Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Mülltonne (https://www.trojaner-board.de/muelltonne/)
-   -   2x Laptop arbeitet dauernd| Remote Dienste aktiv | seltsame Verbindungen | Bei mir ist bestimmt etwas gehörig faul.. (https://www.trojaner-board.de/156383-2x-laptop-arbeitet-dauernd-remote-dienste-aktiv-seltsame-verbindungen-mir-bestimmt-etwas-gehoerig-faul.html)

Kenor 12.07.2014 23:38
2x Laptop arbeitet dauernd| Remote Dienste aktiv | seltsame Verbindungen | Bei mir ist bestimmt etwas gehörig faul..
 
Hallo an alle,

ich glaube ich habe mir was eingefangen. Ob das von einem uralten USB Stick kam den ich gefunden habe und mal eingesteckt hatte (ist Linux drauf) (autorun über Windows deaktiviert) oder weil ich den Virenscanner gewechselt habe (Seitdem ging es glaube ich los). Habe auch mit dem VMPlayer rumgespielt.

Ich bin mir eigentlich sicher das irgendwas gehörig faul ist. Wenn nicht, traue ich dem ganzen Braten trotzdem nicht.
Ich will den PC jetzt 100% neu aufsetzen und vorher alles kaputt bomben egal ob alles rein ist oder nicht.

Ich schreibe mal alles was mir so auffällt und hänge Screenshots an.

Mein Laptop rödelt die ganze Zeit, ich merk da ist irgendwas. Außerdem blinkt die LED Leuchte immer im Takt. Auch wenn ich die Internet Verbindung ausmache (Wlan adapter deaktivieren alles) und als geht es weiter. Ich habe sogar das Netzwerk Kabel vom Router gezogen und als arbeitet mein Laptop weiter.

Ich hoffe die FritzBox & FritzBox Repeater Software (hatte mich drauf eingeloggt als die Internet Verbindung als rumspinnte) hat nix abbekommen. Hänge mit meinem Sony Bravia TV sowie Xbox und Ps ebenfalls an dem Router. Fritz.Box NAS Frei 510,55 MB von 512,00 MB. Sehe dort keinerlei Dateien - / fritz.nas / FRITZ / mediabox zuletzt verändert vor ein paar Minuten, keine Dateien drin. (Ist das normal?)

Ich habe Desktop.ini in einem x beliegem Ordner gefunden und habe 2x desktop.ini auf dem Desktop.

Ich kann die Netzwerkadapter von VMware nicht löschen.

Ich habe unter dem AutoStart 2x angebliche Intel Sachen die im system32 liegen. Die ich auch nicht löschen kann. (system Explorer)

CMD -> netstat
Haufenweise Verbindungen, bei manchen steht hinter meiner pc namen nfsd-status

WTF! Wenn ich einen Ordner schließe oder sonst was mache, bekomme ich manchmal in der linkeren oberen Ecke irgendeinen Schwarzen Kasten angezeigt in dem irgendwas drin steht, kann ich aber nicht lesen so schnell ist das Ding wieder weg.

Ich habe mit CCLeaner einen Haufen nette Sachen wie CBS.Log (über 180 mb groß) kein Zugriff gefunden. Also jetzt nehme ich mal an, ist alles zu spät bei mir.

Ich habe mich in den letzten Stunden bei allem möglichen eingeloggt, vom Online Banking, bis zu Microsoft,Paypal usw.


Wie kann ich meinen PC komplett nieder machen?
Mit Dariks Boot and Nuke alles komplett kaputt bomben? (Bräuchte eine Anleitung)
Wie kann ich auf sicherem Wege saubere Software + Windows 7 Iso downloaden?

Und wenn mein Router infiziert ist kann ich ja meinen Laptop retten wie ich will oder?

Ich bitte um eure Hilfe!



Gmer stürzt nur ab.


FRST



FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-07-2014
Ran by Andreas (administrator) on CHFGHT8 on 13-07-2014 01:02:57
Running from C:\Users\Andreas\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [emsisoft anti-malware] => C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe [4841824 2014-07-12] (Emsisoft GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\4m9pb2cr.default
FF Homepage: about:blank
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin HKCU: @Google.com/GoogleEarthPlugin - C:\Users\Andreas\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\4m9pb2cr.default\searchplugins\ixquick-https.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Flash Video Downloader - Full HD Download - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\4m9pb2cr.default\Extensions\artur.dubovoy@gmail.com [2014-05-09]
FF Extension: anonymoX - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\4m9pb2cr.default\Extensions\client@anonymox.net.xpi [2013-08-22]
FF Extension: Ghostery - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\4m9pb2cr.default\Extensions\firefox@ghostery.com.xpi [2013-08-18]
FF Extension: convert2mp3.net YouTube2MP3 Converter - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\4m9pb2cr.default\Extensions\info@convert2mp3.net.xpi [2013-06-07]
FF Extension: RefControl - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\4m9pb2cr.default\Extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2013-08-22]
FF Extension: SmoothWheel (mozdev.org) - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\4m9pb2cr.default\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi [2013-08-22]
FF Extension: NoScript - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\4m9pb2cr.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-06-07]
FF Extension: Adblock Plus - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\4m9pb2cr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-04]
FF Extension: BetterPrivacy - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\4m9pb2cr.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-08-22]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-07-07]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-07-07]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-07-07]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-07-07]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-07-07]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa []
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2014-05-28]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2014-05-28]

