Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7 Neuinstallation nicht möglich (https://www.trojaner-board.de/156496-windows-7-neuinstallation-moeglich.html)

Sithur 15.07.2014 22:56
Windows 7 Neuinstallation nicht möglich
 
Hallo Zusammen,

sorry erstmal für den unklaren Titel, aber es ist ein Paket von Problemen die ich nicht genau einordnen kann. Aufgrund diverser "seltsamer" Verhaltensweisen wollte ich mein Windows 7 64-bit neu aufsetzen. Dies funktioniert aber leider nicht. Hier eine kurze Zusammenfassung der Faktenlage:

1. System funktioniert oftmals Tage- oder Stundenlange ohne irgendwelche Auffälligkeiten/Probleme.
2. Virenscanner Kaspersky hat nichts gefunden
3. Seit Tagen spinnt die Maus teilweise komplett (Einzelklick wird als Doppelklick interpretiert, Den Zeiger über einen Tab in Chrome führen schließt den Tab oder öffnet X weitere, teilweise keinerlei Reaktion beim Klicken mehr - selbes Verhalten mit einer zweiten Maus)
4. Bekomme phasenweise keinen Zugriff mehr auf optische Laufwerke - Zugriff wird verweigert, sowohl als User wie auch als Admin
5. Manchmal werden während des laufenden Betriebs Festplatten oder optische Laufwerke aus dem Explorer rausgeschmissen... sind nicht mehr verfügbar
6. Ins Bios komme ich noch rein - werde aber nach wenigen Sekunden wieder rausgeschmissen - zu kurz um Änderungen vorzunehmen.
7. Änderungen im BIOS wurden überschrieben -> Bootreihenfolge steht aktuell auf a) SSD mit Win7 und b) DVD-Laufwerk => kein Booten mehr von CD möglich
8. Versuch Win 7 über die Setup.exe zu installieren bricht zu unterschiedlichen Zeitpunkten ab BEVOR die eigentliche Installation erfolgt (Temporären Daten konnte nicht installiert werden, keine Laufwerke gefunden... etc.)

WUNSCH:
- Win7 sauber neu aufsetzen können
- Einen Weg aufgezeigt bekommen wie ich wieder zu einem normal laufenden System komme und ob es nur SW- oder ggf auch ein HW-Problem ist.

Vielen Dank schon mal für jegliche Hilfestellung.

Hier soweit die verfügbaren Logs
FIRST.txt
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01
Ran by Sven (administrator) on SITHUR on 15-07-2014 23:10:45
Running from C:\Users\Sven\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.12\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.09\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
() C:\Windows\System32\PnkBstrA.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe
(Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10464536 2014-07-02] (Logitech Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => D:\Kies\KiesTrayAgent.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-01-31] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ASUS ShellProcess Execute] => C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe [252544 2010-09-28] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816272 2014-06-23] (LogMeIn Inc.)
HKU\S-1-5-21-203274456-2663336697-3668736882-1000\...\Run: [KiesPreload] => D:\Kies\Kies.exe /preload
HKU\S-1-5-21-203274456-2663336697-3668736882-1000\...\Run: [] => D:\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-203274456-2663336697-3668736882-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2014-01-31] (AMD)
HKU\S-1-5-21-203274456-2663336697-3668736882-1000\...\MountPoints2: {c90cb1d0-25ef-11e2-93cc-806e6f6e6963} - E:\setup.exe
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7204F89DEB5BCE01
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @esn/esnlaunch,version=1.140.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Sven\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-11-06]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-11-06]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-11-06]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-11-06]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-11-06]

Chrome:
=======
CHR Extension: (Kaspersky Protection) - C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-03-24]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2012-11-03]
CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2012-11-03]
CHR Extension: (Modul zum Sperren von gefährlichen Webseiten) - C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-11-06]
CHR Extension: (Virtual Keyboard) - C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2012-11-03]
CHR Extension: (Google Wallet) - C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Anti-Banner) - C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2012-11-03]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2012-11-03]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]

==================== Services (Whitelisted) =================

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.12\atkexComSvc.exe [917120 2010-10-28] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.09\aaHMSvc.exe [909440 2010-11-03] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-10-27] (Atheros Commnucations) [File not signed]
R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2227216 2010-02-12] (Symantec)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-15] (LogMeIn, Inc.)
R2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4590432 2010-03-03] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-07-12] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-16] ()
S3 SandraAgentSrv; Z:\SiSoftware Sandra Lite 2014.SP1a\RpcAgentSrv.exe [72344 2008-02-17] (SiSoftware) [File not signed]
S3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe [9728 2009-07-14] (Microsoft Corporation)
S3 Symantec SymSnap VSS Provider; C:\Windows\SysWOW64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)
R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2010-02-11] (Symantec)

