
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-629771004-421938228-456569351-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\RN\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{A2024D5F-1F74-41C2-A465-143DC23B3032}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{B3E50997-210F-4A8D-9262-C60C463B93BB}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{4B08EECE-EBA9-4065-8B2A-1251A7588269}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{844BAA4E-27AB-4F17-B691-AC9037CE7CEA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{31FC183A-1BEB-45DA-AE79-FE82308CB535}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C3904BD3-8AF2-4912-A98B-A56E8B04AAC0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2AB86791-6F3E-4FD7-9246-067B8D9172C4}] => (Allow) LPort=2869
FirewallRules: [{C2F25B2F-F8AD-4379-BD3B-C3467D034CC7}] => (Allow) LPort=1900
FirewallRules: [{FEB180D1-F917-40A3-AFFC-032742F37FBF}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{0D66EE01-BBD5-4924-92E6-115D289EA166}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{98308005-4E3A-42F6-92F5-B700051BB4AB}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{0924CD62-66EF-4ACA-9C04-E3918CCA4C69}] => (Allow) C:\Program Files (x86)\Brother\Brmfl08z\FAXRX.exe
FirewallRules: [{9231C317-6F99-4D45-8760-9637C55D850F}] => (Allow) C:\Program Files (x86)\Brother\Brmfl08z\FAXRX.exe
FirewallRules: [{B97C3A6D-368A-429B-9210-83DB2AB5E44D}] => (Allow) LPort=54925
FirewallRules: [TCP Query User{79E2143C-D46E-4E62-A3CE-ADB14E9B55F7}C:\program files (x86)\agfeo\tk-suite-basic\tools\ctimon.exe] => (Allow) C:\program files (x86)\agfeo\tk-suite-basic\tools\ctimon.exe
FirewallRules: [UDP Query User{E2758199-F2C9-40D3-9ABC-F4F2259BEDE5}C:\program files (x86)\agfeo\tk-suite-basic\tools\ctimon.exe] => (Allow) C:\program files (x86)\agfeo\tk-suite-basic\tools\ctimon.exe
FirewallRules: [TCP Query User{C8905032-17D5-4438-8C28-304362458153}C:\program files (x86)\agfeo\tk-suite-basic\tkserver\tksock.exe] => (Allow) C:\program files (x86)\agfeo\tk-suite-basic\tkserver\tksock.exe
FirewallRules: [UDP Query User{09B12AC7-F215-4E1A-B4D6-0F9CD001B2B7}C:\program files (x86)\agfeo\tk-suite-basic\tkserver\tksock.exe] => (Allow) C:\program files (x86)\agfeo\tk-suite-basic\tkserver\tksock.exe
FirewallRules: [TCP Query User{28340889-A4BD-4297-B6CC-5D8317AD5478}C:\program files (x86)\agfeo\tk-suite-basic\tkserver\tkmedia.exe] => (Allow) C:\program files (x86)\agfeo\tk-suite-basic\tkserver\tkmedia.exe
FirewallRules: [UDP Query User{E7A5DF84-DEC8-40BE-A468-A512D61C2FBB}C:\program files (x86)\agfeo\tk-suite-basic\tkserver\tkmedia.exe] => (Allow) C:\program files (x86)\agfeo\tk-suite-basic\tkserver\tkmedia.exe
FirewallRules: [{D04DBFC6-2C3E-4204-A1F0-C8A2F2E7672A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{76E48C4F-86B8-406B-B617-D8A840EBDF43}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4839BF58-BE97-49F9-BBF0-64DF757DF4FA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{824A8454-5A0D-4FD9-8311-84829E253F87}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AD431C62-F50E-497A-ACB2-297C11D8C1E5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2C778B98-7E2A-419D-B558-4B86BF016498}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{A72ADDB4-9898-4A1C-8E7B-B77E0DA314D9}] => (Allow) F:\fsetup.exe
FirewallRules: [{A9B8FD3F-1983-4C07-8885-AB7425010ED6}] => (Allow) F:\fsetup.exe
FirewallRules: [{03F9A1BF-3C7D-4B13-893C-FAB9FAC21AFA}] => (Allow) C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe
FirewallRules: [{76F37E97-391D-4087-8BEA-5B6645733136}] => (Allow) C:\Program Files\Sony\VAIO Smart Network\WFDA\WiFiDirectApplication.exe
FirewallRules: [{E3547BEB-BCA0-4CB4-90DC-B5861A698007}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5F99F771-AE0E-4AE4-B284-3A1DB86EDB52}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{65DC1032-FA0F-4BDC-A4EA-800E9928BA80}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{C96C1704-345F-4766-93F2-03FAF6603189}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{68CE0C5B-0387-4477-BC0F-25393EC5F687}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{4B0801D2-AA1A-4868-8787-A513D08CE0A3}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{35B43F26-6871-4BE9-A817-B946B9C6141A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{9DF7CC18-461D-427F-A72B-0A271EB8A2C8}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{279504EE-72ED-42D0-AD59-A73DD167FEB3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe] => Enabled:TriDef 3D Media Player

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (11/04/2015 10:27:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/04/2015 10:22:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2015 10:19:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/02/2015 03:41:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/02/2015 08:29:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2015 10:42:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 385447

Error: (11/01/2015 10:42:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 385447

Error: (11/01/2015 10:42:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/01/2015 10:42:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 384449

Error: (11/01/2015 10:42:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 384449


Systemfehler:
=============
Error: (11/04/2015 10:29:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (60000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Upnp Server 10 erreicht.

Error: (11/04/2015 10:28:44 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (11/04/2015 10:27:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/04/2015 10:26:42 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (11/04/2015 10:24:45 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (60000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Upnp Server 10 erreicht.

Error: (11/04/2015 10:23:42 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (11/04/2015 10:22:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/03/2015 06:59:26 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (11/03/2015 06:54:50 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{D4F56BCB-3EF1-4833-A032-3AC5AB9445A0}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (11/03/2015 06:42:49 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{D4F56BCB-3EF1-4833-A032-3AC5AB9445A0}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz
Prozentuale Nutzung des RAM: 43%
Installierter physikalischer RAM: 8107.82 MB
Verfügbarer physikalischer RAM: 4614.89 MB
Summe virtueller Speicher: 16213.86 MB
Verfügbarer virtueller Speicher: 12165.15 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:221.02 GB) (Free:104.64 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 748BC02F)
Partition 1: (Not Active) - (Size=17.4 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=221 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