==================== Services (Whitelisted) =================

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4741384 2014-07-12] (Emsisoft GmbH)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-05-28] (Kaspersky Lab ZAO)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [821720 2012-11-25] (Mister Group)
S4 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5824512 2013-05-31] (Broadcom Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-04-20] (Disc Soft Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-28] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-05-28] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-05-28] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-05-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-05-28] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-05-28] (Kaspersky Lab ZAO)
S3 MEMSWEEP2; C:\Windows\system32\3563.tmp [6144 2009-06-18] (Sophos Plc) [File not signed]
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [22800 2012-02-14] (Synaptics Incorporated)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]
U3 DumpIt; \??\C:\Windows\SysWOW64\Drivers\DumpIt.sys [X]
S3 esihdrv; \??\C:\Users\Andreas\AppData\Local\Temp\esihdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-13 01:02 - 2014-07-13 01:03 - 00014726 _____ () C:\Users\Andreas\Desktop\FRST.txt
2014-07-13 01:02 - 2014-07-13 01:03 - 00000000 ____D () C:\FRST
2014-07-13 01:02 - 2014-07-13 01:02 - 00000476 _____ () C:\Users\Andreas\Desktop\defogger_disable.log
2014-07-13 01:02 - 2014-07-13 01:02 - 00000000 _____ () C:\Users\Andreas\defogger_reenable
2014-07-13 01:01 - 2014-07-13 01:01 - 00380416 _____ () C:\Users\Andreas\Desktop\ij2jhrkq.exe
2014-07-13 01:00 - 2014-07-13 01:01 - 02084864 _____ (Farbar) C:\Users\Andreas\Desktop\FRST64.exe
2014-07-13 01:00 - 2014-07-13 01:00 - 00050477 _____ () C:\Users\Andreas\Desktop\Defogger.exe
2014-07-13 00:59 - 2014-07-13 01:01 - 00000096 ____H () C:\Users\Andreas\Desktop\.~lock.OpenDocument Text (neu).odt#
2014-07-13 00:59 - 2014-07-13 01:00 - 00027764 _____ () C:\Users\Andreas\Desktop\OpenDocument Text (neu).odt
2014-07-13 00:44 - 2014-07-13 00:44 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-07-12 23:24 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\3563.tmp
2014-07-12 23:22 - 2014-07-12 23:22 - 00001095 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-07-12 23:22 - 2014-07-12 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-07-12 23:21 - 2014-07-13 00:58 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-07-12 23:15 - 2014-07-12 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2014-07-12 23:15 - 2014-07-12 23:15 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-07-12 23:15 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\ADFA.tmp
2014-07-12 22:54 - 2014-07-12 22:54 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-12 22:42 - 2014-07-13 00:56 - 00000112 _____ () C:\Windows\setupact.log
2014-07-12 22:42 - 2014-07-12 22:43 - 00286096 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-12 22:42 - 2014-07-12 22:42 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-12 22:41 - 2014-07-12 22:41 - 00064024 _____ () C:\Users\Andreas\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-12 21:49 - 2014-07-12 23:45 - 00002924 _____ () C:\Users\Andreas\Desktop\Neues Textdokument (2).txt
2014-07-12 21:07 - 2014-07-12 21:07 - 00000011 _____ () C:\Users\Andreas\Desktop\Neues Textdokument.txt
2014-07-12 20:59 - 2014-07-13 00:40 - 00000000 ____D () C:\Users\Andreas\Desktop\a
2014-07-10 09:50 - 2014-07-10 09:50 - 00002102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-07-10 09:50 - 2014-07-10 09:50 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Thunderbird
2014-07-10 09:50 - 2014-07-10 09:50 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Thunderbird
2014-07-10 09:50 - 2014-07-10 09:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-07-09 22:23 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 22:23 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 22:23 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 22:23 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 22:23 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 22:23 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 22:23 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 22:23 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 22:23 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 22:23 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 22:23 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 22:23 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 22:23 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 22:23 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 22:23 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 22:23 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 22:23 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 22:23 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 22:23 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 22:23 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 22:23 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 22:23 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 22:23 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 22:23 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 22:23 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 22:23 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 22:23 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 22:23 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 22:23 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 22:23 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 22:23 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 22:23 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 22:23 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 22:23 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 22:23 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 22:23 