Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   DDoS angriff? :( (https://www.trojaner-board.de/160074-ddos-angriff.html)

Lolbobolp 25.10.2014 13:53
DDoS angriff? :(
 
Ich habe ein problem ich glaube ich wurde angegriffen der Computer ist jetzt schon 2 mal kurz stehen geblieben und ich wollt mal fragen ob ihr drübergucken könnt war so nen typ im ts der gesagt hat er will mich ddos en

Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-10-2014
Ran by Phillip (administrator) on NB-PHILLIP on 25-10-2014 14:46:32
Running from C:\Users\Phillip\Desktop
Loaded Profile: Phillip (Available profiles: Phillip)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\javaw.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\javaw.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-12] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10801944 2014-07-28] (Logitech Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-578327087-4110603385-1361986703-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6480664 2014-09-25] (Piriform Ltd)
HKU\S-1-5-21-578327087-4110603385-1361986703-1001\...\RunOnce: [Uninstall C:\Users\Phillip\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Phillip\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
HKU\S-1-5-21-578327087-4110603385-1361986703-1001\...\MountPoints2: {6f6dc400-2ab1-11e4-945e-e8039a144256} - F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [174856 2014-09-14] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [156840 2014-09-14] (NVIDIA Corporation)
AppInit_DLLs-x32: , C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [156840 2014-09-14] (NVIDIA Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\excqspqe.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\excqspqe.default\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\excqspqe.default\Extensions\donottrackplus@abine.com [2014-09-12]
FF Extension: NoScript - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\excqspqe.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-31]
FF Extension: Adblock Plus - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\excqspqe.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-08]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-26]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-08-23]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-08-23]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-08-23]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-08-23]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-08-23]