brbrb83 · 13.11.2015, 10:05

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:31-10-2015
durchgeführt von RN (Administrator) auf RN-VAIO (04-11-2015 11:56:51)
Gestartet von C:\Users\RN\Desktop
Geladene Profile: RN (Verfügbare Profile: RN)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AuthenTec, Inc) C:\Program Files\TrueSuite\TrueSuite.Service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(HUAWEI Technologies Co., Ltd.) C:\Program Files (x86)\Huawei\Gobi\GobiQDLService\GobiQDLService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Swisscom) C:\Program Files (x86)\Swisscom\Sesam\BIN\SecMIPService.exe
(Swisscom) C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\OneClickInternet\WTGService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESGfxMgr.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(AuthenTec, Inc.) C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe
(AuthenTec, Inc.) C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(AuthenTec Inc.) C:\Program Files\TrueSuite\TrueSuite.TouchControl.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(AuthenTec, Inc.) C:\Program Files\TrueSuite\TrueSuite.WebLogOnHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11490408 2011-06-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2179688 2011-06-16] (Realtek Semiconductor)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [226672 2011-06-15] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-09-16] (Adobe Systems Incorporated)
HKLM\...\Run: [ClientAppLogon] => C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe [421192 2011-04-26] (AuthenTec, Inc.)
HKLM\...\Run: [ClientAppLogon32] => C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe [308040 2011-04-26] (AuthenTec, Inc.)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2801288 2011-05-31] (Sony Corporation)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-07-14] (cyberlink)
HKLM-x32\...\Run: [MobileBroadband] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [408576 2011-04-19] (Vodafone)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [Dashboard] => [X]
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-07-06] (RealNetworks, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-629771004-421938228-456569351-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59280 2012-08-29] (Apple Inc.)
HKU\S-1-5-21-629771004-421938228-456569351-1000\...\Run: [OXUpdater] => C:\Users\RN\AppData\Local\Open-Xchange\OXUpdater\OXUpdater.exe
HKU\S-1-5-21-629771004-421938228-456569351-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-629771004-421938228-456569351-1000\...\MountPoints2: {2eeb423e-48dc-11e1-bdf4-f0bf97e161af} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-629771004-421938228-456569351-1000\...\MountPoints2: {2eeb424a-48dc-11e1-bdf4-f0bf97e161af} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-629771004-421938228-456569351-1000\...\MountPoints2: {5b154aea-d7b5-11e1-aee4-f0bf97e161af} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-629771004-421938228-456569351-1000\...\MountPoints2: {98334dfb-868c-11e4-8ac2-f0bf97e161af} - D:\AutoRun.exe
HKU\S-1-5-21-629771004-421938228-456569351-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{0ADCDC11-1BD7-464B-9409-F5DBEC2C61B3}: [NameServer] 139.7.30.125 139.7.30.126
Tcpip\..\Interfaces\{2E1DAA75-B085-4B1A-9B06-7D2B5E3BB622}: [DhcpNameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{B878DA1D-1B2C-4F2F-A404-76F1773EB679}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{D4F56BCB-3EF1-4833-A032-3AC5AB9445A0}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{DBB582F3-B9F9-4AA2-AF0E-096A5C2A0736}: [NameServer] 139.7.30.126 139.7.30.125

Internet Explorer:
==================
HKU\S-1-5-21-629771004-421938228-456569351-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://t-online.de/
HKU\S-1-5-21-629771004-421938228-456569351-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://vaioportal.sony.eu
HKU\S-1-5-21-629771004-421938228-456569351-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-629771004-421938228-456569351-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: TrueSuite WebStore -> {5cb2b77d-c8ca-44db-af20-a7a4df462a12} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\TrueSuite\TrueSuite.IEBHO.dll [2011-04-26] (AuthenTec Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-22] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-10-20] (AO Kaspersky Lab)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-09-02] (Sun Microsystems, Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-04-16] (RealDownloader)
BHO-x32: TrueSuite WebStore -> {5cb2b77d-c8ca-44db-af20-a7a4df462a12} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\TrueSuite\x86\TrueSuite.IEBHO.dll [2011-04-26] (AuthenTec Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2013-05-22] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2011-05-13] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-22] (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-09-03] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-10-20] (AO Kaspersky Lab)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-09-02] (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-09-03] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-22] (Google Inc.)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-10-20] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-09-03] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-22] (Google Inc.)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-10-20] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-629771004-421938228-456569351-1000 -> Kein Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  Keine Datei
Toolbar: HKU\S-1-5-21-629771004-421938228-456569351-1000 -> Kein Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  Keine Datei
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