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 22:23 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 22:23 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 22:23 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 22:23 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 22:23 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 22:23 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 22:23 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 22:23 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 22:23 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 22:23 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 22:23 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 22:23 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 22:23 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 22:23 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 22:23 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 22:23 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 22:23 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 22:23 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 22:23 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 22:23 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 22:23 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 22:23 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 22:23 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-09 22:22 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 22:22 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 22:22 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 22:22 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 22:22 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 22:22 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 22:22 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 22:22 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 22:22 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 22:22 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 22:22 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 22:22 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 22:22 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 22:22 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 22:22 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 22:22 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 22:22 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 22:22 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 22:22 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 22:22 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-07 11:43 - 2014-07-07 11:43 - 00000000 ____D () C:\Program Files (x86)\Sirrix AG
2014-07-07 11:42 - 2014-07-07 11:42 - 00000000 ____D () C:\Program Files\Oracle
2014-07-07 11:42 - 2011-12-21 13:15 - 00219440 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2014-07-07 11:42 - 2011-12-21 13:15 - 00044848 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2014-07-07 09:50 - 2014-07-08 01:20 - 00000000 ____D () C:\ProgramData\SystemExplorer
2014-07-07 09:50 - 2014-07-07 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer
2014-07-07 09:50 - 2014-07-07 09:50 - 00000000 ____D () C:\Program Files (x86)\System Explorer
2014-07-07 04:54 - 2014-07-07 11:21 - 00000000 ____D () C:\Users\Andreas\AppData\Local\VMware
2014-07-07 04:54 - 2014-07-07 10:32 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\VMware
2014-07-07 04:49 - 2014-06-12 18:23 - 00359128 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2014-07-07 04:49 - 2014-06-12 18:23 - 00064728 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2014-07-07 04:49 - 2014-06-12 18:22 - 00931032 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2014-07-07 04:49 - 2014-06-12 18:22 - 00437976 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2014-07-07 04:49 - 2014-06-12 18:22 - 00031448 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2014-07-07 04:49 - 2014-06-12 18:21 - 00033496 _____ (VMware, Inc.) C:\Windows\system32\Drivers\VMkbd.sys
2014-07-07 04:49 - 2014-02-27 18:40 - 00054464 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2014-07-07 04:49 - 2013-10-08 18:21 - 00073296 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2014-07-07 04:49 - 2013-10-08 18:21 - 00067664 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2014-07-07 04:49 - 2013-10-08 18:21 - 00063568 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2014-07-07 04:48 - 2014-07-07 11:15 - 00000000 ____D () C:\ProgramData\VMware
2014-07-07 04:48 - 2014-07-07 04:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2014-07-07 04:48 - 2014-07-07 04:48 - 00000000 ____D () C:\Program Files\Common Files\VMware
2014-07-07 04:48 - 2014-07-07 04:48 - 00000000 ____D () C:\Program Files (x86)\VMware
2014-07-07 01:20 - 2014-07-07 01:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-07-07 01:20 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2014-07-07 01:19 - 2014-07-13 00:57 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-07 01:19 - 2014-07-07 01:19 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-07-07 01:19 - 2014-07-07 01:19 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-07-07 01:19 - 2014-07-07 01:19 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-07-07 01:19 - 2014-07-07 01:19 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-07-07 01:19 - 2014-05-28 16:38 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-07-07 01:19 - 2014-05-28 16:38 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-07-07 00:18 - 2014-07-07 00:59 - 00231960 _____ () C:\Windows\RegBootClean64.exe
2014-07-06 22:37 - 2014-07-06 22:37 - 00000036 _____ () C:\Users\Andreas\AppData\Local\housecall.guid.cache
2014-06-18 09:35 - 2014-06-18 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HotForex MetaTrader
2014-06-14 12:05 - 2014-07-11 15:53 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-14 12:05 - 2014-07-11 15:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== One Month Modified Files and Folders =======