Chrome:
=======
CHR Profile: C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho []
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-10-10] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-10-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 massfilter_hs; C:\windows\system32\drivers\massfilter_hs.sys [18456 2011-07-07] (HandSet Incorporated)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-11-25] (Windows (R) 2003 DDK 3790 provider)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
S2 TVicPort; C:\Windows\SysWow64\Drivers\TVicPort.sys [4080 1999-05-20] () [File not signed]
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [129432 2011-09-13] (ZTE Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-25 14:46 - 2014-10-25 14:47 - 00019524 _____ () C:\Users\Phillip\Desktop\FRST.txt
2014-10-25 14:46 - 2014-10-25 14:46 - 00000000 ____D () C:\Users\Phillip\Desktop\FRST-OlderVersion
2014-10-25 14:36 - 2014-10-25 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-10-19 17:36 - 2014-10-19 17:36 - 00001252 _____ () C:\windows\PFRO.log
2014-10-18 12:32 - 2014-10-18 12:32 - 00069504 _____ () C:\Users\Phillip\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-18 12:32 - 2014-10-18 12:32 - 00000000 ____D () C:\Users\Phillip\AppData\Local\Abelssoft
2014-10-17 21:41 - 2014-10-17 21:41 - 00002014 _____ () C:\Users\Public\Desktop\Thunderbird (2).lnk
2014-10-17 21:36 - 2014-10-25 14:37 - 00004978 _____ () C:\windows\SecuniaPackage.log
2014-10-17 19:33 - 2014-10-25 13:09 - 00000840 _____ () C:\windows\setupact.log
2014-10-17 19:33 - 2014-10-17 19:34 - 00305544 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-17 19:33 - 2014-10-17 19:33 - 00000000 _____ () C:\windows\setuperr.log
2014-10-15 22:17 - 2014-10-15 22:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-10-15 15:43 - 2014-09-29 02:58 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-15 15:43 - 2014-08-19 05:11 - 00693176 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2014-10-15 15:43 - 2014-08-19 05:10 - 00616352 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2014-10-15 15:43 - 2014-08-19 05:08 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2014-10-15 15:43 - 2014-08-19 05:08 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2014-10-15 15:43 - 2014-08-19 05:08 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2014-10-15 15:43 - 2014-08-19 05:07 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2014-10-15 15:43 - 2014-08-19 05:07 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2014-10-15 15:43 - 2014-08-19 05:07 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2014-10-15 15:43 - 2014-08-19 05:07 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2014-10-15 15:43 - 2014-08-19 05:07 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2014-10-15 15:43 - 2014-08-19 04:41 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2014-10-15 15:43 - 2014-08-19 04:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2014-10-15 15:43 - 2014-08-19 04:06 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2014-10-15 15:43 - 2014-07-07 04:07 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2014-10-15 15:43 - 2014-07-07 04:07 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2014-10-15 15:43 - 2014-07-07 04:07 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2014-10-15 15:43 - 2014-07-07 04:06 - 05551032 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-10-15 15:43 - 2014-07-07 04:06 - 04120576 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-10-15 15:43 - 2014-07-07 04:06 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2014-10-15 15:43 - 2014-07-07 04:06 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2014-10-15 15:43 - 2014-07-07 04:06 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2014-10-15 15:43 - 2014-07-07 04:06 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2014-10-15 15:43 - 2014-07-07 04:06 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2014-10-15 15:43 - 2014-07-07 04:06 - 00679424 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-10-15 15:43 - 2014-07-07 04:06 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2014-10-15 15:43 - 2014-07-07 04:06 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2014-10-15 15:43 - 2014-07-07 04:06 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-10-15 15:43 - 2014-07-07 04:06 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2014-10-15 15:43 - 2014-07-07 04:06 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-10-15 15:43 - 2014-07-07 04:06 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2014-10-15 15:43 - 2014-07-07 04:06 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2014-10-15 15:43 - 2014-07-07 04:06 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-10-15 15:43 - 2014-07-07 04:06 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-10-15 15:43 - 2014-07-07 04:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-10-15 15:43 - 2014-07-07 04:06 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2014-10-15 15:43 - 2014-07-07 04:06 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2014-10-15 15:43 - 2014-07-07 04:06 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2014-10-15 15:43 - 2014-07-07 04:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2014-10-15 15:43 - 2014-07-07 04:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2014-10-15 15:43 - 2014-07-07 04:06 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2014-10-15 15:43 - 2014-07-07 04:06 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2014-10-15 15:43 - 2014-07-07 04:06 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2014-10-15 15:43 - 2014-07-07 04:05 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2014-10-15 15:43 - 2014-07-07 04:05 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2014-10-15 15:43 - 2014-07-07 04:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2014-10-15 15:43 - 2014-07-07 03:52 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2014-10-15 15:43 - 2014-07-07 03:40 - 11411456 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2014-10-15 15:43 - 2014-07-07 03:40 - 03208704 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-10-15 15:43 - 2014-07-07 03:40 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2014-10-15 15:43 - 2014-07-07 03:40 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2014-10-15 15:43 - 2014-07-07 03:40 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2014-10-15 15:43 - 2014-07-07 03:40 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2014-10-15 15:43 - 2014-07-07 03:40 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2014-10-15 15:43 - 2014-07-07 03:40 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2014-10-15 15:43 - 2014-07-07 03:40 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2014-10-15 15:43 - 2014-07-07 03:40 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2014-10-15 15:43 - 2014-07-07 03:40 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-10-15 15:43 - 2014-07-07 03:40 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2014-10-15 15:43 - 2014-07-07 03:40 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-10-15 15:43 - 2014-07-07 03:40 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2014-10-15 15:43 - 2014-07-07 03:40 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2014-10-15 15:43 - 2014-07-07 03:40 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-10-15 15:43 - 2014-07-07 03:40 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2014-10-15 15:43 - 2014-07-07 03:40 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2014-10-15 15:43 - 2014-07-07 03:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2014-10-15 15:43 - 2014-07-07 03:40 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2014-10-15 15:43 - 2014-07-07 03:40 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2014-10-15 15:43 - 2014-07-07 03:40 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2014-10-15 15:43 - 2014-07-07 03:40 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2014-10-15 15:43 - 2014-07-07 03:39 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2014-10-15 15:43 - 2014-07-07 03:39 - 03970488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2014-10-15 15:43 - 2014-07-07 03:39 - 03914680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2014-10-15 15:43 - 2014-07-07 03:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2014-10-15 15:43 - 2014-07-07 03:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2014-10-15 15:43 - 2014-07-07 03:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2014-10-15 15:43 - 2014-06-28 02:21 - 00619056 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2014-10-15 15:43 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2014-10-15 15:43 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2014-10-15 15:43 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
2014-10-15 15:43 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll
2014-10-15 15:43 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll
2014-10-15 15:43 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