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-09] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-19] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-19] (Kaspersky Lab ZAO)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 SANDRA; Z:\SiSoftware Sandra Lite 2014.SP1a\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [170032 2010-02-11] (StorageCraft)
R3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2012-09-28] (Creative Technology Ltd.)
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
U2 V2iMount;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-15 23:10 - 2014-07-15 23:10 - 00020871 _____ () C:\Users\Sven\Downloads\FRST.txt
2014-07-15 23:10 - 2014-07-15 23:10 - 00000000 ____D () C:\FRST
2014-07-15 23:09 - 2014-07-15 23:10 - 02086912 _____ (Farbar) C:\Users\Sven\Downloads\FRST64.exe
2014-07-15 17:39 - 2014-07-16 04:39 - 00000000 ___RD () C:\Users\Administrator\Virtual Machines
2014-07-15 17:39 - 2014-07-16 04:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\LogMeIn Hamachi
2014-07-15 17:39 - 2014-07-15 17:39 - 00064024 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-15 17:39 - 2014-07-15 17:39 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel Corporation
2014-07-15 17:39 - 2014-07-15 17:39 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2014-07-15 17:39 - 2014-07-15 17:39 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-07-15 17:39 - 2014-07-15 17:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\LogMeIn
2014-07-15 17:39 - 2014-07-15 17:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Logitech
2014-07-15 17:39 - 2014-07-15 17:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2014-07-15 17:38 - 2014-07-16 04:39 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-15 17:38 - 2014-07-16 04:39 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-15 17:38 - 2014-07-16 04:39 - 00000000 ____D () C:\Users\Administrator
2014-07-15 17:38 - 2014-07-15 17:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-15 17:38 - 2014-07-15 17:38 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2014-07-15 17:38 - 2014-07-15 17:38 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-07-15 17:38 - 2014-07-15 17:38 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-07-15 17:38 - 2014-07-15 17:38 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2014-07-15 17:38 - 2014-07-15 17:38 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2014-07-15 17:38 - 2014-07-15 17:38 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-07-15 17:38 - 2014-07-15 17:38 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-07-15 17:38 - 2014-07-15 17:38 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-07-15 17:38 - 2014-07-15 17:38 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-15 17:38 - 2014-07-15 17:38 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-07-15 17:38 - 2014-07-15 17:38 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2014-07-15 17:38 - 2014-07-15 17:38 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2014-07-15 17:38 - 2013-01-19 21:13 - 00000000 ____D () C:\Users\Administrator\AppData\LocalGoogle
2014-07-15 15:21 - 2014-07-15 15:21 - 00000000 __SHD () C:\found.001
2014-07-15 15:19 - 2014-07-15 15:19 - 00000000 ____D () C:\Symantec
2014-07-12 23:13 - 2014-07-12 23:13 - 00006832 ____N () C:\bootsqm.dat
2014-07-12 23:13 - 2014-07-12 23:13 - 00000000 __SHD () C:\found.000
2014-07-12 13:48 - 2014-07-12 13:48 - 00000000 __SHD () C:\Users\Sven\AppData\Local\EmieUserList
2014-07-12 13:48 - 2014-07-12 13:48 - 00000000 __SHD () C:\Users\Sven\AppData\Local\EmieSiteList
2014-07-12 12:51 - 2014-07-12 12:51 - 00000000 ____D () C:\Users\Sven\AppData\Local\Logitech
2014-07-12 12:51 - 2014-07-12 12:51 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-07-12 12:50 - 2014-07-16 04:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-07-12 12:50 - 2014-07-12 12:50 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-07-12 12:50 - 2014-07-12 12:50 - 00000388 _____ () C:\Windows\LkmdfCoInst.log
2014-07-12 12:50 - 2014-07-12 12:50 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\Logitech
2014-07-12 12:50 - 2014-07-12 12:50 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\Logishrd
2014-07-12 12:50 - 2014-07-12 12:50 - 00000000 ____D () C:\Program Files\Logitech Gaming Software
2014-07-12 12:48 - 2014-07-12 12:49 - 64853120 _____ (Logitech Inc.) C:\Users\Sven\Downloads\LGS_8.53.186_x64_Logitech.exe
2014-07-12 11:07 - 2014-07-12 11:07 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-07-12 00:23 - 2014-07-12 00:23 - 02247960 _____ () C:\Users\Sven\Downloads\battlelog-web-plugins_2.4.0_141.exe
2014-07-12 00:23 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-12 00:23 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-12 00:23 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-12 00:23 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-12 00:23 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-12 00:23 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-12 00:23 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-12 00:23 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-12 00:23 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-12 00:23 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-12 00:23 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-12 00:23 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-12 00:23 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-12 00:23 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-12 00:23 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-12 00:23 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-12 00:23 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-12 00:23 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-12 00:23 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-12 00:23 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-12 00:23 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-12 00:23 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-12 00:23 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-12 00:23 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-12 00:23 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-12 00:23 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-12 00:23 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-12 00:23 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-12 00:23 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-12 00:23 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-12 00:23 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-12 00:23 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-12 00:23 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-12 00:23 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-12 00:23 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-12 00:23 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-12 00:23 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-12 00:23 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-12 00:23 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-12 00:23 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-12 00:23 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-12 00:23 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-12 00:23 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-12 00:23 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-12 00:23 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-12 00:23 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-12 00:23 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-12 00:23 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-12 00:23 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-12 00:23 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-12 00:23 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-12 00:23 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-12 00:23 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-12 00:23 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-12 00:23 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-12 00:23 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-12 00:21 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-12 00:21 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-12 00:21 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-12 00:21 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-12 00:21 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-12 00:21 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-07-12 00:21 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-07-12 00:21 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-07-12 00:21 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-07-12 00:21 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-07-12 00:21 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-07-12 00:21 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-07-12 00:21 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-07-12 00:21 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-07-12 00:21 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-07-12 00:21 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-07-12 00:21 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-07-12 00:21 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-07-12 00:21 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-07-12 00:19 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-12 00:19 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-12 00:19 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-12 00:19 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-12 00:19 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-12 00:19 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-12 00:19 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-12 00:19 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-12 00:19 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-12 00:19 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-12 00:19 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-12 00:19 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-12 00:19 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-12 00:19 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-12 00:19 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-12 00:19 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-12 00:19 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-12 00:09 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-12 00:09 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-12 00:09 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-11 23:57 - 2014-07-16 04:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-11 23:57 - 2014-07-11 23:57 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi

==================== One Month Modified Files and Folders =======

2014-07-16 04:39 - 2014-07-15 17:39 - 00000000 ___RD () C:\Users\Administrator\Virtual Machines
2014-07-16 04:39 - 2014-07-15 17:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\LogMeIn Hamachi
2014-07-16 04:39 - 2014-07-15 17:38 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-16 04:39 - 2014-07-15 17:38 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-16 04:39 - 2014-07-15 17:38 - 00000000 ____D () C:\Users\Administrator
2014-07-16 04:39 - 2014-07-12 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-07-16 04:39 - 2014-07-11 23:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-16 04:39 - 2014-04-16 09:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-16 04:39 - 2014-04-14 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaTrader 4 Terminal
2014-07-16 04:39 - 2014-03-22 02:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2014-07-16 04:39 - 2014-03-22 01:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-07-16 04:39 - 2014-03-17 01:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D
2014-07-16 04:39 - 2014-03-17 01:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiSoftware
2014-07-16 04:39 - 2014-03-17 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2014-07-16 04:39 - 2014-03-15 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2014-07-16 04:39 - 2014-03-15 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-07-16 04:39 - 2014-02-18 00:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-07-16 04:39 - 2014-02-14 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GKFX FX - CFDs
2014-07-16 04:39 - 2014-01-30 20:11 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
2014-07-16 04:39 - 2014-01-11 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online Beta
2014-07-16 04:39 - 2013-12-15 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mein CEWE FOTOBUCH
2014-07-16 04:39 - 2013-11-23 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-16 04:39 - 2013-11-06 23:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
2014-07-16 04:39 - 2013-11-06 23:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-07-16 04:39 - 2013-11-01 05:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4
2014-07-16 04:39 - 2013-10-29 20:53 - 00000000 ____D () C:\Users\Sabine
2014-07-16 04:39 - 2013-10-21 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALDI Bestellsoftware
2014-07-16 04:39 - 2013-09-19 21:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-07-16 04:39 - 2013-09-07 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-16 04:39 - 2013-09-07 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-16 04:39 - 2013-08-03 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2014-07-16 04:39 - 2013-05-16 21:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2014-07-16 04:39 - 2013-05-06 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cortal Consors
2014-07-16 04:39 - 2013-03-25 00:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-07-16 04:39 - 2013-03-25 00:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-07-16 04:39 - 2013-03-24 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-07-16 04:39 - 2013-03-24 22:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-07-16 04:39 - 2013-01-12 01:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-07-16 04:39 - 2013-01-03 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-16 04:39 - 2012-12-18 00:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-16 04:39 - 2012-12-03 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2014-07-16 04:39 - 2012-11-13 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
2014-07-16 04:39 - 2012-11-04 00:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
2014-07-16 04:39 - 2012-11-03 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-07-16 04:39 - 2012-11-03 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-16 04:39 - 2012-11-03 22:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-16 04:39 - 2012-11-03 21:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Ghost
2014-07-16 04:39 - 2012-11-03 21:24 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program
2014-07-16 04:39 - 2012-11-03 21:23 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-07-16 04:39 - 2012-11-03 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
2014-07-16 04:39 - 2012-11-03 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI-Assistent für Problemberichte
2014-07-16 04:39 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-16 04:39 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-16 04:39 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-16 04:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\schemas
2014-07-16 04:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-07-15 23:10 - 2014-07-15 23:10 - 00020871 _____ () C:\Users\Sven\Downloads\FRST.txt
2014-07-15 23:10 - 2014-07-15 23:10 - 00000000 ____D () C:\FRST
2014-07-15 23:10 - 2014-07-15 23:09 - 02086912 _____ (Farbar) C:\Users\Sven\Downloads\FRST64.exe
2014-07-15 23:10 - 2012-11-03 22:08 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-15 23:02 - 2012-11-03 21:31 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-15 22:52 - 2009-07-14 06:45 - 00022512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-15 22:52 - 2009-07-14 06:45 - 00022512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-15 22:50 - 2012-11-04 06:06 - 00701326 _____ () C:\Windows\system32\perfh007.dat
2014-07-15 22:50 - 2012-11-04 06:06 - 00150226 _____ () C:\Windows\system32\perfc007.dat
2014-07-15 22:50 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-15 22:48 - 2014-03-13 20:37 - 00000556 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-203274456-2663336697-3668736882-1000.job
2014-07-15 22:48 - 2012-11-03 21:11 - 01482928 _____ () C:\Windows\WindowsUpdate.log
2014-07-15 22:45 - 2014-03-16 00:46 - 00013211 _____ () C:\Windows\setupact.log
2014-07-15 22:45 - 2012-12-18 00:19 - 00000000 ____D () C:\Users\Sven\AppData\Local\LogMeIn Hamachi
2014-07-15 22:45 - 2012-11-03 22:08 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-15 22:45 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-15 22:44 - 2014-03-15 17:59 - 00026448 _____ () C:\Windows\diagwrn.xml
2014-07-15 22:44 - 2014-03-15 17:59 - 00001908 _____ () C:\Windows\diagerr.xml
2014-07-15 22:40 - 2014-03-16 00:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-15 22:38 - 2012-11-03 21:11 - 00000000 ____D () C:\Users\Sven
2014-07-15 17:39 - 2014-07-15 17:39 - 00064024 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-15 17:39 - 2014-07-15 17:39 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel Corporation
2014-07-15 17:39 - 2014-07-15 17:39 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2014-07-15 17:39 - 2014-07-15 17:39 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-07-15 17:39 - 2014-07-15 17:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\LogMeIn
2014-07-15 17:39 - 2014-07-15 17:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Logitech
2014-07-15 17:39 - 2014-07-15 17:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2014-07-15 17:39 - 2014-07-15 17:38 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-15 17:38 - 2014-07-15 17:38 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2014-07-15 17:38 - 2014-07-15 17:38 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-07-15 17:38 - 2014-07-15 17:38 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-07-15 17:38 - 2014-07-15 17:38 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2014-07-15 17:38 - 2014-07-15 17:38 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2014-07-15 17:38 - 2014-07-15 17:38 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-07-15 17:38 - 2014-07-15 17:38 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-07-15 17:38 - 2014-07-15 17:38 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-07-15 17:38 - 2014-07-15 17:38 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-15 17:38 - 2014-07-15 17:38 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-07-15 17:38 - 2014-07-15 17:38 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2014-07-15 17:38 - 2014-07-15 17:38 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2014-07-15 15:21 - 2014-07-15 15:21 - 00000000 __SHD () C:\found.001
2014-07-15 15:19 - 2014-07-15 15:19 - 00000000 ____D () C:\Symantec
2014-07-15 12:27 - 2013-08-15 22:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-15 12:16 - 2012-11-03 21:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-15 12:12 - 2012-11-03 23:48 - 00000000 ____D () C:\ProgramData\Origin