2014-07-13 01:03 - 2014-07-13 01:02 - 00014726 _____ () C:\Users\Andreas\Desktop\FRST.txt
2014-07-13 01:03 - 2014-07-13 01:02 - 00000000 ____D () C:\FRST
2014-07-13 01:02 - 2014-07-13 01:02 - 00000476 _____ () C:\Users\Andreas\Desktop\defogger_disable.log
2014-07-13 01:02 - 2014-07-13 01:02 - 00000000 _____ () C:\Users\Andreas\defogger_reenable
2014-07-13 01:02 - 2013-05-31 15:45 - 00000000 ____D () C:\Users\Andreas
2014-07-13 01:01 - 2014-07-13 01:01 - 00380416 _____ () C:\Users\Andreas\Desktop\ij2jhrkq.exe
2014-07-13 01:01 - 2014-07-13 01:00 - 02084864 _____ (Farbar) C:\Users\Andreas\Desktop\FRST64.exe
2014-07-13 01:01 - 2014-07-13 00:59 - 00000096 ____H () C:\Users\Andreas\Desktop\.~lock.OpenDocument Text (neu).odt#
2014-07-13 01:01 - 2013-06-01 01:31 - 00702688 _____ () C:\Windows\system32\perfh007.dat
2014-07-13 01:01 - 2013-06-01 01:31 - 00151322 _____ () C:\Windows\system32\perfc007.dat
2014-07-13 01:01 - 2009-07-14 07:13 - 01630122 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-13 01:00 - 2014-07-13 01:00 - 00050477 _____ () C:\Users\Andreas\Desktop\Defogger.exe
2014-07-13 01:00 - 2014-07-13 00:59 - 00027764 _____ () C:\Users\Andreas\Desktop\OpenDocument Text (neu).odt
2014-07-13 01:00 - 2013-05-31 15:36 - 01081407 _____ () C:\Windows\WindowsUpdate.log
2014-07-13 00:58 - 2014-07-12 23:21 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-07-13 00:57 - 2014-07-07 01:19 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-13 00:56 - 2014-07-12 22:42 - 00000112 _____ () C:\Windows\setupact.log
2014-07-13 00:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-13 00:44 - 2014-07-13 00:44 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-07-13 00:40 - 2014-07-12 20:59 - 00000000 ____D () C:\Users\Andreas\Desktop\a
2014-07-13 00:09 - 2009-07-14 06:45 - 00026720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-13 00:09 - 2009-07-14 06:45 - 00026720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-12 23:45 - 2014-07-12 21:49 - 00002924 _____ () C:\Users\Andreas\Desktop\Neues Textdokument (2).txt
2014-07-12 23:22 - 2014-07-12 23:22 - 00001095 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-07-12 23:22 - 2014-07-12 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-07-12 23:15 - 2014-07-12 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2014-07-12 23:15 - 2014-07-12 23:15 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-07-12 22:54 - 2014-07-12 22:54 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-12 22:43 - 2014-07-12 22:42 - 00286096 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-12 22:42 - 2014-07-12 22:42 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-12 22:41 - 2014-07-12 22:41 - 00064024 _____ () C:\Users\Andreas\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-12 22:33 - 2014-06-11 03:29 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\MetaQuotes
2014-07-12 21:07 - 2014-07-12 21:07 - 00000011 _____ () C:\Users\Andreas\Desktop\Neues Textdokument.txt
2014-07-12 20:34 - 2014-04-15 21:46 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-12 20:29 - 2014-04-20 23:44 - 00000000 ____D () C:\Program Files\Java
2014-07-12 20:23 - 2014-05-06 18:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-11 15:53 - 2014-06-14 12:05 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-11 15:53 - 2014-06-14 12:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-11 15:53 - 2014-04-15 21:42 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Adobe
2014-07-11 12:30 - 2014-01-17 22:37 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Battle.net
2014-07-11 11:32 - 2014-01-17 22:37 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-10 16:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-10 09:50 - 2014-07-10 09:50 - 00002102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-07-10 09:50 - 2014-07-10 09:50 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Thunderbird
2014-07-10 09:50 - 2014-07-10 09:50 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Thunderbird
2014-07-10 09:50 - 2014-07-10 09:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-07-09 22:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 22:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 22:25 - 2013-07-12 21:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 22:24 - 2013-06-01 07:34 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-08 08:58 - 2013-06-27 17:08 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\vlc
2014-07-08 01:20 - 2014-07-07 09:50 - 00000000 ____D () C:\ProgramData\SystemExplorer
2014-07-07 11:43 - 2014-07-07 11:43 - 00000000 ____D () C:\Program Files (x86)\Sirrix AG
2014-07-07 11:42 - 2014-07-07 11:42 - 00000000 ____D () C:\Program Files\Oracle
2014-07-07 11:21 - 2014-07-07 04:54 - 00000000 ____D () C:\Users\Andreas\AppData\Local\VMware
2014-07-07 11:15 - 2014-07-07 04:48 - 00000000 ____D () C:\ProgramData\VMware
2014-07-07 10:32 - 2014-07-07 04:54 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\VMware
2014-07-07 09:50 - 2014-07-07 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer
2014-07-07 09:50 - 2014-07-07 09:50 - 00000000 ____D () C:\Program Files (x86)\System Explorer
2014-07-07 09:43 - 2013-05-31 19:37 - 00000000 ____D () C:\ProgramData\Intel
2014-07-07 04:48 - 2014-07-07 04:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2014-07-07 04:48 - 2014-07-07 04:48 - 00000000 ____D () C:\Program Files\Common Files\VMware
2014-07-07 04:48 - 2014-07-07 04:48 - 00000000 ____D () C:\Program Files (x86)\VMware
2014-07-07 04:48 - 2014-01-07 22:17 - 01651014 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-07 01:20 - 2014-07-07 01:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-07-07 01:19 - 2014-07-07 01:19 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-07-07 01:19 - 2014-07-07 01:19 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-07-07 01:19 - 2014-07-07 01:19 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-07-07 01:19 - 2014-07-07 01:19 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-07-07 00:59 - 2014-07-07 00:18 - 00231960 _____ () C:\Windows\RegBootClean64.exe