2014-10-15 15:43 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll
2014-10-15 15:43 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
2014-10-15 15:42 - 2014-10-10 04:05 - 00507392 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-10-15 15:42 - 2014-10-10 04:05 - 00276480 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-10-15 15:42 - 2014-10-10 04:00 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-10-15 15:42 - 2014-10-07 04:54 - 00378552 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-10-15 15:42 - 2014-10-07 04:04 - 00331448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-10-15 15:42 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-10-15 15:42 - 2014-09-26 00:46 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-10-15 15:42 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-10-15 15:42 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-10-15 15:42 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-10-15 15:42 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-10-15 15:42 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-10-15 15:42 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-10-15 15:42 - 2014-09-19 03:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-10-15 15:42 - 2014-09-19 03:55 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-10-15 15:42 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-10-15 15:42 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-10-15 15:42 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-10-15 15:42 - 2014-09-19 03:40 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-10-15 15:42 - 2014-09-19 03:39 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-10-15 15:42 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-10-15 15:42 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-10-15 15:42 - 2014-09-19 03:31 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-10-15 15:42 - 2014-09-19 03:30 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-10-15 15:42 - 2014-09-19 03:27 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-10-15 15:42 - 2014-09-19 03:26 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-10-15 15:42 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-10-15 15:42 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-10-15 15:42 - 2014-09-19 03:25 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-10-15 15:42 - 2014-09-19 03:18 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-10-15 15:42 - 2014-09-19 03:14 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-10-15 15:42 - 2014-09-19 03:14 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-10-15 15:42 - 2014-09-19 03:06 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 15:42 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-10-15 15:42 - 2014-09-19 03:01 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-10-15 15:42 - 2014-09-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-10-15 15:42 - 2014-09-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-10-15 15:42 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-10-15 15:42 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-10-15 15:42 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-10-15 15:42 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-10-15 15:42 - 2014-09-19 02:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-10-15 15:42 - 2014-09-19 02:53 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-10-15 15:42 - 2014-09-19 02:51 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-10-15 15:42 - 2014-09-19 02:50 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-10-15 15:42 - 2014-09-19 02:49 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-10-15 15:42 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-10-15 15:42 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-10-15 15:42 - 2014-09-19 02:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-10-15 15:42 - 2014-09-19 02:36 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 15:42 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-10-15 15:42 - 2014-09-19 02:32 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-10-15 15:42 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-10-15 15:42 - 2014-09-19 02:18 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-10-15 15:42 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-10-15 15:42 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-10-15 15:42 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-10-15 15:42 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-10-15 15:42 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-10-15 15:41 - 2014-09-18 04:00 - 03241472 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-10-15 15:41 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-10-15 15:41 - 2014-09-13 03:58 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-10-15 15:41 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-10-15 15:41 - 2014-09-05 04:11 - 06584320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-10-15 15:41 - 2014-09-05 03:52 - 05703168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-10-15 15:41 - 2014-09-04 07:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-10-15 15:41 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2014-10-15 15:41 - 2014-08-29 04:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-10-15 15:41 - 2014-07-17 04:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-10-15 15:41 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-10-15 15:41 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-10-15 15:41 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2014-10-15 15:41 - 2014-07-17 04:07 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-10-15 15:41 - 2014-07-17 04:07 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-10-15 15:41 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2014-10-15 15:41 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-10-15 15:41 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-10-15 15:41 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2014-10-15 15:41 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2014-10-12 10:51 - 2014-10-12 10:51 - 00001638 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-10-10 22:19 - 2014-10-10 22:20 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2014-10-10 22:19 - 2014-10-10 22:19 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2014-10-10 22:16 - 2014-10-10 22:16 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-10 22:16 - 2014-10-10 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-10 22:16 - 2014-10-10 22:16 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-10 22:16 - 2014-10-10 22:16 - 00000000 ____D () C:\Program Files\iTunes
2014-10-10 22:16 - 2014-10-10 22:16 - 00000000 ____D () C:\Program Files\iPod
2014-10-10 22:16 - 2014-10-10 22:16 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-10 22:15 - 2014-10-10 22:15 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Apple Computer
2014-10-10 22:15 - 2014-10-10 22:15 - 00000000 ____D () C:\Users\Default\AppData\Local\Apple Computer
2014-10-10 22:15 - 2014-10-10 22:15 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Apple Computer
2014-10-10 22:15 - 2014-10-10 22:15 - 00000000 ____D () C:\Users\Default User\AppData\Local\Apple Computer
2014-10-10 22:08 - 2014-10-25 13:52 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-10-10 22:08 - 2014-10-17 21:47 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-10-10 22:02 - 2014-10-10 22:02 - 00001069 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-10-10 22:02 - 2014-10-10 22:02 - 00000000 ____D () C:\Users\Phillip\AppData\Local\Secunia PSI
2014-10-10 22:02 - 2014-10-10 22:02 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-10-03 22:40 - 2014-10-03 22:40 - 00000000 ____D () C:\windows\ERUNT
2014-10-03 19:21 - 2014-10-03 19:21 - 00511633 _____ () C:\Users\Phillip\Downloads\Autoruns_1203.zip
2014-10-02 14:23 - 2014-10-02 14:23 - 00094208 _____ (Apple Inc.) C:\windows\SysWOW64\QuickTimeVR.qtx
2014-10-02 14:23 - 2014-10-02 14:23 - 00069632 _____ (Apple Inc.) C:\windows\SysWOW64\QuickTime.qts
2014-10-01 21:06 - 2014-10-01 21:06 - 02644177 _____ () C:\Users\Phillip\Downloads\autostartmanager602-setup.exe
2014-09-30 20:36 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-09-30 20:36 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2014-09-29 17:38 - 2014-09-29 17:38 - 00000000 ____D () C:\windows\SysWOW64\NV
2014-09-29 17:38 - 2014-09-29 17:38 - 00000000 ____D () C:\windows\system32\NV
2014-09-29 17:37 - 2014-09-29 17:37 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-09-29 17:36 - 2014-09-14 01:48 - 00073872 _____ (Khronos Group) C:\windows\system32\OpenCL.dll
2014-09-29 17:36 - 2014-09-14 01:48 - 00060560 _____ (Khronos Group) C:\windows\SysWOW64\OpenCL.dll
2014-09-29 17:36 - 2014-09-13 23:53 - 06890696 _____ (NVIDIA Corporation) C:\windows\system32\nvcpl.dll
2014-09-29 17:36 - 2014-09-13 23:53 - 03529872 _____ (NVIDIA Corporation) C:\windows\system32\nvsvc64.dll