2014-07-14 22:21 - 2012-11-04 00:07 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-07-14 20:30 - 2012-11-04 00:07 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-07-14 12:13 - 2014-03-13 20:37 - 00003576 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-203274456-2663336697-3668736882-1000
2014-07-13 15:17 - 2012-11-03 23:23 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\TS3Client
2014-07-13 15:15 - 2012-11-09 17:30 - 00000000 ____D () C:\Users\Sven\AppData\Local\CrashDumps
2014-07-13 15:14 - 2013-09-07 22:48 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-13 02:16 - 2014-03-18 19:58 - 00001275 _____ () C:\Users\Sven\Desktop\CoreTemp.ini
2014-07-12 23:13 - 2014-07-12 23:13 - 00006832 ____N () C:\bootsqm.dat
2014-07-12 23:13 - 2014-07-12 23:13 - 00000000 __SHD () C:\found.000
2014-07-12 13:48 - 2014-07-12 13:48 - 00000000 __SHD () C:\Users\Sven\AppData\Local\EmieUserList
2014-07-12 13:48 - 2014-07-12 13:48 - 00000000 __SHD () C:\Users\Sven\AppData\Local\EmieSiteList
2014-07-12 13:09 - 2013-12-28 17:07 - 00000000 ____D () C:\Users\Sven\AppData\Local\Battle.net
2014-07-12 12:51 - 2014-07-12 12:51 - 00000000 ____D () C:\Users\Sven\AppData\Local\Logitech
2014-07-12 12:51 - 2014-07-12 12:51 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-07-12 12:50 - 2014-07-12 12:50 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-07-12 12:50 - 2014-07-12 12:50 - 00000388 _____ () C:\Windows\LkmdfCoInst.log
2014-07-12 12:50 - 2014-07-12 12:50 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\Logitech
2014-07-12 12:50 - 2014-07-12 12:50 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\Logishrd
2014-07-12 12:50 - 2014-07-12 12:50 - 00000000 ____D () C:\Program Files\Logitech Gaming Software
2014-07-12 12:50 - 2013-10-12 22:37 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-12 12:49 - 2014-07-12 12:48 - 64853120 _____ (Logitech Inc.) C:\Users\Sven\Downloads\LGS_8.53.186_x64_Logitech.exe
2014-07-12 11:16 - 2012-11-03 21:55 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-12 11:16 - 2012-11-03 21:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-12 11:16 - 2012-11-03 21:55 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-12 11:07 - 2014-07-12 11:07 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-07-12 10:52 - 2013-10-29 20:53 - 00000000 ____D () C:\Users\Sabine\AppData\Local\LogMeIn Hamachi
2014-07-12 10:51 - 2009-07-14 06:45 - 00294712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-12 10:50 - 2014-05-06 23:09 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-12 10:50 - 2014-03-16 14:32 - 00005370 _____ () C:\Windows\PFRO.log
2014-07-12 10:50 - 2012-11-04 01:00 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-07-12 10:50 - 2009-07-14 09:47 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 10:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-12 10:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-12 09:54 - 2014-03-19 02:51 - 00000000 ____D () C:\Windows\Minidump
2014-07-12 09:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-07-12 00:23 - 2014-07-12 00:23 - 02247960 _____ () C:\Users\Sven\Downloads\battlelog-web-plugins_2.4.0_141.exe
2014-07-12 00:05 - 2012-11-03 22:08 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-12 00:05 - 2012-11-03 22:08 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-11 23:57 - 2014-07-11 23:57 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-07-11 23:56 - 2009-07-14 09:46 - 00000000 ____D () C:\Windows\CSC
2014-06-30 04:09 - 2014-07-12 00:21 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-12 00:21 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-20 22:14 - 2014-07-12 00:23 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 21:39 - 2014-07-12 00:23 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-19 03:39 - 2014-07-12 00:23 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-19 03:06 - 2014-07-12 00:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-19 03:06 - 2014-07-12 00:23 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-19 02:48 - 2014-07-12 00:23 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-19 02:42 - 2014-07-12 00:23 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-19 02:42 - 2014-07-12 00:23 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-19 02:41 - 2014-07-12 00:23 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-19 02:41 - 2014-07-12 00:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-19 02:32 - 2014-07-12 00:23 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-19 02:31 - 2014-07-12 00:23 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-19 02:26 - 2014-07-12 00:23 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-19 02:24 - 2014-07-12 00:23 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-19 02:24 - 2014-07-12 00:23 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-19 02:23 - 2014-07-12 00:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-19 02:16 - 2014-07-12 00:23 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-19 02:14 - 2014-07-12 00:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-19 02:09 - 2014-07-12 00:23 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-19 01:59 - 2014-07-12 00:23 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:56 - 2014-07-12 00:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-19 01:53 - 2014-07-12 00:23 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-19 01:51 - 2014-07-12 00:23 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-19 01:50 - 2014-07-12 00:23 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-19 01:48 - 2014-07-12 00:23 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-19 01:39 - 2014-07-12 00:23 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-19 01:38 - 2014-07-12 00:23 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-19 01:37 - 2014-07-12 00:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-19 01:36 - 2014-07-12 00:23 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-12 00:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-19 01:33 - 2014-07-12 00:23 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-19 01:32 - 2014-07-12 00:23 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-19 01:28 - 2014-07-12 00:23 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-19 01:28 - 2014-07-12 00:23 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-19 01:27 - 2014-07-12 00:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-19 01:27 - 2014-07-12 00:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-19 01:25 - 2014-07-12 00:23 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-19 01:23 - 2014-07-12 00:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-19 01:22 - 2014-07-12 00:23 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-19 01:12 - 2014-07-12 00:23 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-19 01:06 - 2014-07-12 00:23 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-12 00:23 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-19 00:59 - 2014-07-12 00:23 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-19 00:58 - 2014-07-12 00:23 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-19 00:58 - 2014-07-12 00:23 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-19 00:52 - 2014-07-12 00:23 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-19 00:51 - 2014-07-12 00:23 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-19 00:49 - 2014-07-12 00:23 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-19 00:46 - 2014-07-12 00:23 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-12 00:23 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-19 00:35 - 2014-07-12 00:23 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-19 00:34 - 2014-07-12 00:23 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-19 00:15 - 2014-07-12 00:23 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-19 00:13 - 2014-07-12 00:23 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-19 00:09 - 2014-07-12 00:23 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-19 00:07 - 2014-07-12 00:23 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-18 04:18 - 2014-07-12 00:21 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-18 03:51 - 2014-07-12 00:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-18 03:10 - 2014-07-12 00:21 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