2014-07-06 22:37 - 2014-07-06 22:37 - 00000036 _____ () C:\Users\Andreas\AppData\Local\housecall.guid.cache
2014-07-03 14:17 - 2014-01-17 22:40 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-06-25 21:23 - 2014-03-28 00:01 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-06-20 22:14 - 2014-07-09 22:23 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 21:39 - 2014-07-09 22:23 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-19 03:39 - 2014-07-09 22:23 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-19 03:06 - 2014-07-09 22:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-19 03:06 - 2014-07-09 22:23 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-19 02:48 - 2014-07-09 22:23 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-19 02:42 - 2014-07-09 22:23 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-19 02:42 - 2014-07-09 22:23 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-19 02:41 - 2014-07-09 22:23 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-19 02:41 - 2014-07-09 22:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-19 02:32 - 2014-07-09 22:23 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-19 02:31 - 2014-07-09 22:23 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-19 02:26 - 2014-07-09 22:23 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-19 02:24 - 2014-07-09 22:23 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-19 02:24 - 2014-07-09 22:23 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-19 02:23 - 2014-07-09 22:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-19 02:16 - 2014-07-09 22:23 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-19 02:14 - 2014-07-09 22:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-19 02:09 - 2014-07-09 22:23 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-19 01:59 - 2014-07-09 22:23 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:56 - 2014-07-09 22:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-19 01:53 - 2014-07-09 22:23 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-19 01:51 - 2014-07-09 22:23 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-19 01:50 - 2014-07-09 22:23 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-19 01:48 - 2014-07-09 22:23 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-19 01:39 - 2014-07-09 22:23 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-19 01:38 - 2014-07-09 22:23 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-19 01:37 - 2014-07-09 22:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-19 01:36 - 2014-07-09 22:23 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-09 22:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-19 01:33 - 2014-07-09 22:23 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-19 01:32 - 2014-07-09 22:23 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-19 01:28 - 2014-07-09 22:23 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-19 01:28 - 2014-07-09 22:23 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-19 01:27 - 2014-07-09 22:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-19 01:27 - 2014-07-09 22:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-19 01:25 - 2014-07-09 22:23 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-19 01:23 - 2014-07-09 22:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-19 01:22 - 2014-07-09 22:23 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-19 01:12 - 2014-07-09 22:23 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-19 01:06 - 2014-07-09 22:23 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-09 22:23 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-19 00:59 - 2014-07-09 22:23 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-19 00:58 - 2014-07-09 22:23 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-19 00:58 - 2014-07-09 22:23 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-19 00:52 - 2014-07-09 22:23 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-19 00:51 - 2014-07-09 22:23 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-19 00:49 - 2014-07-09 22:23 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-19 00:46 - 2014-07-09 22:23 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-09 22:23 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-19 00:35 - 2014-07-09 22:23 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-19 00:34 - 2014-07-09 22:23 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-19 00:15 - 2014-07-09 22:23 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-19 00:13 - 2014-07-09 22:23 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-19 00:09 - 2014-07-09 22:23 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-19 00:07 - 2014-07-09 22:23 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-18 09:35 - 2014-06-18 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HotForex MetaTrader
2014-06-18 04:18 - 2014-07-09 22:22 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-18 03:51 - 2014-07-09 22:22 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-18 03:10 - 2014-07-09 22:22 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-14 11:31 - 2013-06-04 09:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\Andreas\AppData\Local\Temp\fwhqrb.exe
C:\Users\Andreas\AppData\Local\Temp\jbhfkn.exe
C:\Users\Andreas\AppData\Local\Temp\rzzgbt.exe
C:\Users\Andreas\AppData\Local\Temp\vfhrqp.exe
C:\Users\Andreas\AppData\Local\Temp\wbqpvl.exe
C:\Users\Andreas\AppData\Local\Temp\wghphz.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-08 09:37