2014-09-29 17:36 - 2014-09-13 23:53 - 02557640 _____ (NVIDIA Corporation) C:\windows\system32\nvsvcr.dll
2014-09-29 17:36 - 2014-09-13 23:53 - 01087688 _____ (NVIDIA Corporation) C:\windows\system32\nv3dappshext.dll
2014-09-29 17:36 - 2014-09-13 23:53 - 00934216 _____ (NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
2014-09-29 17:36 - 2014-09-13 23:53 - 00385168 _____ (NVIDIA Corporation) C:\windows\system32\nvmctray.dll
2014-09-29 17:36 - 2014-09-13 23:53 - 00067072 _____ (NVIDIA Corporation) C:\windows\system32\nv3dappshextr.dll
2014-09-29 17:36 - 2014-09-13 23:53 - 00062608 _____ (NVIDIA Corporation) C:\windows\system32\nvshext.dll
2014-09-29 17:36 - 2014-09-11 17:37 - 03961833 _____ () C:\windows\system32\nvcoproc.bin
2014-09-29 17:35 - 2014-09-14 01:48 - 31887680 _____ (NVIDIA Corporation) C:\windows\system32\nvoglv64.dll
2014-09-29 17:35 - 2014-09-14 01:48 - 24552592 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglv32.dll
2014-09-29 17:35 - 2014-09-14 01:48 - 20922512 _____ (NVIDIA Corporation) C:\windows\system32\nvcompiler.dll
2014-09-29 17:35 - 2014-09-14 01:48 - 20589536 _____ (NVIDIA Corporation) C:\windows\system32\nvwgf2umx.dll
2014-09-29 17:35 - 2014-09-14 01:48 - 19954520 _____ (NVIDIA Corporation) C:\windows\system32\nvd3dumx.dll
2014-09-29 17:35 - 2014-09-14 01:48 - 18106152 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvwgf2um.dll
2014-09-29 17:35 - 2014-09-14 01:48 - 17259664 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcompiler.dll
2014-09-29 17:35 - 2014-09-14 01:48 - 16875856 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvd3dum.dll
2014-09-29 17:35 - 2014-09-14 01:48 - 14026304 _____ (NVIDIA Corporation) C:\windows\system32\nvopencl.dll
2014-09-29 17:35 - 2014-09-14 01:48 - 13939272 _____ (NVIDIA Corporation) C:\windows\system32\nvcuda.dll
2014-09-29 17:35 - 2014-09-14 01:48 - 13157696 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvlddmkm.sys
2014-09-29 17:35 - 2014-09-14 01:48 - 11392576 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvopencl.dll
2014-09-29 17:35 - 2014-09-14 01:48 - 11330776 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuda.dll
2014-09-29 17:35 - 2014-09-14 01:48 - 04287296 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvid.dll
2014-09-29 17:35 - 2014-09-14 01:48 - 04008592 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvid.dll
2014-09-29 17:35 - 2014-09-14 01:48 - 03223120 _____ (NVIDIA Corporation) C:\windows\system32\nvapi64.dll
2014-09-29 17:35 - 2014-09-14 01:48 - 02838424 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvapi.dll
2014-09-29 17:35 - 2014-09-14 01:48 - 01876296 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco6434411.dll
2014-09-29 17:35 - 2014-09-14 01:48 - 01539272 _____ (NVIDIA Corporation) C:\windows\system32\nvdispgenco6434411.dll
2014-09-29 17:35 - 2014-09-14 01:48 - 00984424 _____ (NVIDIA Corporation) C:\windows\system32\nvumdshimx.dll
2014-09-29 17:35 - 2014-09-14 01:48 - 00957584 _____ (NVIDIA Corporation) C:\windows\system32\NvIFR64.dll
2014-09-29 17:35 - 2014-09-14 01:48 - 00925896 _____ (NVIDIA Corporation) C:\windows\system32\NvFBC64.dll
2014-09-29 17:35 - 2014-09-14 01:48 - 00919240 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFR.dll
2014-09-29 17:35 - 2014-09-14 01:48 - 00894096 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvFBC.dll
2014-09-29 17:35 - 2014-09-14 01:48 - 00867528 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvumdshim.dll
2014-09-29 17:35 - 2014-09-14 01:48 - 00352016 _____ (NVIDIA Corporation) C:\windows\system32\nvoglshim64.dll
2014-09-29 17:35 - 2014-09-14 01:48 - 00303600 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglshim32.dll
2014-09-29 17:35 - 2014-09-14 01:48 - 00174856 _____ (NVIDIA Corporation) C:\windows\system32\nvinitx.dll
2014-09-29 17:35 - 2014-09-14 01:48 - 00156840 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvinit.dll
2014-09-29 17:35 - 2014-09-14 01:48 - 00032576 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvpciflt.sys
2014-09-29 17:35 - 2014-09-14 01:48 - 00026956 _____ () C:\windows\system32\nvinfo.pb
2014-09-27 11:40 - 2014-09-27 11:40 - 00437645 _____ () C:\Users\Phillip\Downloads\SnippingToolPlusv3-4-1-0.zip
2014-09-26 21:52 - 2014-10-25 14:46 - 00000000 ____D () C:\FRST
2014-09-26 21:50 - 2014-10-25 14:46 - 02112512 _____ (Farbar) C:\Users\Phillip\Desktop\FRST64.exe
2014-09-26 21:36 - 2014-10-18 22:02 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-26 21:36 - 2014-09-26 21:36 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-26 21:36 - 2014-09-26 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-26 21:36 - 2014-09-26 21:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-26 21:36 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-26 21:36 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-26 21:36 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-26 21:35 - 2014-09-26 21:35 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Phillip\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-26 18:44 - 2014-10-17 21:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-09-26 18:40 - 2014-10-17 21:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-26 18:05 - 2014-09-26 18:05 - 00002776 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-25 14:41 - 2012-10-27 16:48 - 00000000 ____D () C:\Users\Phillip\AppData\Roaming\Skype
2014-10-25 14:38 - 2011-10-11 18:59 - 01601172 _____ () C:\windows\WindowsUpdate.log
2014-10-25 14:36 - 2013-06-28 23:04 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-10-25 13:42 - 2014-09-24 20:03 - 00000000 ____D () C:\Users\Phillip\AppData\Roaming\.minecraft
2014-10-25 13:18 - 2009-07-14 06:45 - 00028624 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-25 13:18 - 2009-07-14 06:45 - 00028624 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-25 13:15 - 2014-08-23 13:47 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-25 13:09 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-19 17:36 - 2014-04-11 17:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-18 12:49 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-10-17 21:47 - 2012-10-19 18:22 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-10-17 21:47 - 2012-10-19 18:22 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-17 21:41 - 2012-10-27 15:44 - 00002026 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-10-17 21:40 - 2014-04-11 17:41 - 00001075 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-17 21:40 - 2012-10-27 15:43 - 00001087 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-17 20:21 - 2012-10-27 16:15 - 00000000 ____D () C:\Users\Phillip\AppData\Roaming\SoftGrid Client
2014-10-17 19:48 - 2012-10-12 20:42 - 00000000 ____D () C:\ProgramData\Skype
2014-10-17 19:46 - 1981-01-01 00:00 - 00000074 ____H () C:\Users\Phillip\Desktop\SicherLoeschen.ini
2014-10-17 19:31 - 2014-04-30 23:49 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-10-17 19:31 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-10-17 19:31 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\Dism
2014-10-15 22:17 - 2013-07-22 14:22 - 00000000 ____D () C:\windows\system32\MRT
2014-10-15 22:14 - 2012-10-19 17:14 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-10-10 22:19 - 2013-08-29 15:45 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-10-10 22:16 - 2012-12-07 17:53 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-10-10 22:13 - 2012-12-07 17:52 - 00000000 ____D () C:\ProgramData\Apple
2014-10-10 19:51 - 2014-08-23 13:47 - 00793800 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klif.sys
2014-10-10 19:51 - 2014-08-23 13:47 - 00141320 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klflt.sys
2014-10-03 19:22 - 2012-11-17 11:26 - 00000000 ____D () C:\PhillipDateien
2014-10-01 21:06 - 2013-05-05 21:45 - 00000000 ____D () C:\windows\Downloaded Installations
2014-09-29 19:53 - 2014-03-08 17:39 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-29 17:38 - 2011-10-11 03:06 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-29 17:36 - 2014-07-22 14:55 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-09-29 17:36 - 2011-10-11 03:05 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-09-29 17:36 - 2011-10-11 03:05 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-09-29 17:36 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\Help
2014-09-27 16:44 - 2012-11-06 21:04 - 00327680 _____ () C:\windows\system32\Ikeext.etl
2014-09-27 16:44 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\tracing
2014-09-26 18:20 - 2012-10-27 16:14 - 01596580 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-09-26 18:20 - 2011-10-11 03:44 - 00700134 _____ () C:\windows\system32\perfh007.dat
2014-09-26 18:20 - 2011-10-11 03:44 - 00149984 _____ () C:\windows\system32\perfc007.dat
2014-09-26 18:20 - 2009-07-14 07:13 - 01596580 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-26 18:05 - 2012-10-27 15:36 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-26 18:05 - 2012-10-27 15:36 - 00000000 ____D () C:\Program Files\CCleaner