Some content of TEMP:
====================
C:\Users\Sven\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Sven\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Sven\AppData\Local\Temp\sfextra.dll
C:\Users\Sven\AppData\Local\Temp\sonarinst.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-05-17 19:24

==================== End Of Log ============================
Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2014 01
Ran by Sven at 2014-07-15 23:11:08
Running from C:\Users\Sven\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
ActiveTrader 5.4.5_b6 (HKCU\...\ActiveTrader 5.4.5_b6) (Version:  - )
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.01.09 - ASUSTeK)
ALDI Bestellsoftware 4.12.2 (HKLM-x32\...\ALDI Bestellsoftware) (Version: 4.12.2 - ORWO Net)
AMD Accelerated Video Transcoding (Version: 13.30.100.40131 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0131.1535.27922 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{8D2C98CB-7D5D-25CE-C72B-3F2C257F0284}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.51118 - ATI Technologies Inc.) Hidden
ATI Problem Report Wizard (Version: 3.0.800.0 - ATI Technologies) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.4.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.3.2.3825 - Electronic Arts)
Battlefield 4™ Beta (HKLM-x32\...\{CFAB3721-549D-4827-A4E8-7F90192114AB}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.40 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0131.1535.27922 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0131.1535.27922 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0131.1535.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0131.1534.27922 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0131.1535.27922 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{B025BA0B-64A6-46DE-9D64-32965C83CCA9}) (Version: 1.0.179 - Citrix)
CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.1.0.0 - Electronic Arts)
Deus Ex: Human Revolution (HKLM-x32\...\Steam App 28050) (Version:  - Eidos Montreal)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dropbox (HKCU\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
Free YouTube to MP3 Converter version 3.12.1.320 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.1.320 - DVDVideoSoft Ltd.)
Geeks3D FurMark 1.13.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
GKFX FX - CFDs (HKLM-x32\...\GKFX FX - CFDs) (Version: 4.00 - MetaQuotes Software Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 6.3.0.1468 (HKCU\...\GoToMeeting) (Version: 6.3.0.1468 - CitrixOnline)
Hitman: Blood Money (HKLM-x32\...\Steam App 6860) (Version:  - Eidos)
Hitman: Sniper Challenge (HKLM-x32\...\Steam App 205930) (Version:  - IO Interactive)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
Interaktive Sprachreise - Intensivkurs English (HKLM-x32\...\ISREIK_17_689502) (Version:  - digital publishing AG)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
King's Quest Collection (HKLM-x32\...\Steam App 10100) (Version:  - Activision)
LiveUpdate 3.2 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation)
Logitech Gaming Software 8.53 (HKLM\...\Logitech Gaming Software) (Version: 8.53.186 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.193 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.193 - LogMeIn, Inc.) Hidden
marvell 91xx console driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1045 - Marvell)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
MetaTrader 4 Terminal (HKLM-x32\...\MetaTrader 4 Terminal) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Might & Magic: Heroes VI - Demo (HKLM-x32\...\Steam App 48280) (Version:  - Blackhole)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.46.0 - Black Tree Gaming)
Norton Ghost (HKLM-x32\...\{B0255743-165B-4BD5-8DA8-37DFB9930015}) (Version: 15.0.1.36526 - Symantec Corporation)
Nur Entfernen der CopyTrans Suite möglich (HKCU\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.207.0 - Tracker Software Products Ltd)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6235 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
SiSoftware Sandra Lite 2014.SP1a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 20.21.2014.3 - SiSoftware)
Skype™ 6.0 (HKLM-x32\...\{EA17F4FC-FDBF-4CF8-A529-2D983132D053}) (Version: 6.0.126 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
War Thunder Launcher 1.0.1.278 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - 2013 Gaijin Entertainment Corporation)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)

==================== Restore Points  =========================

15-07-2014 10:13:57 Windows Update
15-07-2014 10:26:48 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {14C95157-EDF4-4F30-A383-2BBE2B1711FD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {37157AC8-D5A3-42D0-9865-6A84ACBD9C4D} - System32\Tasks\{A4BF2567-BE2A-4B86-A0A9-15C2E9CC2AC7} => D:\Steam\SteamApps\common\King's Quest Collection\kq7\SIERRAW.EXE
Task: {42FCA46E-CE40-4A2B-8146-F8D17DEF4696} - System32\Tasks\ASUS\ASUS DigiVRM Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe [2010-10-12] (ASUSTeK Computer Inc.)
Task: {498CD86E-7C27-4A3E-92C5-750D2DD97216} - System32\Tasks\G2MUpdateTask-S-1-5-21-203274456-2663336697-3668736882-1000 => C:\Users\Sven\AppData\Local\Citrix\GoToMeeting\1468\g2mupdate.exe [2014-07-14] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {6D60267A-C2F4-4EDF-B0F6-FCB99CCBD8B3} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-10-28] (ASUSTeK Computer Inc.)
Task: {B1F9335D-79D1-42CB-937F-89F998F0EC1F} - System32\Tasks\ASUS\ASUS Mobilink Execute => C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\ASUS Mobilink.exe [2010-10-13] (ASUSTeK Computer Inc.)
Task: {B6A4C8B9-E810-494F-B5E7-75369F7FB49B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-03] (Google Inc.)
Task: {BFB9204C-A10B-4BC5-8244-48F61F7A3E38} - System32\Tasks\{DEA3330C-7E5B-4600-B44C-207BD1BC6DF3} => D:\Steam\SteamApps\common\King's Quest Collection\kq7\SIERRAW.EXE
Task: {D3AEFB6B-6440-459B-AF5B-1FF89C5DBFA7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-12] (Adobe Systems Incorporated)
Task: {E12A7CE6-BFCA-4618-B9C1-3C840E0EF44A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-03] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-203274456-2663336697-3668736882-1000.job => C:\Users\Sven\AppData\Local\Citrix\GoToMeeting\1468\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-10-28 05:40 - 2010-10-28 05:40 - 00917120 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.12\atkexComSvc.exe
2010-11-03 12:42 - 2010-11-03 12:42 - 00909440 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.09\aaHMSvc.exe
2014-03-22 02:27 - 2010-10-21 11:52 - 00586880 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe
2014-07-12 11:07 - 2014-07-12 11:07 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-07-02 23:54 - 2014-07-02 23:54 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-07-02 23:59 - 2014-07-02 23:59 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-07-02 23:54 - 2014-07-02 23:54 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-07-02 23:59 - 2014-07-02 23:59 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2012-08-27 22:33 - 2012-08-27 22:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 22:33 - 2012-08-27 22:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-22 02:26 - 2014-07-15 22:45 - 00022016 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.12\PEbiosinterface32.dll
2014-03-22 02:26 - 2010-06-29 04:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.12\ATKEX.dll
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-03-22 02:27 - 2010-10-28 17:04 - 00086016 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\AsNetlib.dll
2014-03-22 02:27 - 2010-07-30 12:28 - 00670208 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\asacpiEx.dll
2014-03-22 02:27 - 2010-07-15 21:04 - 00661504 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\aaHMLib.dll
2014-03-22 02:27 - 2010-07-15 21:04 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pngio.dll
2014-03-22 02:27 - 2010-07-15 21:04 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\ImageHelper.dll
2014-03-22 02:27 - 2007-10-31 11:51 - 00061440 ____R () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsMultiLang.dll
2014-03-22 02:27 - 2010-02-24 10:56 - 00661504 ____R () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\aaHMLib.dll
2014-03-22 02:27 - 2010-09-15 09:28 - 00703488 ____R () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\CpuFreq.dll
2014-03-22 02:27 - 2010-06-23 05:54 - 00114688 ____R () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AssistFunc.dll
2014-03-22 02:29 - 2009-05-21 04:14 - 00053248 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2014-03-22 02:29 - 2009-05-21 11:14 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2014-03-22 02:27 - 2010-10-20 14:45 - 00143360 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2014-03-22 02:27 - 2010-06-21 16:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2014-03-22 02:27 - 2009-08-12 21:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2014-03-22 02:27 - 2010-10-15 18:40 - 01031680 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll
2014-03-22 02:27 - 2010-08-06 19:10 - 00964608 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2014-03-22 02:28 - 2010-10-30 12:51 - 01555456 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Bluetooth Go!\BluetoothGo.dll
2014-03-22 02:28 - 2010-11-04 19:30 - 01245184 _____ () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
2014-03-22 02:28 - 2010-09-27 18:34 - 01030144 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
2014-03-22 02:27 - 2010-09-27 21:51 - 00881664 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2014-03-22 02:27 - 2010-09-27 21:51 - 01607168 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2014-03-22 02:27 - 2010-10-06 21:56 - 01246720 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2014-03-22 02:27 - 2010-08-06 19:11 - 00850944 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2014-03-22 02:27 - 2010-08-06 19:13 - 00886272 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2014-03-22 02:26 - 2010-08-23 04:17 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.09\aaHMLib.dll
2014-03-22 02:27 - 2010-06-21 16:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll
2014-02-13 11:29 - 2014-02-13 11:29 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\aa739380ca2b2fc7366d464d2f2301ac\IsdiInterop.ni.dll
2012-11-03 21:23 - 2010-09-13 19:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-07-12 00:25 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-07-12 00:25 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-07-12 00:25 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-07-12 00:25 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-07-12 00:25 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^Users^Sven^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: EADM => "Z:\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Norton Ghost 15.0 => "C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe"
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/14/2014 01:08:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 35.0.1916.153 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 14ec