FireFox:
========
FF ProfilePath: C:\Users\RN\AppData\Roaming\Mozilla\Firefox\Profiles\4ujw1qur.default
FF Homepage: t-online.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-19] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-09-02] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-19] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-04-05] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-09-02] (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [Keine Datei]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-07-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-06-08] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-06-08] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-07-06] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-04-16] (RealDownloader)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2010-12-10] (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2013-09-03] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\RN\AppData\Roaming\Mozilla\Firefox\Profiles\4ujw1qur.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-10-15]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-11-20] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon [2012-01-27] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{E4D8AFFF-DA7C-412F-A976-05ED142C7806}] - C:\Program Files (x86)\Swisscom\Unlimited Data Manager\FireFox_Remote
FF Extension: Unlimited Data Manager - C:\Program Files (x86)\Swisscom\Unlimited Data Manager\FireFox_Remote [2012-08-02] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-07-06] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2015-10-20] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\gcswf32.dll => Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => Keine Datei
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll => Keine Datei
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll => Keine Datei
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\pdf.dll => Keine Datei
CHR Plugin: (TrueSuite) - C:\Users\RN\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokdoppleiafjmfmggefbkghfblaplo\1.0_0\npwebsitelogon.dll => Keine Datei
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll => Keine Datei
CHR Plugin: (Media Go Detector) - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Profile: C:\Users\RN\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (RealDownloader) - C:\Users\RN\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-07-21]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\RN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-15]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2015-10-15] (Kaspersky Lab ZAO)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-06-24] (CyberLink)
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [111776 2011-08-25] (Atheros Communication Inc.) [Datei ist nicht signiert]
R2 FPLService; C:\Program Files\TrueSuite\TrueSuite.Service.exe [294216 2011-04-26] (AuthenTec, Inc)
R2 GobiQDLService; C:\Program Files (x86)\Huawei\Gobi\GobiQDLService\GobiQDLService.exe [318464 2011-03-04] (HUAWEI Technologies Co., Ltd.) [Datei ist nicht signiert]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24888 2015-07-26] (Hewlett-Packard Company)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-06-16] (Realsil Microelectronics Inc.) [Datei ist nicht signiert]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2010-02-24] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2010-02-24] (Sonic Solutions)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [260768 2011-11-30] (Sony Corporation)
R2 SesamService; C:\Program Files (x86)\Swisscom\Sesam\BIN\SecMIPService.exe [1414440 2009-11-16] (Swisscom)
R2 UDM Service; C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe [128296 2009-12-10] (Swisscom)
R2 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9216 2011-04-19] (Vodafone) [Datei ist nicht signiert]
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-08] (AO Kaspersky Lab)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1653272 2015-07-31] (Sony Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTGService; C:\Program Files (x86)\OneClickInternet\WTGService.exe [342984 2011-03-09] ()
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2012-01-27] (Bytemobile, Inc.) [Datei ist nicht signiert]
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-05] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [413696 2011-04-18] (Huawei Technologies Co., Ltd.)
S3 gobi3kfilter; C:\Windows\System32\DRIVERS\gobi3kfilter.sys [34304 2010-12-13] (QUALCOMM Incorporated)
S3 gobi3kmbb; C:\Windows\System32\DRIVERS\gobi3kmbb.sys [399872 2011-04-21] (QUALCOMM Incorporated)
S3 gobi3kserial; C:\Windows\System32\DRIVERS\gobi3kserial.sys [233984 2010-12-13] (QUALCOMM Incorporated)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [181640 2015-10-20] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [227000 2015-10-20] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [940936 2015-10-20] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39096 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-10-15] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 sembbus; C:\Windows\System32\DRIVERS\sembbus.sys [302080 2009-02-18] (MCCI Corporation)
S3 sembcard; C:\Windows\System32\DRIVERS\sembcard.sys [362496 2009-02-18] (MCCI Corporation)
S3 sembmdfl2; C:\Windows\System32\DRIVERS\sembmdfl2.sys [19456 2009-02-18] (MCCI Corporation)
S3 sembmdm2; C:\Windows\System32\DRIVERS\sembmdm2.sys [445952 2009-02-18] (MCCI Corporation)
S3 sembmgmt; C:\Windows\System32\DRIVERS\sembmgmt.sys [370176 2009-02-18] (MCCI Corporation)
S3 sembnd5; C:\Windows\System32\DRIVERS\sembnd5.sys [33792 2009-02-18] (MCCI Corporation)
S3 sembunic; C:\Windows\System32\DRIVERS\sembunic.sys [396800 2009-02-18] (MCCI Corporation)
S3 sembwwan; C:\Windows\System32\DRIVERS\sembwwan.sys [362496 2009-02-18] (MCCI Corporation)
S3 SEMCReserved; C:\Windows\System32\DRIVERS\semcreserved64.sys [22528 2009-02-18] ()
S3 Sony_EricssonWWSC; C:\Windows\System32\DRIVERS\sesc64.sys [17408 2009-02-18] (Sony Ericsson)
R3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [30088 2008-06-18] ()
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2012-01-27] (Bytemobile, Inc.) [Datei ist nicht signiert]
R3 wtsmpadap; C:\Windows\System32\DRIVERS\wtsmpadap.sys [56104 2009-01-30] (Swisscom)
R3 WtSmpFlt; C:\Windows\System32\DRIVERS\wtsmpflt.sys [384808 2009-07-20] (Swisscom)
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-04 11:56 - 2015-11-04 11:57 - 00036866 _____ C:\Users\RN\Desktop\FRST.txt
2015-11-04 11:56 - 2015-11-04 11:56 - 00000000 ____D C:\FRST
2015-11-04 11:55 - 2015-11-04 11:55 - 02198016 _____ (Farbar) C:\Users\RN\Desktop\FRST64.exe
2015-10-25 16:29 - 2015-10-25 16:29 - 00000133 _____ C:\Users\RN\Desktop\Quantenbewußtsein youtube.url
2015-10-25 05:26 - 2015-11-04 10:27 - 00001512 _____ C:\Windows\setupact.log
2015-10-25 05:26 - 2015-10-25 05:26 - 00000000 _____ C:\Windows\setuperr.log
2015-10-24 21:48 - 2015-10-24 21:48 - 00000000 ____D C:\Users\RN\AppData\Local\{1C8E101F-322D-48AF-836A-EC9E1A74D699}
2015-10-21 11:50 - 2015-10-21 11:50 - 00319098 _____ C:\Users\RN\Desktop\photo.php
2015-10-16 16:10 - 2015-10-16 16:10 - 00002200 _____ C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk
2015-10-16 16:10 - 2015-10-16 16:10 - 00001152 _____ C:\Users\Public\Desktop\Shop für Zubehör - HP Officejet Pro 8600.lnk
2015-10-16 16:10 - 2015-10-16 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-10-16 16:10 - 2012-10-17 03:31 - 00741480 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5912.dll
2015-10-16 16:09 - 2015-10-16 16:10 - 00000000 ____D C:\Users\RN\AppData\Local\HP
2015-10-16 16:09 - 2015-10-16 16:09 - 00000057 _____ C:\ProgramData\Ament.ini
2015-10-16 16:09 - 2015-10-16 16:09 - 00000000 ____D C:\ProgramData\HP
2015-10-16 16:09 - 2015-10-16 16:09 - 00000000 ____D C:\Program Files\HP
2015-10-16 16:09 - 2015-10-16 16:09 - 00000000 ____D C:\Program Files (x86)\HP
2015-10-16 16:07 - 2015-10-16 16:07 - 00000000 ____D C:\Users\RN\AppData\Local\Hewlett-Packard
2015-10-16 16:07 - 2015-10-16 16:07 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-10-16 16:05 - 2015-10-16 16:06 - 03774136 _____ (Oleg N. Scherbakov) C:\Users\RN\Downloads\HPSupportSolutionsFramework-12.0.30.81.exe
2015-10-16 13:59 - 2015-10-19 08:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-15 12:45 - 2015-10-15 12:45 - 00000000 ____D C:\Users\RN\AppData\Local\Macromedia
2015-10-15 12:44 - 2015-10-19 08:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-15 12:44 - 2015-10-15 12:50 - 00000000 ____D C:\Users\RN\AppData\Local\Mozilla
2015-10-15 12:44 - 2015-10-15 12:44 - 00001155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-15 12:44 - 2015-10-15 12:44 - 00001143 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-10-15 12:44 - 2015-10-15 12:44 - 00000000 ____D C:\Users\RN\AppData\Roaming\Mozilla
2015-10-15 12:42 - 2015-10-15 12:42 - 00243872 _____ C:\Users\RN\Downloads\Firefox Setup Stub 41.0.1.exe
2015-10-15 12:39 - 2015-10-15 12:39 - 00002442 _____ C:\Users\RN\Desktop\Sicherer Zahlungsverkehr.lnk
2015-10-15 11:50 - 2015-11-04 10:42 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-10-15 11:50 - 2015-10-20 09:54 - 00940936 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2015-10-15 11:50 - 2015-10-20 09:54 - 00181640 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2015-10-15 11:50 - 2015-10-15 11:50 - 00002140 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-10-15 11:50 - 2015-10-15 11:50 - 00000000 ____D C:\Windows\ELAMBKUP