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-27 16:22

==================== End Of Log ============================

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-10-2014
Ran by Phillip at 2014-10-25 14:48:40
Running from C:\Users\Phillip\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\{BC8AC77D-6A6F-491F-BEED-2958F09C6CAE}) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\{AF82C1A9-56DC-4CCD-A36C-CAE56D541DFA}) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media Suite (x32 Version: 8.0.2227 - CyberLink Corp.) Hidden
CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)
CyberLink Media+ Player10 (x32 Version: 10.0.1110.00 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 5.0.1130a - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3802 - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 8.0.3306 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4417 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.4417 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
Dr Kawashima (HKCU\...\DrKawashima) (Version: 1.0 - )
Easy File Share (HKLM-x32\...\{95BB7324-77D3-4BF3-8CF6-29F0857AC175}) (Version: 1.1.1699 - Samsung Electronics Co., Ltd.)
Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics Co., Ltd.)
Easy Software Manager (HKLM-x32\...\{DE256D8B-D971-456D-BC02-CB64DA24F115}) (Version: 1.1.16.14 - Samsung Electronics Co., Ltd.)
Easy Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.36 - Samsung)
Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gameforge Live 1.10.1 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.10.1 - Gameforge)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GeoGebra 4.4 (HKLM-x32\...\GeoGebra 4.4) (Version: 4.4.11.0 - International GeoGebra Institute)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Halo: Spartan Assault (HKLM-x32\...\Steam App 277430) (Version:  - Vanguard Games)
Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.8.20.26 - Oracle Corporation) Hidden
John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - JC2-MP Team)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Logitech Gaming Software (Version: 8.30.28 - Logitech Inc.) Hidden
Logitech Gaming Software 8.55 (HKLM\...\Logitech Gaming Software) (Version: 8.55.137 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Mozilla Firefox 33.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 de)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 de)) (Version: 31.2.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Need for Speed™ Most Wanted (HKLM-x32\...\{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA GeForce Experience Service (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Grafiktreiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 2.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.14.0702 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA ShadowPlay 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 344.11 (Version: 344.11 - NVIDIA Corporation) Hidden
NVIDIA Update 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.25 (Version: 1.2.25 - NVIDIA Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Pflanzen gegen Zombies (HKLM-x32\...\Pflanzen gegen Zombies) (Version:  - PopCap Games)
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6413 - Realtek Semiconductor Corp.)
S.K.I.L.L. - Special Force 2 (HKLM-x32\...\Special Force 2 Beta_is1) (Version:  - )
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.1.5 - Samsung)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung)
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Tom Clancy's Ghost Recon Phantoms - EU (HKLM-x32\...\Steam App 272350) (Version:  - Ubisoft Singapore)
Transformers: War for Cybertron (HKLM-x32\...\Steam App 42650) (Version:  - High Moon Studios)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.3 - )
Vegas Pro 13.0 (64-bit) (HKLM\...\{386F5740-091D-11E4-B13E-F04DA23A5C58}) (Version: 13.0.373 - Sony)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent)
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live fotoattēlu galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Foto-galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Pošta (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 메일 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 사진 갤러리 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 필수 패키지 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WIN-LOGO 2.0 (HKLM-x32\...\WIN-LOGO 2.0) (Version:  - )
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2066.1.A11B02 - ZTE Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0435D378-CCD8-418D-8B79-607F172F6EB0} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-17] (Adobe Systems Incorporated)
Task: {120BCC3C-0E70-4F4B-97B3-730C36063045} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-17] (CyberLink)
Task: {138511B7-E44F-4289-8F23-C146C7FF6A9F} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2011-08-19] (Samsung Electronics Co., Ltd.)
Task: {1BF06D66-4764-49B4-8B2C-3131B85DFE06} - System32\Tasks\{4C5E8DFE-2244-4517-857E-E2A6387CF892} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsBing
Task: {2798D390-5CB0-498F-BFB5-EE46038EC4F2} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {2DFCD5D1-5B79-4CB3-B559-6D97C2EC1D40} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-08-19] (SAMSUNG Electronics co., LTD.)
Task: {3346EB51-5C8B-4C2E-92BD-FCF89620D6E7} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2011-09-06] (Samsung Electronics Co., Ltd.)
Task: {769BD9CA-58B1-40D4-BBFF-6DAE9250AC48} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-06-24] (SEC)
Task: {A4CF5630-2D45-4D87-AC3D-98420472C3CA} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe [2011-07-30] (SAMSUNG Electronics)
Task: {B0AB2D5F-5374-4E2C-8BD0-B981E8F1F8D8} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2011-08-22] (Samsung Electronics Co., Ltd.)
Task: {B670151B-528E-464A-844E-173B3AEF7C2B} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe
Task: {C1A19806-8599-4534-BC3A-06287400E46B} - System32\Tasks\Easy Software Manager Agent => C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe [2011-09-15] (Samsung)
Task: {D60AF5EA-B7F4-4AA9-9886-E1C36FD71042} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2011-09-06] (Samsung Electronics Co., Ltd.)
Task: {D618E611-686C-46A8-AE2B-7AA2D1750F0F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-25] (Piriform Ltd)
Task: {D68BA58B-8B6C-406C-ABE7-9AFDD5B1DFE7} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2011-09-28] (Samsung Electronics)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-09-29 17:35 - 2014-09-14 01:48 - 00013120 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-09-29 17:36 - 2014-09-13 23:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-10-11 04:22 - 2009-12-01 09:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-07-28 20:29 - 2014-07-28 20:29 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-07-28 20:32 - 2014-07-28 20:32 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-07-28 20:29 - 2014-07-28 20:29 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-07-28 20:31 - 2014-07-28 20:31 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2011-07-21 07:51 - 2010-12-16 11:37 - 00094208 _____ () C:\windows\system32\IccLibDll_x64.dll
2014-09-24 19:12 - 2014-09-24 19:12 - 00054696 _____ () C:\Program Files\Java\jre7\bin\prism-d3d.dll
2014-09-24 19:12 - 2014-09-24 19:12 - 00198568 _____ () C:\Program Files\Java\jre7\bin\glass.dll
2014-09-24 19:12 - 2014-09-24 19:12 - 00640424 _____ () C:\Program Files\Java\jre7\bin\libxml2.dll
2014-09-24 19:12 - 2014-09-24 19:12 - 00209832 _____ () C:\Program Files\Java\jre7\bin\libxslt.dll
2014-09-24 19:12 - 2014-09-24 19:12 - 14863784 _____ () C:\Program Files\Java\jre7\bin\jfxwebkit.dll
2014-09-24 19:12 - 2014-09-24 19:12 - 00320424 _____ () C:\Program Files\Java\jre7\bin\javafx-font.dll
2014-10-25 13:26 - 2014-10-25 13:26 - 00310272 _____ () C:\Users\Phillip\AppData\Roaming\.minecraft\versions\1.7.10-OptiFine_HD_U_A4\1.7.10-OptiFine_HD_U_A4-natives-1056349833964\lwjgl64.dll
2014-10-25 13:26 - 2014-10-25 13:26 - 00653832 _____ () C:\Users\Phillip\AppData\Roaming\.minecraft\versions\1.7.10-OptiFine_HD_U_A4\1.7.10-OptiFine_HD_U_A4-natives-1056349833964\avutil-ttv-51.dll
2014-10-25 13:26 - 2014-10-25 13:26 - 00361103 _____ () C:\Users\Phillip\AppData\Roaming\.minecraft\versions\1.7.10-OptiFine_HD_U_A4\1.7.10-OptiFine_HD_U_A4-natives-1056349833964\swresample-ttv-0.dll
2014-10-25 13:26 - 2014-10-25 13:26 - 00688161 _____ () C:\Users\Phillip\AppData\Roaming\.minecraft\versions\1.7.10-OptiFine_HD_U_A4\1.7.10-OptiFine_HD_U_A4-natives-1056349833964\libmp3lame-ttv.dll
2014-10-25 13:26 - 2014-10-25 13:26 - 01127424 _____ () C:\Users\Phillip\AppData\Roaming\.minecraft\versions\1.7.10-OptiFine_HD_U_A4\1.7.10-OptiFine_HD_U_A4-natives-1056349833964\twitchsdk.dll
2014-10-25 13:26 - 2014-10-25 13:26 - 00382464 _____ () C:\Users\Phillip\AppData\Roaming\.minecraft\versions\1.7.10-OptiFine_HD_U_A4\1.7.10-OptiFine_HD_U_A4-natives-1056349833964\OpenAL64.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-29 17:35 - 2014-09-14 01:48 - 00012104 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2011-10-11 03:12 - 2011-02-16 18:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2011-10-11 03:12 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
2009-11-02 07:20 - 2009-11-02 07:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 07:23 - 2009-11-02 07:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-09-26 18:40 - 2014-10-11 14:53 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-04-20 01:42 - 2014-04-20 01:42 - 00468672 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-04-20 01:42 - 2014-10-10 19:50 - 00642344 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
2014-04-20 01:42 - 2014-04-20 01:42 - 00347328 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com\nponlinebanking.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