Startzeit: 01cf9f50b1ebc6a9

Endzeit: 155

Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID: 177904bc-0b47-11e4-ad89-bcaec5ab1f0d

Error: (07/13/2014 03:17:29 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm Windows Modules Installer wurde wegen dieses Fehlers geschlossen.

Programm: Windows Modules Installer
Datei:

Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
        - diese sich im Netzwerk befindet,
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
        - diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.

Zusätzliche Daten
Fehlerwert: 00000000
Datenträgertyp: 0

Error: (07/13/2014 03:17:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TrustedInstaller.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7989b
Name des fehlerhaften Moduls: wcp.dll, Version: 6.1.7601.17592, Zeitstempel: 0x4da00342
Ausnahmecode: 0xc000001d
Fehleroffset: 0x00000000001dfbc0
ID des fehlerhaften Prozesses: 0x1454
Startzeit der fehlerhaften Anwendung: 0xTrustedInstaller.exe0
Pfad der fehlerhaften Anwendung: TrustedInstaller.exe1
Pfad des fehlerhaften Moduls: TrustedInstaller.exe2
Berichtskennung: TrustedInstaller.exe3

Error: (07/13/2014 03:14:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GPU-Z.exe, Version: 0.7.7.0, Zeitstempel: 0x52fe1b7f
Name des fehlerhaften Moduls: amdocl.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x52ec0a38
Ausnahmecode: 0xc0000005
Fehleroffset: 0x6671c825
ID des fehlerhaften Prozesses: 0x9ac
Startzeit der fehlerhaften Anwendung: 0xGPU-Z.exe0
Pfad der fehlerhaften Anwendung: GPU-Z.exe1
Pfad des fehlerhaften Moduls: GPU-Z.exe2
Berichtskennung: GPU-Z.exe3

Error: (07/12/2014 10:50:26 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm Hostprozess für Windows-Dienste wurde wegen dieses Fehlers geschlossen.

Programm: Hostprozess für Windows-Dienste
Datei:

Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
        - diese sich im Netzwerk befindet,
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
        - diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.

Zusätzliche Daten
Fehlerwert: 00000000
Datenträgertyp: 0

Error: (07/12/2014 10:50:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_WinDefend, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: mpengine.dll, Version: 1.1.10701.0, Zeitstempel: 0x53902fad
Ausnahmecode: 0xc000001d
Fehleroffset: 0x00000000000a856c
ID des fehlerhaften Prozesses: 0x1b64
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_WinDefend0
Pfad der fehlerhaften Anwendung: svchost.exe_WinDefend1
Pfad des fehlerhaften Moduls: svchost.exe_WinDefend2
Berichtskennung: svchost.exe_WinDefend3

Error: (07/12/2014 00:03:30 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/12/2014 00:03:30 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4400} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/12/2014 00:03:30 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/12/2014 00:03:30 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (07/15/2014 11:09:38 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (07/15/2014 10:54:28 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (07/15/2014 10:54:20 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (07/15/2014 10:54:07 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (07/15/2014 10:54:06 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (07/15/2014 10:48:26 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (07/15/2014 06:56:55 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80242016 fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme (KB2830477)

Error: (07/15/2014 06:56:48 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (07/15/2014 06:56:26 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (07/15/2014 06:56:16 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.


Microsoft Office Sessions:
=========================
Error: (07/14/2014 01:08:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe35.0.1916.15314ec01cf9f50b1ebc6a9155C:\Program Files (x86)\Google\Chrome\Application\chrome.exe177904bc-0b47-11e4-ad89-bcaec5ab1f0d

Error: (07/13/2014 03:17:29 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows Modules Installer000000000

Error: (07/13/2014 03:17:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TrustedInstaller.exe6.1.7601.175144ce7989bwcp.dll6.1.7601.175924da00342c000001d00000000001dfbc0145401cf9e9cca7bf4f3C:\Windows\servicing\TrustedInstaller.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\wcp.dll09e33fc7-0a90-11e4-8952-bcaec5ab1f0d

Error: (07/13/2014 03:14:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GPU-Z.exe0.7.7.052fe1b7famdocl.dll_unloaded0.0.0.052ec0a38c00000056671c8259ac01cf9e9c63382734Z:\GPU-Z\GPU-Z.exeamdocl.dllad685ec6-0a8f-11e4-8952-bcaec5ab1f0d

Error: (07/12/2014 10:50:26 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Hostprozess für Windows-Dienste000000000

Error: (07/12/2014 10:50:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_WinDefend6.1.7600.163854a5bc3c1mpengine.dll1.1.10701.053902fadc000001d00000000000a856c1b6401cf9e01d1414bc7C:\Windows\System32\svchost.exeC:\ProgramData\Microsoft\Windows Defender\Definition Updates\{433ECC7C-39D5-4F73-B21F-F27706B1AE70}\mpengine.dll267e3abf-0a06-11e4-b618-bcaec5ab1f0d

Error: (07/12/2014 00:03:30 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (07/12/2014 00:03:30 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
4400

Error: (07/12/2014 00:03:30 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/12/2014 00:03:30 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


CodeIntegrity Errors:
===================================
  Date: 2014-07-14 09:53:44.944
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-14 09:53:44.943
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-14 09:53:44.939
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-14 09:53:44.938
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-14 09:52:39.754
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-14 09:52:39.644
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-18 20:32:35.805
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-18 20:32:35.805
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-18 20:32:35.805
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-18 20:32:35.805
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 26%
Total physical RAM: 8172.35 MB
Available physical RAM: 6008.05 MB
Total Pagefile: 16342.88 MB
Available Pagefile: 13640.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:7.75 GB) NTFS
Drive d: (WIN_7_PROFESSIONAL) (CDROM) (Total:5.75 GB) (Free:0 GB) UDF
Drive f: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (Elements) (Fixed) (Total:698.64 GB) (Free:94.65 GB) NTFS
Drive z: (Volume) (Fixed) (Total:931.51 GB) (Free:858.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 2844CEE3)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 86EDD68D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 699 GB) (Disk ID: 465232C5)
Partition 1: (Not Active) - (Size=699 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Sithur 15.07.2014 22:57
Hier noch der GMER log:

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-15 23:24:16
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-3 SAMSUNG_ rev.CXM0 119,24GB
Running: Gmer-19357.exe; Driver: C:\Users\Sven\AppData\Local\Temp\pfldypow.sys


---- User code sections - GMER 2.1 ----

.text  C:\Windows\system32\PnkBstrA.exe[1352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                          0000000075d01465 2 bytes [D0, 75]
.text  C:\Windows\system32\PnkBstrA.exe[1352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                          0000000075d014bb 2 bytes [D0, 75]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3924] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 69                                                    0000000075d01465 2 bytes [D0, 75]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[3924] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 155                                                  0000000075d014bb 2 bytes [D0, 75]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                          0000000077a511f5 8 bytes {JMP 0xd}
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                        0000000077a51390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                0000000077a5143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                0000000077a5158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                        0000000077a5191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                        0000000077a51b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                      0000000077a51bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                          0000000077a51d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                          0000000077a51eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                              0000000077a51edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                            0000000077a51f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                            0000000077a51fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                    0000000077a51fd7 8 bytes {JMP 0xb}
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                0000000077a52272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                0000000077a52301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                    0000000077a52792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                            0000000077a527b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                          0000000077a527d2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79          0000000077a5282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176          0000000077a52890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                  0000000077a52d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                  0000000077a52d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 3
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                          0000000077a53023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                              0000000077a5323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                              0000000077a533c0 16 bytes {JMP 0x4e}
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                            0000000077a53a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                            0000000077a53ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                0000000077a53b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                0000000077a53d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                          0000000077a54190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                    0000000077aa1380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                  0000000077aa1500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                        0000000077aa1530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                      0000000077aa1650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                          0000000077aa1700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                          0000000077aa1d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                        0000000077aa1f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                        0000000077aa27e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                      0000000073f613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                      0000000073f6146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                  0000000073f616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                    0000000073f616e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                0000000073f619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                0000000073f619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                          0000000073f61a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                            0000000073f61a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                          0000000073f61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe[5660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                              0000000073f61a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                  0000000077a511f5 8 bytes {JMP 0xd}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                0000000077a51390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                        0000000077a5143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                        0000000077a5158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                0000000077a5191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                0000000077a51b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                              0000000077a51bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                  0000000077a51d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                  0000000077a51eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                      0000000077a51edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                    0000000077a51f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                    0000000077a51fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                            0000000077a51fd7 8 bytes {JMP 0xb}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                        0000000077a52272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                        0000000077a52301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578            0000000077a52792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                    0000000077a527b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                  0000000077a527d2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79  0000000077a5282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176  0000000077a52890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299          0000000077a52d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367          0000000077a52d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 3
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                  0000000077a53023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                      0000000077a5323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                      0000000077a533c0 16 bytes {JMP 0x4e}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                    0000000077a53a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                    0000000077a53ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197        0000000077a53b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611        0000000077a53d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                  0000000077a54190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                            0000000077aa1380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                          0000000077aa1500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                0000000077aa1530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                              0000000077aa1650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                  0000000077aa1700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                  0000000077aa1d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                0000000077aa1f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                0000000077aa27e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312              0000000073f613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471              0000000073f6146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                          0000000073f616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                            0000000073f616e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                        0000000073f619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                        0000000073f619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                  0000000073f61a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                    0000000073f61a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                  0000000073f61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                      0000000073f61a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                      0000000077a511f5 8 bytes {JMP 0xd}
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                    0000000077a51390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                          0000000077a5143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                          0000000077a5158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                  0000000077a5191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                  0000000077a51b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                  0000000077a51bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                    0000000077a51d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                    0000000077a51eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                        0000000077a51edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                        0000000077a51f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                      0000000077a51fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                              0000000077a51fd7 8 bytes {JMP 0xb}
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                          0000000077a52272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                          0000000077a52301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                0000000077a52792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                      0000000077a527b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                    0000000077a527d2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                      0000000077a5282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                    0000000077a52890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                            0000000077a52d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                            0000000077a52d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 3
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                    0000000077a53023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                        0000000077a5323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                        0000000077a533c0 16 bytes {JMP 0x4e}
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                        0000000077a53a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                        0000000077a53ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                            0000000077a53b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                            0000000077a53d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                    0000000077a54190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                              0000000077aa1380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                            0000000077aa1500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                  0000000077aa1530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                0000000077aa1650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                    0000000077aa1700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                    0000000077aa1d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                  0000000077aa1f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                  0000000077aa27e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                0000000073f613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                0000000073f6146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                              0000000073f616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                0000000073f616e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                          0000000073f619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                          0000000073f619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                    0000000073f61a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                      0000000073f61a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                    0000000073f61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe[2780] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                          0000000073f61a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                          0000000077a511f5 8 bytes {JMP 0xd}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                        0000000077a51390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                              0000000077a5143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                              0000000077a5158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                      0000000077a5191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                      0000000077a51b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                      0000000077a51bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                        0000000077a51d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                        0000000077a51eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                            0000000077a51edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                            0000000077a51f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                          0000000077a51fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                  0000000077a51fd7 8 bytes {JMP 0xb}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                              0000000077a52272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                              0000000077a52301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                    0000000077a52792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                          0000000077a527b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                        0000000077a527d2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                          0000000077a5282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                        0000000077a52890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                0000000077a52d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                0000000077a52d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 3
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                        0000000077a53023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                            0000000077a5323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                            0000000077a533c0 16 bytes {JMP 0x4e}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                            0000000077a53a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                            0000000077a53ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                0000000077a53b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                0000000077a53d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                        0000000077a54190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                  0000000077aa1380 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                0000000077aa1500 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                      0000000077aa1530 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                    0000000077aa1650 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                        0000000077aa1700 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                        0000000077aa1d30 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                      0000000077aa1f80 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                      0000000077aa27e0 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                    0000000073f613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                    0000000073f6146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                  0000000073f616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                    0000000073f616e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                              0000000073f619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                              0000000073f619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                        0000000073f61a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                          0000000073f61a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                        0000000073f61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3600] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                              0000000073f61a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                          0000000077a511f5 8 bytes {JMP 0xd}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                        0000000077a51390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                              0000000077a5143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                              0000000077a5158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                      0000000077a5191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                      0000000077a51b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                      0000000077a51bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                        0000000077a51d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                        0000000077a51eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                            0000000077a51edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                            0000000077a51f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                          0000000077a51fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                  0000000077a51fd7 8 bytes {JMP 0xb}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                              0000000077a52272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                              0000000077a52301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                    0000000077a52792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                          0000000077a527b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                        0000000077a527d2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                          0000000077a5282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                        0000000077a52890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                0000000077a52d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                0000000077a52d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 3