==================== End Of Log ============================
--- --- ---

--- --- ---


ADDITION
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-07-2014
Ran by Andreas at 2014-07-13 01:04:08
Running from C:\Users\Andreas\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 15.0.7.3 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 15.0.7.1 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.100.82.120 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Earth (HKLM-x32\...\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.15 - Acer Inc.)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
Nmap 6.46 (HKLM-x32\...\Nmap) (Version:  - )
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Oracle VM VirtualBox 4.0.16 (HKLM\...\{D113D762-FC28-4B6F-A39E-DD9A037B04D4}) (Version: 4.0.16 - Oracle Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Sophos Anti-Rootkit 1.5.0 (HKLM-x32\...\Sophos-AntiRootkit) (Version: 1.5.0 - Sophos Plc)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Stellarium 0.12.2 (HKLM\...\Stellarium_is1) (Version: 0.12.2 - Stellarium team)
System Explorer 5.8.0 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version:  - Mister Group)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TEASI tool version 2.1.1.1 (HKLM-x32\...\{805FBA43-88AB-4E02-A16C-560F7D0D7CD5}_is1) (Version: 2.1.1.1 - GPS Tuner)
tools-freebsd (x32 Version: 9.6.2.1895310 - VMware, Inc.) Hidden
tools-linux (x32 Version: 9.6.2.1895310 - VMware, Inc.) Hidden
tools-netware (x32 Version: 9.6.2.1895310 - VMware, Inc.) Hidden
tools-solaris (x32 Version: 9.6.2.1895310 - VMware, Inc.) Hidden
tools-windows (x32 Version: 9.6.2.1895310 - VMware, Inc.) Hidden
tools-winPre2k (x32 Version: 9.6.2.1895310 - VMware, Inc.) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.3 - VMware, Inc)
VMware Player (Version: 6.0.3 - VMware, Inc.) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wireshark 1.10.7 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.10.7 - The Wireshark developer community, hxxp://www.wireshark.org)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {F5DE7485-495F-4EBC-A9C6-45809ACBA23A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)

==================== Loaded Modules (whitelisted) =============

2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-07-12 23:22 - 2014-06-18 15:50 - 00703800 _____ () C:\Program Files (x86)\Emsisoft Anti-Malware\fw32.dll
2014-02-19 14:18 - 2014-02-19 14:18 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\00a0b4a9df6e4abf30ae2af3624a77ce\IsdiInterop.ni.dll
2013-05-31 19:32 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-05-31 19:37 - 2012-02-08 03:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-04-22 13:00 - 2014-04-22 13:00 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2014-04-15 16:23 - 2014-04-15 16:23 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
2014-01-03 08:59 - 2014-02-10 19:04 - 00430080 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: BitBoxService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: VMAuthdService => 3
MSCONFIG\Services: VMUSBArbService => 3
MSCONFIG\Services: wltrysvc => 2
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: FlashPlayerUpdate => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_Plugin.exe -update plugin
MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

==================== Faulty Device Manager Devices =============

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Broadcom Virtual Wireless Adapter
Description: Broadcom Virtual Wireless Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BcmVWL
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Broadcom NetLink (TM) Gigabit Ethernet
Description: Broadcom NetLink (TM) Gigabit Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: k57nd60a
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/13/2014 01:04:09 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
.


Vorgang:
  VSS-Server wird instanziiert

Error: (07/13/2014 01:04:09 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "IVssCoordinatorEx2" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
  VSS-Server wird instanziiert

Error: (07/13/2014 00:58:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2014 11:36:32 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
.


Vorgang:
  VSS-Server wird instanziiert

Error: (07/12/2014 11:36:32 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "IVssCoordinatorEx2" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
  VSS-Server wird instanziiert

Error: (07/12/2014 10:54:30 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/12/2014 10:54:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/12/2014 10:54:13 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/12/2014 10:54:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/12/2014 10:54:09 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (07/13/2014 00:58:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Emsisoft Protection Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/13/2014 00:57:40 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (07/13/2014 00:56:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (07/13/2014 00:40:08 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (07/13/2014 00:38:32 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (07/13/2014 00:24:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (07/13/2014 00:10:47 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (07/13/2014 00:10:17 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Error: (07/13/2014 00:08:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MEMSWEEP2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275

Error: (07/13/2014 00:08:21 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\system32\3563.tmp nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.


Microsoft Office Sessions:
=========================
Error: (07/13/2014 01:04:09 AM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
  VSS-Server wird instanziiert

Error: (07/13/2014 01:04:09 AM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
  VSS-Server wird instanziiert

Error: (07/13/2014 00:58:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2014 11:36:32 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
  VSS-Server wird instanziiert

Error: (07/12/2014 11:36:32 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
  VSS-Server wird instanziiert

Error: (07/12/2014 10:54:30 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Downloads\esetsmartinstaller_deu.exe

Error: (07/12/2014 10:54:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Downloads\esetsmartinstaller_deu.exe

Error: (07/12/2014 10:54:13 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Downloads\esetsmartinstaller_deu.exe

Error: (07/12/2014 10:54:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Downloads\esetsmartinstaller_deu.exe

Error: (07/12/2014 10:54:09 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Downloads\esetsmartinstaller_deu.exe


CodeIntegrity Errors:
===================================
  Date: 2014-07-13 00:08:21.602
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\3563.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-13 00:08:21.564
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\3563.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-12 23:24:06.143
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\3563.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-12 23:24:06.105
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\3563.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-12 23:18:48.249
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\ADFA.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-12 23:18:48.209
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\ADFA.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-12 23:15:52.716
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\ADFA.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-12 23:15:52.675
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\ADFA.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-07-07 03:39:28.293
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-07 03:39:28.291
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 8008.36 MB
Available physical RAM: 6534.13 MB
Total Pagefile: 20018.54 MB
Available Pagefile: 18223.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:386.92 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 9ABFF84B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Screenshots

hxxp://picload.org/image/lpiaddl/d.png
hxxp://picload.org/image/lpiadll/unbenannt.png
hxxp://picload.org/image/lpiadro/__a.png
hxxp://picload.org/image/lpiadar/g.png

Kenor 13.07.2014 00:40
Vielleicht bin ich auch nur einfach wieder mal paranoid..