========================= Accounts: ==========================

Administrator (S-1-5-21-578327087-4110603385-1361986703-500 - Administrator - Disabled)
Gast (S-1-5-21-578327087-4110603385-1361986703-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-578327087-4110603385-1361986703-1003 - Limited - Enabled)
Phillip (S-1-5-21-578327087-4110603385-1361986703-1001 - Administrator - Enabled) => C:\Users\Phillip

==================== Faulty Device Manager Devices =============

Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/25/2014 02:38:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.9016, Zeitstempel: 0x52a1d50f
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000332b0
ID des fehlerhaften Prozesses: 0x6a4
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3

Error: (10/25/2014 02:35:00 PM) (Source: MsiInstaller) (EventID: 1002) (User: NT-AUTORITÄT)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageName", Wert: "") für Schlüssel "HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList".

Error: (10/25/2014 02:34:19 PM) (Source: MsiInstaller) (EventID: 1002) (User: NT-AUTORITÄT)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageName", Wert: "") für Schlüssel "HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList".

Error: (10/25/2014 02:33:28 PM) (Source: MsiInstaller) (EventID: 1002) (User: NT-AUTORITÄT)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageName", Wert: "") für Schlüssel "HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList".

Error: (10/25/2014 01:10:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/25/2014 01:10:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SWMAgent.exe, Version: 1.1.16.14, Zeitstempel: 0x4e71639d
Name des fehlerhaften Moduls: SWMAgent.exe, Version: 1.1.16.14, Zeitstempel: 0x4e71639d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001fbe8
ID des fehlerhaften Prozesses: 0xae0
Startzeit der fehlerhaften Anwendung: 0xSWMAgent.exe0
Pfad der fehlerhaften Anwendung: SWMAgent.exe1
Pfad des fehlerhaften Moduls: SWMAgent.exe2
Berichtskennung: SWMAgent.exe3

Error: (10/19/2014 11:17:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 177825

Error: (10/19/2014 11:17:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 177825

Error: (10/19/2014 11:17:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/19/2014 11:15:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5678


System errors:
=============
Error: (10/25/2014 01:13:03 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\windows\system32\wbem\unsecapp.exe -Embedding5{49BD2028-1523-11D1-AD79-00C04FD8FDFF}

Error: (10/25/2014 01:12:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535

Error: (10/25/2014 01:12:34 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535

Error: (10/25/2014 01:12:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535

Error: (10/25/2014 01:12:34 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535

Error: (10/25/2014 01:12:34 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (10/25/2014 01:12:34 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (10/25/2014 01:10:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535

Error: (10/25/2014 01:10:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535

Error: (10/25/2014 01:10:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535


Microsoft Office Sessions:
=========================
Error: (10/25/2014 02:38:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.901652a1d50fntdll.dll6.1.7601.18247521ea8e7c0000005000332b06a401cff04bc7d282a3C:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\windows\SysWOW64\ntdll.dlld628ae5d-5c43-11e4-95cb-e8039a144256