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                        0000000077a53023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                            0000000077a5323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                            0000000077a533c0 16 bytes {JMP 0x4e}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                            0000000077a53a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                            0000000077a53ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                0000000077a53b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                0000000077a53d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                        0000000077a54190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                  0000000077aa1380 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                0000000077aa1500 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                      0000000077aa1530 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                    0000000077aa1650 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                        0000000077aa1700 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                        0000000077aa1d30 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                      0000000077aa1f80 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                      0000000077aa27e0 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                    0000000073f613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                    0000000073f6146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                  0000000073f616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                    0000000073f616e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                              0000000073f619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                              0000000073f619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                        0000000073f61a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                          0000000073f61a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                        0000000073f61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                              0000000073f61a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                          0000000077a511f5 8 bytes {JMP 0xd}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                        0000000077a51390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                              0000000077a5143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                              0000000077a5158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                      0000000077a5191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                      0000000077a51b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                      0000000077a51bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                        0000000077a51d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                        0000000077a51eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                            0000000077a51edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                            0000000077a51f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                          0000000077a51fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                  0000000077a51fd7 8 bytes {JMP 0xb}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                              0000000077a52272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                              0000000077a52301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                    0000000077a52792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                          0000000077a527b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                        0000000077a527d2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                          0000000077a5282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                        0000000077a52890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                0000000077a52d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                0000000077a52d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 3
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                        0000000077a53023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                            0000000077a5323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                            0000000077a533c0 16 bytes {JMP 0x4e}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                            0000000077a53a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                            0000000077a53ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                0000000077a53b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                0000000077a53d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                        0000000077a54190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                  0000000077aa1380 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                0000000077aa1500 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                      0000000077aa1530 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                    0000000077aa1650 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                        0000000077aa1700 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                        0000000077aa1d30 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                      0000000077aa1f80 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                      0000000077aa27e0 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                    0000000073f613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                    0000000073f6146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                  0000000073f616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                    0000000073f616e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                              0000000073f619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                              0000000073f619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                        0000000073f61a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                          0000000073f61a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                        0000000073f61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6088] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                              0000000073f61a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                          0000000077a511f5 8 bytes {JMP 0xd}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                        0000000077a51390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                              0000000077a5143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                              0000000077a5158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                      0000000077a5191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                      0000000077a51b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                      0000000077a51bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                        0000000077a51d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                        0000000077a51eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                            0000000077a51edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                            0000000077a51f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                          0000000077a51fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                  0000000077a51fd7 8 bytes {JMP 0xb}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                              0000000077a52272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                              0000000077a52301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                    0000000077a52792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                          0000000077a527b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                        0000000077a527d2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                          0000000077a5282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                        0000000077a52890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                0000000077a52d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                0000000077a52d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 3
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                        0000000077a53023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                            0000000077a5323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                            0000000077a533c0 16 bytes {JMP 0x4e}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                            0000000077a53a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                            0000000077a53ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                0000000077a53b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                0000000077a53d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                        0000000077a54190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                  0000000077aa1380 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                0000000077aa1500 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                      0000000077aa1530 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                    0000000077aa1650 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                        0000000077aa1700 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                        0000000077aa1d30 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                      0000000077aa1f80 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                      0000000077aa27e0 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                    0000000073f613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                    0000000073f6146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                  0000000073f616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                    0000000073f616e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                              0000000073f619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                              0000000073f619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                        0000000073f61a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                          0000000073f61a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                        0000000073f61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2172] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                              0000000073f61a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                              0000000077a511f5 8 bytes {JMP 0xd}
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                            0000000077a51390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                    0000000077a5143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                    0000000077a5158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                            0000000077a5191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                            0000000077a51b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                          0000000077a51bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                              0000000077a51d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                              0000000077a51eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                  0000000077a51edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                                0000000077a51f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                                0000000077a51fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                        0000000077a51fd7 8 bytes {JMP 0xb}
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                    0000000077a52272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                    0000000077a52301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                        0000000077a52792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                0000000077a527b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                              0000000077a527d2 8 bytes {JMP 0x10}
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                              0000000077a5282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                              0000000077a52890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                      0000000077a52d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                      0000000077a52d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 3
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                              0000000077a53023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                  0000000077a5323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                  0000000077a533c0 16 bytes {JMP 0x4e}
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                0000000077a53a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                0000000077a53ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                    0000000077a53b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                    0000000077a53d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                              0000000077a54190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                        0000000077aa1380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                      0000000077aa1500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                            0000000077aa1530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                          0000000077aa1650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                              0000000077aa1700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                              0000000077aa1d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                            0000000077aa1f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                            0000000077aa27e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                          0000000073f613cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                          0000000073f6146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                      0000000073f616d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                        0000000073f616e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                    0000000073f619db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                    0000000073f619fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                              0000000073f61a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                                0000000073f61a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                              0000000073f61a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Sven\Downloads\Gmer-19357.exe[5468] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                  0000000073f61a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]

---- Kernel IAT/EAT - GMER 2.1 ----

IAT    C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback]                                                                                                          [fffff880048f8fb0] \SystemRoot\system32\DRIVERS\klif.sys [PAGE]

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002683115883                                                                                             
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002683115883 (not active ControlSet)                                                                         

---- EOF - GMER 2.1 ----

Sithur 18.07.2014 13:25
Hat sich mittlerweile erledigt. Windows 7 ist sauber neu aufgesetzt und läuft wieder.
Keine weitere Hilfe notwendig.

Da GuRu 07.09.2014 14:45
Hallo,

leider wurde Dein Thema aus (technischen Gründen) übersehen. Da mehrere Antworten in Deinem Thema vorhanden waren, wurde es versehentlich als 'bereits in Arbeit' eingestuft.

Dies bitten wir zu entschuldigen.

Wir versuchen jedem Hilfesuchenden binnen kurzer Zeit zu antworten und Lösungen für das Problem anzubieten.

Bitte erstelle ggf. ein neues Thema, damit sich ein Teammitglied deinem Problem annehmen kann.

Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Vielen Dank für Dein Verständnis.


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:32 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131