2015-10-15 11:50 - 2015-10-15 11:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-10-15 11:50 - 2015-10-15 11:50 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-10-15 11:50 - 2013-05-06 07:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-10-15 11:36 - 2015-10-15 11:36 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-15 11:35 - 2015-10-15 11:35 - 00001098 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-10-15 11:35 - 2015-10-15 11:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-10-15 11:35 - 2015-10-15 11:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-15 11:35 - 2015-10-15 11:35 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-10-15 11:35 - 2015-10-05 08:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-15 11:35 - 2015-10-05 08:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-15 11:35 - 2015-10-05 08:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-15 11:33 - 2015-10-15 11:34 - 22908888 _____ (Malwarebytes ) C:\Users\RN\Downloads\mbam-setup-org-2.2.0.1024.exe
2015-10-15 11:28 - 2015-10-15 11:29 - 01937280 _____ (Kaspersky Lab) C:\Users\RN\Downloads\kis16.0.0.614de_8295.exe
2015-10-15 09:31 - 2015-09-18 20:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-15 09:31 - 2015-09-18 20:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-15 09:31 - 2015-09-18 20:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-15 09:31 - 2015-09-18 20:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-15 09:31 - 2015-09-18 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-15 09:31 - 2015-09-18 20:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-15 09:31 - 2015-09-18 20:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-14 09:33 - 2015-09-18 20:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-14 09:33 - 2015-09-18 19:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-14 09:33 - 2015-09-16 05:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-14 09:33 - 2015-09-16 05:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-14 09:33 - 2015-09-16 05:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-14 09:33 - 2015-09-16 05:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-14 09:33 - 2015-09-16 05:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-14 09:33 - 2015-09-16 05:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-14 09:33 - 2015-09-16 05:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-14 09:33 - 2015-09-16 05:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-14 09:33 - 2015-09-16 05:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-14 09:33 - 2015-09-16 05:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-14 09:33 - 2015-09-16 05:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-14 09:33 - 2015-09-16 05:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-14 09:33 - 2015-09-16 05:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-14 09:33 - 2015-09-16 05:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-14 09:33 - 2015-09-16 05:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-14 09:33 - 2015-09-16 05:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-14 09:33 - 2015-09-16 05:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-14 09:33 - 2015-09-16 05:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-14 09:33 - 2015-09-16 04:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-14 09:33 - 2015-09-16 04:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-14 09:33 - 2015-09-16 04:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-14 09:33 - 2015-09-16 04:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-14 09:33 - 2015-09-16 04:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-14 09:33 - 2015-09-16 04:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-14 09:33 - 2015-09-16 04:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-14 09:33 - 2015-09-16 04:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-14 09:33 - 2015-09-16 04:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-14 09:33 - 2015-09-16 04:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-14 09:33 - 2015-09-16 04:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-14 09:33 - 2015-09-16 04:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-14 09:33 - 2015-09-16 04:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-14 09:33 - 2015-09-16 04:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-14 09:33 - 2015-09-16 04:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-14 09:33 - 2015-09-16 04:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-14 09:33 - 2015-09-16 04:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-14 09:33 - 2015-09-16 04:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-14 09:33 - 2015-09-16 04:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-14 09:33 - 2015-09-16 04:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-14 09:33 - 2015-09-16 04:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-14 09:33 - 2015-09-16 04:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-14 09:33 - 2015-09-16 04:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-14 09:33 - 2015-09-16 04:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-14 09:33 - 2015-09-16 04:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-14 09:33 - 2015-09-16 04:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-14 09:33 - 2015-09-16 04:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-14 09:33 - 2015-09-16 04:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-14 09:33 - 2015-09-16 04:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-14 09:33 - 2015-09-16 04:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-14 09:33 - 2015-09-16 04:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-14 09:33 - 2015-09-16 04:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-14 09:33 - 2015-09-16 04:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-14 09:33 - 2015-09-16 04:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-14 09:33 - 2015-09-16 03:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-14 09:33 - 2015-09-16 03:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-14 09:33 - 2015-09-16 03:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-14 09:33 - 2015-09-16 03:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-14 09:33 - 2015-09-16 03:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-14 09:33 - 2015-09-16 03:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-14 09:33 - 2015-09-16 03:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-14 09:33 - 2015-09-16 03:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-14 09:33 - 2015-09-16 03:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-14 09:33 - 2015-09-16 03:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-14 09:33 - 2015-08-06 19:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-14 09:33 - 2015-08-06 19:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-14 09:33 - 2015-08-06 18:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-14 09:33 - 2015-08-06 18:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-14 09:31 - 2015-09-25 19:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-14 09:31 - 2015-09-25 19:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-14 09:31 - 2015-09-25 19:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-14 09:31 - 2015-09-25 19:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-14 09:31 - 2015-09-25 19:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-14 09:31 - 2015-09-25 19:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-14 09:31 - 2015-09-25 19:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-14 09:31 - 2015-09-25 19:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-14 09:31 - 2015-09-25 19:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-14 09:31 - 2015-09-25 19:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-14 09:31 - 2015-09-25 19:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-14 09:31 - 2015-09-25 18:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-14 09:31 - 2015-09-25 18:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-14 09:31 - 2015-09-25 18:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-14 09:31 - 2015-09-25 18:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-14 09:31 - 2015-09-25 18:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-14 09:30 - 2015-10-01 19:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-14 09:30 - 2015-10-01 19:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-14 09:30 - 2015-10-01 19:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-14 09:30 - 2015-10-01 19:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-14 09:30 - 2015-10-01 19:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-14 09:30 - 2015-10-01 19:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-14 09:30 - 2015-10-01 19:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-14 09:30 - 2015-10-01 18:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-14 09:30 - 2015-10-01 18:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-14 09:30 - 2015-09-29 04:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-14 09:30 - 2015-09-29 04:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-14 09:30 - 2015-09-29 04:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-14 09:30 - 2015-09-29 04:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-14 09:30 - 2015-09-29 04:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-14 09:30 - 2015-09-29 04:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-14 09:30 - 2015-09-29 04:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-14 09:30 - 2015-09-29 04:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-14 09:30 - 2015-09-29 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-14 09:30 - 2015-09-29 04:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-14 09:30 - 2015-09-29 04:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-14 09:30 - 2015-09-29 04:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-14 09:30 - 2015-09-29 04:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-14 09:30 - 2015-09-29 04:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-14 09:30 - 2015-09-29 04:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-14 09:30 - 2015-09-29 04:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-14 09:30 - 2015-09-29 04:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-14 09:30 - 2015-09-29 04:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-14 09:30 - 2015-09-29 04:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-14 09:30 - 2015-09-29 04:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-14 09:30 - 2015-09-29 04:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-14 09:30 - 2015-09-29 04:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-14 09:30 - 2015-09-29 04:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-14 09:30 - 2015-09-29 04:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-14 09:30 - 2015-09-29 04:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-14 09:30 - 2015-09-29 04:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-14 09:30 - 2015-09-29 04:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-14 09:30 - 2015-09-29 04:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-14 09:30 - 2015-09-29 04:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-14 09:30 - 2015-09-29 04:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-14 09:30 - 2015-09-29 04:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 04:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 04:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 04:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 04:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 04:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 04:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 04:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 03:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-14 09:30 - 2015-09-29 03:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-14 09:30 - 2015-09-29 03:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-14 09:30 - 2015-09-29 03:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-14 09:30 - 2015-09-29 03:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-14 09:30 - 2015-09-29 03:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-14 09:30 - 2015-09-29 03:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-14 09:30 - 2015-09-29 03:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-14 09:30 - 2015-09-29 03:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-14 09:30 - 2015-09-29 03:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-14 09:30 - 2015-09-29 03:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-14 09:30 - 2015-09-29 03:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-14 09:30 - 2015-09-29 03:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-14 09:30 - 2015-09-29 03:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-14 09:30 - 2015-09-29 03:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-14 09:30 - 2015-09-29 03:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-14 09:30 - 2015-09-29 03:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-14 09:30 - 2015-09-29 03:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-14 09:30 - 2015-09-29 03:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 03:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 02:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-14 09:30 - 2015-09-29 02:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-14 09:30 - 2015-09-29 02:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-14 09:30 - 2015-09-29 02:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-14 09:30 - 2015-09-29 02:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-14 09:30 - 2015-09-29 02:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 02:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 02:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 09:30 - 2015-09-29 02:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-14 09:30 - 2015-09-15 19:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-14 09:30 - 2015-09-15 19:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-14 09:30 - 2015-09-15 19:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-14 09:30 - 2015-09-15 19:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-14 09:30 - 2015-09-15 19:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-14 09:30 - 2015-09-15 19:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-14 09:30 - 2015-09-15 19:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-14 09:30 - 2015-09-15 19:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-14 09:30 - 2015-09-15 19:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-14 09:30 - 2015-09-15 18:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-14 09:30 - 2015-09-15 18:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-14 09:30 - 2015-09-15 18:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-14 09:30 - 2015-09-15 18:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-14 09:30 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-06 09:11 - 2015-10-06 09:11 - 00001137 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-04 11:44 - 2012-02-14 06:25 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-04 11:43 - 2012-05-03 09:30 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-04 11:28 - 2012-09-28 15:48 - 00000000 ____D C:\Users\RN\AppData\Local\0A93DD50-B8D4-45F1-B4C9-C1FA7D93CEA6.aplzod
2015-11-04 11:28 - 2012-02-08 12:42 - 00000000 ____D C:\Users\RN\Documents\Outlook-Dateien
2015-11-04 10:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2015-11-04 10:44 - 2012-02-20 15:05 - 00000432 _____ C:\Windows\BRWMARK.INI
2015-11-04 10:44 - 2012-02-14 06:25 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-04 10:35 - 2009-07-14 05:45 - 00031536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-04 10:35 - 2009-07-14 05:45 - 00031536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-04 10:33 - 2012-01-24 15:18 - 01842738 _____ C:\Windows\WindowsUpdate.log
2015-11-04 10:33 - 2011-09-02 14:35 - 00699666 _____ C:\Windows\system32\perfh007.dat
2015-11-04 10:33 - 2011-09-02 14:35 - 00149774 _____ C:\Windows\system32\perfc007.dat
2015-11-04 10:33 - 2009-07-14 06:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-04 10:27 - 2012-03-20 16:57 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-11-04 10:27 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-04 10:26 - 2013-02-21 10:56 - 00000000 ____D C:\Users\RN\AppData\Local\Open-Xchange
2015-11-04 10:22 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-03 18:40 - 2015-02-16 09:42 - 00299724 _____ C:\Users\RN\Desktop\Hochrechnung RNC Ergebnis 2015.xlsx
2015-10-31 10:43 - 2015-08-09 07:16 - 00025137 _____ C:\Users\RN\Desktop\Flüssigkeiten und  Puls.xlsx
2015-10-28 18:46 - 2014-12-14 09:47 - 00011207 _____ C:\Users\RN\Desktop\TOP.xlsx
2015-10-28 03:11 - 2012-02-14 06:59 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-24 22:01 - 2012-02-02 10:12 - 00000000 ____D C:\Windows\Minidump
2015-10-24 21:48 - 2012-02-14 10:38 - 00000000 ____D C:\Users\RN\AppData\Local\Windows Live
2015-10-24 00:04 - 2011-09-02 05:06 - 00000000 ___HD C:\SPLASH.000
2015-10-20 09:53 - 2015-07-04 01:18 - 00227000 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2015-10-19 10:43 - 2012-05-03 09:30 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-19 10:43 - 2012-05-03 09:30 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-19 10:43 - 2011-09-02 04:55 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-19 08:49 - 2009-07-14 05:45 - 00353496 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-19 08:48 - 2010-11-21 04:47 - 00932414 _____ C:\Windows\PFRO.log
2015-10-16 16:07 - 2012-01-24 15:18 - 00091376 _____ C:\Users\RN\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-16 16:01 - 2011-02-10 23:48 - 00000000 ____D C:\Windows\Panther
2015-10-16 02:16 - 2014-12-10 20:09 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-16 02:16 - 2014-05-08 02:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-15 12:41 - 2015-06-08 18:43 - 00041352 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klpd.sys
2015-10-15 12:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2015-10-15 11:31 - 2012-01-27 14:27 - 00000000 ____D C:\ProgramData\Avira
2015-10-14 18:28 - 2013-08-04 05:43 - 00000000 ____D C:\Windows\system32\MRT
2015-10-14 18:28 - 2012-02-08 11:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-14 18:23 - 2012-02-03 15:10 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-14 18:22 - 2009-07-14 03:34 - 00000678 _____ C:\Windows\win.ini
2015-10-09 09:18 - 2015-04-07 07:07 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-08 16:04 - 2015-04-07 07:07 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-10-08 11:17 - 2015-01-16 10:46 - 00137959 _____ C:\Users\RN\Desktop\immo2014.xlsx
2015-10-06 09:11 - 2011-09-02 04:50 - 00000000 ____D C:\Windows\System32\Tasks\Sony Corporation
2015-10-06 09:11 - 2011-09-02 04:50 - 00000000 ____D C:\ProgramData\Sony Corporation
2015-10-06 09:11 - 2011-09-02 04:50 - 00000000 ____D C:\Program Files\Sony
2015-10-05 08:57 - 2012-01-24 15:31 - 00000000 ____D C:\Update