Ich konnte meinen Post oben nicht mehr editieren

GMER

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-13 01:40:24
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.AM00 465,76GB
Running: ij2jhrkq.exe; Driver: C:\Users\Andreas\AppData\Local\Temp\fgldqpod.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                  00000000774d11f5 8 bytes {JMP 0xd}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                00000000774d1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                        00000000774d143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                        00000000774d158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                00000000774d191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                00000000774d1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                              00000000774d1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                  00000000774d1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                  00000000774d1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                      00000000774d1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                    00000000774d1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                    00000000774d1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                            00000000774d1fd7 8 bytes {JMP 0xb}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                        00000000774d2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                        00000000774d2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578            00000000774d2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                    00000000774d27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                  00000000774d27d2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79  00000000774d282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176  00000000774d2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299          00000000774d2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367          00000000774d2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 3
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                  00000000774d3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                      00000000774d323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                      00000000774d33c0 16 bytes {JMP 0x4e}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                    00000000774d3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                    00000000774d3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197        00000000774d3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611        00000000774d3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                  00000000774d4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                            0000000077521380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                          0000000077521500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                0000000077521530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                              0000000077521650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                  0000000077521700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                  0000000077521d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                0000000077521f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                00000000775227e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312              0000000074ff13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471              0000000074ff146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                          0000000074ff16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                            0000000074ff16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                        0000000074ff19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                        0000000074ff19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                  0000000074ff1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                    0000000074ff1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                  0000000074ff1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[3916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                      0000000074ff1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                        00000000774d11f5 8 bytes {JMP 0xd}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                      00000000774d1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                            00000000774d143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                            00000000774d158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                    00000000774d191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                    00000000774d1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                    00000000774d1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                      00000000774d1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                      00000000774d1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                          00000000774d1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                          00000000774d1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                        00000000774d1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                00000000774d1fd7 8 bytes {JMP 0xb}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                            00000000774d2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                            00000000774d2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                  00000000774d2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                        00000000774d27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                      00000000774d27d2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79        00000000774d282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176      00000000774d2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299              00000000774d2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367              00000000774d2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 3
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                      00000000774d3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                          00000000774d323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                          00000000774d33c0 16 bytes {JMP 0x4e}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                          00000000774d3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                          00000000774d3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197              00000000774d3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611              00000000774d3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                      00000000774d4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                0000000077521380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                              0000000077521500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                    0000000077521530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                  0000000077521650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                      0000000077521700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                      0000000077521d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                    0000000077521f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                    00000000775227e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                  0000000074ff13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                  0000000074ff146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                0000000074ff16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                  0000000074ff16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                            0000000074ff19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                            0000000074ff19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                      0000000074ff1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                        0000000074ff1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                      0000000074ff1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3972] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                            0000000074ff1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                        00000000774d11f5 8 bytes {JMP 0xd}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                      00000000774d1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                            00000000774d143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                            00000000774d158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                    00000000774d191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                    00000000774d1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                    00000000774d1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                      00000000774d1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                      00000000774d1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                          00000000774d1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                          00000000774d1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                        00000000774d1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                00000000774d1fd7 8 bytes {JMP 0xb}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                            00000000774d2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                            00000000774d2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                  00000000774d2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                        00000000774d27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                      00000000774d27d2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79        00000000774d282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176      00000000774d2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299              00000000774d2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367              00000000774d2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 3
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                      00000000774d3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                          00000000774d323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                          00000000774d33c0 16 bytes {JMP 0x4e}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                          00000000774d3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                          00000000774d3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197              00000000774d3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611              00000000774d3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                      00000000774d4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                0000000077521380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                              0000000077521500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                    0000000077521530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                  0000000077521650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                      0000000077521700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                      0000000077521d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                    0000000077521f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                    00000000775227e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                  0000000074ff13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                  0000000074ff146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                0000000074ff16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                  0000000074ff16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                            0000000074ff19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                            0000000074ff19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                      0000000074ff1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                        0000000074ff1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                      0000000074ff1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                            0000000074ff1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                    00000000774d11f5 8 bytes {JMP 0xd}