Error: (10/25/2014 02:35:00 PM) (Source: MsiInstaller) (EventID: 1002) (User: NT-AUTORITÄT)
Description: PackageNameHKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList(NULL)(NULL)(NULL)

Error: (10/25/2014 02:34:19 PM) (Source: MsiInstaller) (EventID: 1002) (User: NT-AUTORITÄT)
Description: PackageNameHKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList(NULL)(NULL)(NULL)

Error: (10/25/2014 02:33:28 PM) (Source: MsiInstaller) (EventID: 1002) (User: NT-AUTORITÄT)
Description: PackageNameHKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList(NULL)(NULL)(NULL)

Error: (10/25/2014 01:10:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/25/2014 01:10:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SWMAgent.exe1.1.16.144e71639dSWMAgent.exe1.1.16.144e71639dc00000050001fbe8ae001cff04421857d6cC:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exeC:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe7a45de3e-5c37-11e4-95ca-e8039a144256

Error: (10/19/2014 11:17:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 177825

Error: (10/19/2014 11:17:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 177825

Error: (10/19/2014 11:17:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/19/2014 11:15:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5678


CodeIntegrity Errors:
===================================
  Date: 2014-09-11 20:48:16.274
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-11 20:48:16.264
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-11 20:48:16.254
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-11 20:48:16.254
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-11 20:45:19.544
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-11 20:45:19.444
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 67%
Total physical RAM: 8105.55 MB
Available physical RAM: 2648.65 MB
Total Pagefile: 16209.27 MB
Available Pagefile: 9228.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:177 GB) (Free:5.73 GB) NTFS
Drive d: () (Fixed) (Total:265.59 GB) (Free:129.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: A90831CD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=177 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=265.6 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=23.1 GB) - (Type=27)

==================== End Of Log ============================

schrauber 25.10.2014 14:02
hi,

Zitat:
war so nen typ im ts der gesagt hat er will mich ddos en
Hat der Kindergarten wieder Ausgang? Du weuißt was ein DDOS Angriff ist?


Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Lolbobolp 25.10.2014 14:24
Nein ich weiß nicht was das ist :( kenne mich gar nicht aus