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-02-20 16:13 - 2013-02-20 16:28 - 0038425 _____ () C:\Users\RN\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
2013-07-09 05:55 - 2013-07-09 05:57 - 0000004 _____ () C:\Users\RN\AppData\Roaming\skype.ini
2015-10-16 16:09 - 2015-10-16 16:09 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-04-18 15:39 - 2011-04-18 15:39 - 0226364 ____R () C:\ProgramData\DeviceManager.xml.rc4
2012-07-27 07:58 - 2012-08-02 07:38 - 0792715 _____ () C:\ProgramData\gui.log
2013-08-29 23:03 - 2013-08-29 23:03 - 0000070 _____ () C:\ProgramData\olxrnniyofyerfwnxqr.bat
2013-08-29 23:03 - 2013-08-29 23:03 - 0000165 _____ () C:\ProgramData\olxrnniyofyerfwnxqr.reg

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\ProgramData\olxrnniyofyerfwnxqr.bat
C:\ProgramData\olxrnniyofyerfwnxqr.reg
C:\Users\RN\AppData\Roaming\skype.ini


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-10-31 11:16

==================== Ende von FRST.txt ============================

brbrb83 · 13.11.2015, 10:08

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-11-04 19:02:44
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Intel___ rev.1.0. 238,50GB
Running: Gmer-19357.exe; Driver: C:\Users\RN\AppData\Local\Temp\uxtdrpob.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                           0000000077211401 2 bytes JMP 7633b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe[2844] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                             0000000077211419 2 bytes JMP 7633b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                           0000000077211431 2 bytes JMP 763b8fd1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                           000000007721144a 2 bytes CALL 7631489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                           * 9
.text  C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe[2844] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                              00000000772114dd 2 bytes JMP 763b88c4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                       00000000772114f5 2 bytes JMP 763b8aa0 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe[2844] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                              000000007721150d 2 bytes JMP 763b87ba C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                       0000000077211525 2 bytes JMP 763b8b8a C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                             000000007721153d 2 bytes JMP 7632fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe[2844] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                  0000000077211555 2 bytes JMP 763368ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                           000000007721156d 2 bytes JMP 763b9089 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                             0000000077211585 2 bytes JMP 763b8bea C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe[2844] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                000000007721159d 2 bytes JMP 763b877e C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                             00000000772115b5 2 bytes JMP 7632fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                           00000000772115cd 2 bytes JMP 7633b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                       00000000772116b2 2 bytes JMP 763b8f4c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe[2844] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                       00000000772116bd 2 bytes JMP 763b8713 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                   0000000077211401 2 bytes JMP 7633b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2344] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                     0000000077211419 2 bytes JMP 7633b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                   0000000077211431 2 bytes JMP 763b8fd1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                   000000007721144a 2 bytes CALL 7631489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                           * 9
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2344] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                      00000000772114dd 2 bytes JMP 763b88c4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                               00000000772114f5 2 bytes JMP 763b8aa0 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2344] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                      000000007721150d 2 bytes JMP 763b87ba C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                               0000000077211525 2 bytes JMP 763b8b8a C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                     000000007721153d 2 bytes JMP 7632fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2344] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                          0000000077211555 2 bytes JMP 763368ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                   000000007721156d 2 bytes JMP 763b9089 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                     0000000077211585 2 bytes JMP 763b8bea C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2344] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                        000000007721159d 2 bytes JMP 763b877e C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                     00000000772115b5 2 bytes JMP 7632fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                   00000000772115cd 2 bytes JMP 7633b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                               00000000772116b2 2 bytes JMP 763b8f4c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2344] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                               00000000772116bd 2 bytes JMP 763b8713 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                    0000000077211401 2 bytes JMP 7633b21b C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[3264] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                      0000000077211419 2 bytes JMP 7633b346 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                    0000000077211431 2 bytes JMP 763b8fd1 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                    000000007721144a 2 bytes CALL 7631489d C:\Windows\syswow64\KERNEL32.dll
.text  ...                                                                                                                                                           * 9
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[3264] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                       00000000772114dd 2 bytes JMP 763b88c4 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                00000000772114f5 2 bytes JMP 763b8aa0 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[3264] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                       000000007721150d 2 bytes JMP 763b87ba C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                0000000077211525 2 bytes JMP 763b8b8a C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                      000000007721153d 2 bytes JMP 7632fca8 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[3264] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                           0000000077211555 2 bytes JMP 763368ef C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                    000000007721156d 2 bytes JMP 763b9089 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                      0000000077211585 2 bytes JMP 763b8bea C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[3264] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                         000000007721159d 2 bytes JMP 763b877e C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                      00000000772115b5 2 bytes JMP 7632fd41 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                    00000000772115cd 2 bytes JMP 7633b2dc C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                00000000772116b2 2 bytes JMP 763b8f4c C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[3264] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                00000000772116bd 2 bytes JMP 763b8713 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                 0000000077bb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                 0000000077bb1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                         0000000077bb18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                        0000000077bb1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                           0000000077bb1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                               0000000077bb1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                             0000000077bb1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                 0000000077bb2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                             0000000077bb26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                     0000000077bfda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text  C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                   0000000077bfdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text  C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                         0000000077bfdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text  C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                       0000000077bfdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text  C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                           0000000077bfde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text  C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                           0000000077bfe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text  C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                         0000000077bfe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text  C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                         0000000077bfeee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text  C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                       00000000753113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                       000000007531146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                    00000000753116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                 00000000753119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                 00000000753119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe[5508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                           0000000075311a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                            0000000077bb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                            0000000077bb1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                    0000000077bb18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                   0000000077bb1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                      0000000077bb1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                          0000000077bb1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                        0000000077bb1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                            0000000077bb2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                        0000000077bb26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                0000000077bfda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                              0000000077bfdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                    0000000077bfdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                  0000000077bfdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                      0000000077bfde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                      0000000077bfe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                    0000000077bfe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                    0000000077bfeee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                  00000000753113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                  000000007531146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                               00000000753116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                            00000000753119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                            00000000753119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                      0000000075311a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                             0000000077211401 2 bytes JMP 7633b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                               0000000077211419 2 bytes JMP 7633b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                             0000000077211431 2 bytes JMP 763b8fd1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                             000000007721144a 2 bytes CALL 7631489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                           * 9
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                00000000772114dd 2 bytes JMP 763b88c4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                         00000000772114f5 2 bytes JMP 763b8aa0 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                000000007721150d 2 bytes JMP 763b87ba C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                         0000000077211525 2 bytes JMP 763b8b8a C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                               000000007721153d 2 bytes JMP 7632fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                    0000000077211555 2 bytes JMP 763368ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                             000000007721156d 2 bytes JMP 763b9089 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                               0000000077211585 2 bytes JMP 763b8bea C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                  000000007721159d 2 bytes JMP 763b877e C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                               00000000772115b5 2 bytes JMP 7632fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                             00000000772115cd 2 bytes JMP 7633b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                         00000000772116b2 2 bytes JMP 763b8f4c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5568] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                         00000000772116bd 2 bytes JMP 763b8713 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                 0000000077bb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                 0000000077bb1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                         0000000077bb18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                        0000000077bb1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373           0000000077bb1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                               0000000077bb1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                             0000000077bb1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                 0000000077bb2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16             0000000077bb26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                     0000000077bfda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                   0000000077bfdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                         0000000077bfdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                       0000000077bfdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                           0000000077bfde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                           0000000077bfe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                         0000000077bfe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                         0000000077bfeee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312       00000000753113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471       000000007531146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                    00000000753116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                 00000000753119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                 00000000753119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23           0000000075311a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                  0000000077bb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                  0000000077bb1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                          0000000077bb18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                         0000000077bb1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373            0000000077bb1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                0000000077bb1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                              0000000077bb1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                  0000000077bb2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16              0000000077bb26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                      0000000077bfda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                    0000000077bfdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                          0000000077bfdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                        0000000077bfdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                            0000000077bfde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                            0000000077bfe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                          0000000077bfe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                          0000000077bfeee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312        00000000753113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471        000000007531146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                     00000000753116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                  00000000753119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                  00000000753119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[5968] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23            0000000075311a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                             0000000077bb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                             0000000077bb1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                     0000000077bb18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                    0000000077bb1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                       0000000077bb1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                           0000000077bb1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                         0000000077bb1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                             0000000077bb2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                         0000000077bb26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                 0000000077bfda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                               0000000077bfdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                     0000000077bfdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                   0000000077bfdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                       0000000077bfde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                       0000000077bfe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                     0000000077bfe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                     0000000077bfeee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                   00000000753113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                   000000007531146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                00000000753116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                             00000000753119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                             00000000753119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[5984] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                       0000000075311a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                 0000000077bb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                 0000000077bb1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                         0000000077bb18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                        0000000077bb1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                           0000000077bb1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                               0000000077bb1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                             0000000077bb1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                 0000000077bb2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                             0000000077bb26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                     0000000077bfda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                   0000000077bfdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                         0000000077bfdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                       0000000077bfdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                           0000000077bfde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                           0000000077bfe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                         0000000077bfe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                         0000000077bfeee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                       00000000753113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                       000000007531146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                    00000000753116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                 00000000753119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                 00000000753119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[6052] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                           0000000075311a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                          0000000077bb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                          0000000077bb1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                  0000000077bb18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                 0000000077bb1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                    0000000077bb1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                        0000000077bb1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                      0000000077bb1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                          0000000077bb2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                      0000000077bb26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                              0000000077bfda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text  C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                            0000000077bfdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text  C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                  0000000077bfdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text  C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                0000000077bfdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text  C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                    0000000077bfde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text  C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                    0000000077bfe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text  C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                  0000000077bfe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text  C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                  0000000077bfeee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text  C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                00000000753113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                000000007531146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                             00000000753116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                          00000000753119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                          00000000753119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\CyberLink\Shared files\brs.exe[6100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                    0000000075311a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159              0000000077bb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500              0000000077bb1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                      0000000077bb18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                     0000000077bb1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373        0000000077bb1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                            0000000077bb1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                          0000000077bb1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680              0000000077bb2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16          0000000077bb26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                  0000000077bfda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                0000000077bfdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                      0000000077bfdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                    0000000077bfdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                        0000000077bfde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                        0000000077bfe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                      0000000077bfe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                      0000000077bfeee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312    00000000753113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471    000000007531146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                 00000000753116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23              00000000753119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23              00000000753119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23        0000000075311a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17               0000000077211401 2 bytes JMP 7633b21b C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                 0000000077211419 2 bytes JMP 7633b346 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17               0000000077211431 2 bytes JMP 763b8fd1 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42               000000007721144a 2 bytes CALL 7631489d C:\Windows\syswow64\KERNEL32.dll