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                  00000000774d1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                        00000000774d143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                        00000000774d158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                00000000774d191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                00000000774d1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                00000000774d1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                  00000000774d1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                  00000000774d1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                      00000000774d1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                      00000000774d1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                    00000000774d1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                            00000000774d1fd7 8 bytes {JMP 0xb}
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                        00000000774d2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                        00000000774d2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                              00000000774d2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                    00000000774d27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                  00000000774d27d2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                    00000000774d282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                  00000000774d2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                          00000000774d2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                          00000000774d2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 3
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                  00000000774d3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                      00000000774d323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                      00000000774d33c0 16 bytes {JMP 0x4e}
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                      00000000774d3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                      00000000774d3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                          00000000774d3b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                          00000000774d3d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                  00000000774d4190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                            0000000077521380 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                          0000000077521500 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                0000000077521530 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                              0000000077521650 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                  0000000077521700 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                  0000000077521d30 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                0000000077521f80 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                00000000775227e0 8 bytes JMP 3f3f3f3f
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                              0000000074ff13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                              0000000074ff146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                            0000000074ff16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                              0000000074ff16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                        0000000074ff19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                        0000000074ff19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                  0000000074ff1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                    0000000074ff1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                  0000000074ff1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Mozilla Firefox\firefox.exe[3884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                        0000000074ff1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                                00000000774d11f5 8 bytes {JMP 0xd}
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                              00000000774d1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                      00000000774d143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                      00000000774d158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                              00000000774d191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                              00000000774d1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                            00000000774d1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                00000000774d1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                                00000000774d1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                    00000000774d1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                                  00000000774d1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                                  00000000774d1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                          00000000774d1fd7 8 bytes {JMP 0xb}
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                      00000000774d2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                      00000000774d2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                          00000000774d2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                  00000000774d27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                00000000774d27d2 8 bytes {JMP 0x10}
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                00000000774d282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                                00000000774d2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                        00000000774d2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                        00000000774d2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 3
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                                00000000774d3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                    00000000774d323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                    00000000774d33c0 16 bytes {JMP 0x4e}
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                  00000000774d3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                  00000000774d3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                      00000000774d3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                      00000000774d3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                00000000774d4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                          0000000077521380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                        0000000077521500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                              0000000077521530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                            0000000077521650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                0000000077521700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                0000000077521d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                              0000000077521f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                              00000000775227e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                            0000000074ff13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                            0000000074ff146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                        0000000074ff16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                          0000000074ff16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                      0000000074ff19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                      0000000074ff19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                                0000000074ff1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                                  0000000074ff1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                0000000074ff1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                    0000000074ff1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                                                  00000000776cfc20 3 bytes JMP 718a000a
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4                                                                              00000000776cfc24 2 bytes JMP 718a000a
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                                                                            00000000776cfc38 3 bytes JMP 7181000a
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4                                                                        00000000776cfc3c 2 bytes JMP 7181000a
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                      00000000776cfd64 3 bytes JMP 7184000a
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                                                  00000000776cfd68 2 bytes JMP 7184000a
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                    00000000776d00b4 3 bytes JMP 7187000a
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                                                00000000776d00b8 2 bytes JMP 7187000a
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                  00000000776d01c4 3 bytes JMP 7190000a
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4                                                                              00000000776d01c8 2 bytes JMP 7190000a
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                                                                00000000776d0a44 3 bytes JMP 718d000a
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4                                                                            00000000776d0a48 2 bytes JMP 718d000a
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                              00000000776d1920 3 bytes JMP 717e000a
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4                                                                          00000000776d1924 2 bytes JMP 717e000a
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                                                      00000000769f3bbb 3 bytes JMP 717b000a
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4                                                                  00000000769f3bbf 2 bytes JMP 717b000a
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                                      00000000756e2c9e 4 bytes CALL 71af0000
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\syswow64\USER32.dll!SendMessageW                                                                                  0000000077079679 6 bytes JMP 719f000a
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                                  00000000770812a5 6 bytes JMP 7199000a
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                                  0000000077083baa 6 bytes JMP 719c000a
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\syswow64\USER32.dll!SendMessageA                                                                                  000000007708612e 6 bytes JMP 71a2000a
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\syswow64\USER32.dll!SendInput                                                                                      000000007709ff4a 3 bytes JMP 71a5000a
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\syswow64\USER32.dll!SendInput + 4                                                                                  000000007709ff4e 2 bytes JMP 71a5000a
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\syswow64\USER32.dll!mouse_event                                                                                    00000000770d027b 6 bytes JMP 71ab000a
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\syswow64\USER32.dll!keybd_event                                                                                    00000000770d02bf 6 bytes JMP 71a8000a
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                                              00000000751d70c4 6 bytes JMP 7193000a
.text  C:\Users\Andreas\Desktop\ij2jhrkq.exe[1340] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                                              00000000751f3264 6 bytes JMP 7196000a

---- EOF - GMER 2.1 ----

cosinus 29.07.2014 19:42
http://www.trojaner-board.de/156396-...tivierbar.html


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:05 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131