.text  ...                                                                                                                                                           * 9
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                  00000000772114dd 2 bytes JMP 763b88c4 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17           00000000772114f5 2 bytes JMP 763b8aa0 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                  000000007721150d 2 bytes JMP 763b87ba C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17           0000000077211525 2 bytes JMP 763b8b8a C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                 000000007721153d 2 bytes JMP 7632fca8 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                      0000000077211555 2 bytes JMP 763368ef C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17               000000007721156d 2 bytes JMP 763b9089 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                 0000000077211585 2 bytes JMP 763b8bea C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                    000000007721159d 2 bytes JMP 763b877e C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                 00000000772115b5 2 bytes JMP 7632fd41 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17               00000000772115cd 2 bytes JMP 7633b2dc C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20           00000000772116b2 2 bytes JMP 763b8f4c C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31           00000000772116bd 2 bytes JMP 763b8713 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                           0000000077bb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                           0000000077bb1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                   0000000077bb18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                  0000000077bb1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                     0000000077bb1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                         0000000077bb1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                       0000000077bb1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                           0000000077bb2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                       0000000077bb26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                               0000000077bfda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                             0000000077bfdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                   0000000077bfdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                 0000000077bfdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                     0000000077bfde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                     0000000077bfe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                   0000000077bfe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                   0000000077bfeee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                 00000000753113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                 000000007531146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                              00000000753116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                           00000000753119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                           00000000753119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[5552] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                     0000000075311a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                 0000000077bb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                 0000000077bb1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                         0000000077bb18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                        0000000077bb1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                           0000000077bb1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                               0000000077bb1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                             0000000077bb1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                                 0000000077bb2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                             0000000077bb26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                     0000000077bfda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                   0000000077bfdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                         0000000077bfdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                       0000000077bfdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                           0000000077bfde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                           0000000077bfe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                         0000000077bfe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                         0000000077bfeee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                       00000000753113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                       000000007531146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                    00000000753116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                 00000000753119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                 00000000753119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\iTunes\iTunesHelper.exe[5940] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                           0000000075311a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                     0000000077bb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                     0000000077bb1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                             0000000077bb18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                            0000000077bb1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                               0000000077bb1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                   0000000077bb1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                 0000000077bb1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                     0000000077bb2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                 0000000077bb26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                         0000000077bfda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text  C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                       0000000077bfdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text  C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                             0000000077bfdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text  C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                           0000000077bfdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text  C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                               0000000077bfde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text  C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                               0000000077bfe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text  C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                             0000000077bfe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text  C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                             0000000077bfeee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text  C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                           00000000753113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                           000000007531146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                        00000000753116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                     00000000753119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                     00000000753119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[5892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                               0000000075311a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                           0000000077bb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                           0000000077bb1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                   0000000077bb18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                  0000000077bb1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                     0000000077bb1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                         0000000077bb1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                       0000000077bb1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                           0000000077bb2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                       0000000077bb26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                               0000000077bfda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                             0000000077bfdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                   0000000077bfdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                 0000000077bfdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                     0000000077bfde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                     0000000077bfe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                   0000000077bfe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                   0000000077bfeee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                 00000000753113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                 000000007531146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                              00000000753116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                           00000000753119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                           00000000753119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                     0000000075311a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                            0000000077211401 2 bytes JMP 7633b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                              0000000077211419 2 bytes JMP 7633b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                            0000000077211431 2 bytes JMP 763b8fd1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                            000000007721144a 2 bytes CALL 7631489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                           * 9
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                               00000000772114dd 2 bytes JMP 763b88c4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                        00000000772114f5 2 bytes JMP 763b8aa0 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                               000000007721150d 2 bytes JMP 763b87ba C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                        0000000077211525 2 bytes JMP 763b8b8a C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                              000000007721153d 2 bytes JMP 7632fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                   0000000077211555 2 bytes JMP 763368ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                            000000007721156d 2 bytes JMP 763b9089 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                              0000000077211585 2 bytes JMP 763b8bea C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                 000000007721159d 2 bytes JMP 763b877e C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                              00000000772115b5 2 bytes JMP 7632fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                            00000000772115cd 2 bytes JMP 7633b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                        00000000772116b2 2 bytes JMP 763b8f4c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[5792] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                        00000000772116bd 2 bytes JMP 763b8713 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                        0000000077bb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                        0000000077bb1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                0000000077bb18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                               0000000077bb1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                  0000000077bb1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                      0000000077bb1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                    0000000077bb1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                        0000000077bb2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                    0000000077bb26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                            0000000077bfda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text  C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                          0000000077bfdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text  C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                0000000077bfdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text  C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                              0000000077bfdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text  C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                  0000000077bfde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text  C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                  0000000077bfe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text  C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                0000000077bfe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text  C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                0000000077bfeee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text  C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                              00000000753113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                              000000007531146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                           00000000753116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                        00000000753119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                        00000000753119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[5388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                  0000000075311a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159            0000000077bb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500            0000000077bb1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                    0000000077bb18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                   0000000077bb1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373      0000000077bb1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                          0000000077bb1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                        0000000077bb1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680            0000000077bb2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16        0000000077bb26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                0000000077bfda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread              0000000077bfdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                    0000000077bfdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                  0000000077bfdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                      0000000077bfde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                      0000000077bfe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                    0000000077bfe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                    0000000077bfeee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312  00000000753113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471  000000007531146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611               00000000753116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23            00000000753119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23            00000000753119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8636] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23      0000000075311a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                 0000000077bb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                 0000000077bb1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                         0000000077bb18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                        0000000077bb1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373           0000000077bb1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                               0000000077bb1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                             0000000077bb1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                 0000000077bb2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16             0000000077bb26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                     0000000077bfda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                   0000000077bfdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                         0000000077bfdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                       0000000077bfdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                           0000000077bfde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                           0000000077bfe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                         0000000077bfe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                         0000000077bfeee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312       00000000753113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471       000000007531146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                    00000000753116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                 00000000753119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                 00000000753119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8892] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23           0000000075311a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                   0000000077bb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                   0000000077bb1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                           0000000077bb18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                          0000000077bb1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                             0000000077bb1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                 0000000077bb1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                               0000000077bb1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                                   0000000077bb2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                               0000000077bb26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                       0000000077bfda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text  C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                     0000000077bfdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text  C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                           0000000077bfdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text  C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                         0000000077bfdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text  C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                             0000000077bfde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text  C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                             0000000077bfe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text  C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                           0000000077bfe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text  C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                           0000000077bfeee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text  C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                         00000000753113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                         000000007531146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                      00000000753116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                   00000000753119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                   00000000753119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[9196] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                             0000000075311a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[8752] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                 0000000077bb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[8752] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                 0000000077bb1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[8752] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                         0000000077bb18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[8752] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                        0000000077bb1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[8752] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373           0000000077bb1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[8752] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                               0000000077bb1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[8752] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                             0000000077bb1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[8752] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                 0000000077bb2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[8752] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16             0000000077bb26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[8752] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                     0000000077bfda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[8752] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                   0000000077bfdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[8752] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                         0000000077bfdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text

brbrb83 · 13.11.2015, 10:13

Code:

ATTFilter

C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[8752] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                       0000000077bfdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[8752] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                           0000000077bfde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[8752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                           0000000077bfe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[8752] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                         0000000077bfe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[8752] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                         0000000077bfeee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[8752] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312       00000000753113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[8752] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471       000000007531146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[8752] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                    00000000753116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[8752] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                 00000000753119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[8752] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                 00000000753119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[8752] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23           0000000075311a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[3292] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                  0000000077bb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[3292] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                  0000000077bb1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[3292] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                          0000000077bb18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[3292] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                         0000000077bb1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[3292] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                            0000000077bb1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[3292] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                0000000077bb1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[3292] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                              0000000077bb1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[3292] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                                  0000000077bb2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[3292] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                              0000000077bb26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[3292] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                      0000000077bfda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[3292] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                    0000000077bfdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[3292] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                          0000000077bfdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[3292] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                        0000000077bfdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[3292] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                            0000000077bfde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[3292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                            0000000077bfe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[3292] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                          0000000077bfe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[3292] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                          0000000077bfeee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[3292] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                        00000000753113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[3292] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                        000000007531146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[3292] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                     00000000753116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[3292] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                  00000000753119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[3292] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                  00000000753119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[3292] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                            0000000075311a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\RN\Downloads\Gmer-19357.exe[8988] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                           0000000077bb13ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\RN\Downloads\Gmer-19357.exe[8988] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                           0000000077bb1544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\RN\Downloads\Gmer-19357.exe[8988] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                   0000000077bb18ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\RN\Downloads\Gmer-19357.exe[8988] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                  0000000077bb1ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\RN\Downloads\Gmer-19357.exe[8988] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                     0000000077bb1d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\RN\Downloads\Gmer-19357.exe[8988] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                         0000000077bb1e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\RN\Downloads\Gmer-19357.exe[8988] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                       0000000077bb1f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\RN\Downloads\Gmer-19357.exe[8988] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                                           0000000077bb2238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\RN\Downloads\Gmer-19357.exe[8988] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                       0000000077bb26e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\RN\Downloads\Gmer-19357.exe[8988] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                               0000000077bfda80 8 bytes {JMP QWORD [RIP-0x4bd61]}
.text  C:\Users\RN\Downloads\Gmer-19357.exe[8988] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                             0000000077bfdc00 8 bytes {JMP QWORD [RIP-0x4bd77]}
.text  C:\Users\RN\Downloads\Gmer-19357.exe[8988] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                   0000000077bfdc30 8 bytes {JMP QWORD [RIP-0x4c6f2]}
.text  C:\Users\RN\Downloads\Gmer-19357.exe[8988] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                 0000000077bfdd50 8 bytes {JMP QWORD [RIP-0x4c1ae]}
.text  C:\Users\RN\Downloads\Gmer-19357.exe[8988] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                     0000000077bfde00 8 bytes {JMP QWORD [RIP-0x4c538]}
.text  C:\Users\RN\Downloads\Gmer-19357.exe[8988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                     0000000077bfe430 8 bytes {JMP QWORD [RIP-0x4bd56]}
.text  C:\Users\RN\Downloads\Gmer-19357.exe[8988] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                   0000000077bfe680 8 bytes {JMP QWORD [RIP-0x4c44e]}
.text  C:\Users\RN\Downloads\Gmer-19357.exe[8988] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                   0000000077bfeee0 8 bytes {JMP QWORD [RIP-0x4cf71]}
.text  C:\Users\RN\Downloads\Gmer-19357.exe[8988] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                 00000000753113cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\RN\Downloads\Gmer-19357.exe[8988] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                 000000007531146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Users\RN\Downloads\Gmer-19357.exe[8988] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                              00000000753116d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\RN\Downloads\Gmer-19357.exe[8988] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                           00000000753119db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\RN\Downloads\Gmer-19357.exe[8988] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                           00000000753119fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\RN\Downloads\Gmer-19357.exe[8988] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                     0000000075311a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\88532e18cedb                                                                                   
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\88532e78b396                                                                                   
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\88532e78b396@d831cfc93952                                                                      0x0E 0x38 0x9D 0x8A ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch                                                                                               18136
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\88532e18cedb (not active ControlSet)                                                               
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\88532e78b396 (not active ControlSet)                                                               
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\88532e78b396@d831cfc93952                                                                          0x0E 0x38 0x9D 0x8A ...

---- EOF - GMER 2.1 ----

Code:

ATTFilter

04.11.2015 12.34.14	Vollständige Untersuchung des Computers	Keine Bedrohungen gefunden	Gefunden: 0	Neutralisiert: 0	Nicht untersucht: 0	Datum des letzten Datenbanken-Updates bei Untersuchungsbeginn: 04.11.2015 08:53	Gesamtdauer: 33 Minuten, 57 Sekunden	Ende: 04.11.2015 13:08
04.11.2015 10.57.44	Rootkit-Suche	Keine Bedrohungen gefunden	Gefunden: 0	Neutralisiert: 0	Nicht untersucht: 0	Datum des letzten Datenbanken-Updates bei Untersuchungsbeginn: 04.11.2015 08:53	Gesamtdauer: 38 Minuten, 39 Sekunden	Ende: 04.11.2015 11:36

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 04.11.2015
Suchlaufzeit: 12:37
Protokolldatei: Result Malwarebytes.txt
Administrator: Ja

Version: 2.2.0.1024
Malware-Datenbank: v2015.11.04.03
Rootkit-Datenbank: v2015.10.28.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: RN

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 363399
Abgelaufene Zeit: 17 Min., 39 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)

Hallo zusammen,
also ich hoffe ich hab die Logs so zusammengestellt dass ihr gut damit arbeiten könnt.
Tausend Dank schonmal für Eure Hilfe und toll dass es Euch gibt

LG
Stefan

cosinus · 13.11.2015, 10:17

Logs sind imho i.O.

Das Problem haben viele andere auch vgl . http://www.trojaner-board.de/172428-...nden-spam.html

13.11.2015, 10:17	#7
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows 7 SP1 Outlook versendet Mails an Adressbuch Logs sind imho i.O. Das Problem haben viele andere auch vgl . http://www.trojaner-board.de/172428-...nden-spam.html __________________ Logfiles bitte immer in CODE-Tags posten

Windows 7 SP1 Outlook versendet Mails an Adressbuch

Log-Analyse und Auswertung: Windows 7 SP1 Outlook versendet Mails an Adressbuch