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-25 15:17:29
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AR1 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Phillip\AppData\Local\Temp\fxlirkoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                        fffff800033f5000 45 bytes [00, 00, A1, 00, 4E, 74, 66, ...]
INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                                                        fffff800033f502f 10 bytes [00, 01, 00, 06, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\windows\system32\kernel32.dll!RegSetValueExW                                                            000000007711a400 7 bytes JMP 000000016fff0228
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\windows\system32\kernel32.dll!RegQueryValueExW                                                          0000000077123f20 5 bytes JMP 000000016fff0180
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\windows\system32\kernel32.dll!RegDeleteValueW                                                            000000007713ffb0 5 bytes JMP 000000016fff01b8
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW                                                      000000007714f2e0 5 bytes JMP 000000016fff0110
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                    0000000077179a30 7 bytes JMP 000000016fff00d8
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\windows\system32\kernel32.dll!K32GetModuleInformation                                                    00000000771894c0 5 bytes JMP 000000016fff0148
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\windows\system32\kernel32.dll!RegSetValueExA                                                            00000000771a87e0 7 bytes JMP 000000016fff01f0
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\windows\system32\KERNELBASE.dll!FreeLibrary                                                              000007fefd212db0 5 bytes JMP 000007fffd200180
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW                                                        000007fefd2137d0 7 bytes JMP 000007fffd2000d8
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                                          000007fefd218ef0 6 bytes JMP 000007fffd200148
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                      000007fefd22af60 5 bytes JMP 000007fffd200110
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                        000007fefdda89f0 8 bytes JMP 000007fffd2001f0
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                      000007fefddabe50 8 bytes JMP 000007fffd2001b8
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\windows\system32\ole32.dll!CoCreateInstance                                                              000007fefe337490 11 bytes JMP 000007fffd200228
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1600] C:\windows\system32\ole32.dll!CoSetProxyBlanket                                                            000007fefe34bf00 7 bytes JMP 000007fffd200260
.text    C:\windows\system32\taskeng.exe[1740] C:\windows\system32\KERNELBASE.dll!FreeLibrary                                                                                      000007fefd212db0 5 bytes JMP 000007fffd200180
.text    C:\windows\system32\taskeng.exe[1740] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                  000007fefd2137d0 7 bytes JMP 000007fffd2000d8
.text    C:\windows\system32\taskeng.exe[1740] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                    000007fefd218ef0 6 bytes JMP 000007fffd200148
.text    C:\windows\system32\taskeng.exe[1740] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                000007fefd22af60 5 bytes JMP 000007fffd200110
.text    C:\windows\system32\taskeng.exe[1740] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                000007fefdda89f0 8 bytes JMP 000007fffd2001f0
.text    C:\windows\system32\taskeng.exe[1740] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                              000007fefddabe50 8 bytes JMP 000007fffd2001b8
.text    C:\windows\system32\taskeng.exe[1740] C:\windows\system32\ole32.dll!CoCreateInstance                                                                                      000007fefe337490 11 bytes JMP 000007fffd200228
.text    C:\windows\system32\taskeng.exe[1740] C:\windows\system32\ole32.dll!CoSetProxyBlanket                                                                                      000007fefe34bf00 7 bytes JMP 000007fffd200260
.text    C:\windows\system32\Dwm.exe[1792] C:\windows\system32\KERNELBASE.dll!FreeLibrary                                                                                          000007fefd212db0 5 bytes JMP 000007fffd200180
.text    C:\windows\system32\Dwm.exe[1792] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                      000007fefd2137d0 7 bytes JMP 000007fffd2000d8
.text    C:\windows\system32\Dwm.exe[1792] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                        000007fefd218ef0 6 bytes JMP 000007fffd200148
.text    C:\windows\system32\Dwm.exe[1792] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                    000007fefd22af60 5 bytes JMP 000007fffd200110
.text    C:\windows\system32\Dwm.exe[1792] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                    000007fefdda89f0 8 bytes JMP 000007fffd2001f0
.text    C:\windows\system32\Dwm.exe[1792] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                  000007fefddabe50 8 bytes JMP 000007fffd2001b8
.text    C:\windows\system32\Dwm.exe[1792] C:\windows\system32\dxgi.dll!CreateDXGIFactory                                                                                          000007fef93fdc88 5 bytes JMP 000007fff91f00d8
.text    C:\windows\system32\Dwm.exe[1792] C:\windows\system32\dxgi.dll!CreateDXGIFactory1                                                                                          000007fef93fde10 5 bytes JMP 000007fff91f0110
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2008] C:\windows\system32\kernel32.dll!RegSetValueExW                                                                      000000007711a400 7 bytes JMP 000000016fff0228
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2008] C:\windows\system32\kernel32.dll!RegQueryValueExW                                                                    0000000077123f20 5 bytes JMP 000000016fff0180
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2008] C:\windows\system32\kernel32.dll!RegDeleteValueW                                                                    000000007713ffb0 5 bytes JMP 000000016fff01b8
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2008] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW                                                              000000007714f2e0 5 bytes JMP 000000016fff0110
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2008] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                            0000000077179a30 7 bytes JMP 000000016fff00d8
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2008] C:\windows\system32\kernel32.dll!K32GetModuleInformation                                                            00000000771894c0 5 bytes JMP 000000016fff0148
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2008] C:\windows\system32\kernel32.dll!RegSetValueExA                                                                      00000000771a87e0 7 bytes JMP 000000016fff01f0
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2008] C:\windows\system32\KERNELBASE.dll!FreeLibrary                                                                      000007fefd212db0 5 bytes JMP 000007fffd200180
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2008] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                  000007fefd2137d0 7 bytes JMP 000007fffd2000d8
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2008] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                    000007fefd218ef0 6 bytes JMP 000007fffd200148
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2008] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                000007fefd22af60 5 bytes JMP 000007fffd200110
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2008] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                000007fefdda89f0 8 bytes JMP 000007fffd2001f0
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2008] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                              000007fefddabe50 8 bytes JMP 000007fffd2001b8
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2008] C:\windows\system32\ole32.dll!CoCreateInstance                                                                      000007fefe337490 11 bytes JMP 000007fffd200228
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2008] C:\windows\system32\ole32.dll!CoSetProxyBlanket                                                                      000007fefe34bf00 7 bytes JMP 000007fffd200260
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2024] C:\windows\syswow64\kernel32.dll!RegQueryValueExW                                                0000000075651f0e 7 bytes JMP 00000001711c4b10
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2024] C:\windows\syswow64\kernel32.dll!RegSetValueExW                                                  0000000075655bad 7 bytes JMP 00000001711c54b0
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2024] C:\windows\syswow64\kernel32.dll!RegSetValueExA                                                  0000000075661409 7 bytes JMP 00000001711c4e50
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2024] C:\windows\syswow64\kernel32.dll!RegDeleteValueW                                                000000007566ea45 7 bytes JMP 00000001711c4b00
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2024] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                        00000000756f8e24 7 bytes JMP 00000001711c45c0
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2024] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation                                        00000000756f8ea9 5 bytes JMP 00000001711c4670
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2024] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                          00000000756f91ff 5 bytes JMP 00000001711c45d0
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2024] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                              00000000753a1d29 5 bytes JMP 00000001711c4580
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2024] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                            00000000753a1dd7 5 bytes JMP 00000001711c4540
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2024] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                00000000753a2ab1 5 bytes JMP 00000001711c4680
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2024] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary                                                  00000000753a2d17 5 bytes JMP 00000001711c4360
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2024] C:\windows\syswow64\USER32.dll!CreateWindowExW                                                  0000000075d28a29 5 bytes JMP 00000001711c3a40
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2024] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA                                              0000000075d34572 5 bytes JMP 00000001711c42e0
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2024] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW                                              0000000075d4e567 5 bytes JMP 00000001711c4350
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2024] C:\windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                                          0000000075d707d7 5 bytes JMP 00000001711c3850
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2024] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                        0000000075d87a5c 5 bytes JMP 00000001711c42d0
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2024] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                          000000007579e96b 5 bytes JMP 00000001711c3b60
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2024] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                            000000007579eba5 5 bytes JMP 00000001711c3b80
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2024] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket                                                  0000000075835ea5 5 bytes JMP 00000001711c3a00
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2024] C:\windows\syswow64\ole32.dll!CoCreateInstance                                                  0000000075869d0b 5 bytes JMP 00000001711c3990
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2024] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                          0000000076cf1401 2 bytes JMP 7567b21b C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2024] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                            0000000076cf1419 2 bytes JMP 7567b346 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2024] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                          0000000076cf1431 2 bytes JMP 756f8ea9 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2024] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                          0000000076cf144a 2 bytes CALL 756548ad C:\windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                        * 9
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2024] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                            0000000076cf14dd 2 bytes JMP 756f87a2 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2024] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                      0000000076cf14f5 2 bytes JMP 756f8978 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2024] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                            0000000076cf150d 2 bytes JMP 756f8698 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2024] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                      0000000076cf1525 2 bytes JMP 756f8a62 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2024] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                            0000000076cf153d 2 bytes JMP 7566fca8 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2024] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                0000000076cf1555 2 bytes JMP 756768ef C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2024] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                          0000000076cf156d 2 bytes JMP 756f8f61 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2024] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                            0000000076cf1585 2 bytes JMP 756f8ac2 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2024] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                              0000000076cf159d 2 bytes JMP 756f865c C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2024] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                            0000000076cf15b5 2 bytes JMP 7566fd41 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2024] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                          0000000076cf15cd 2 bytes JMP 7567b2dc C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2024] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                      0000000076cf16b2 2 bytes JMP 756f8e24 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2024] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                      0000000076cf16bd 2 bytes JMP 756f85f1 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2320] C:\windows\system32\kernel32.dll!RegSetValueExW                                                              000000007711a400 7 bytes JMP 000000016fff0228
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2320] C:\windows\system32\kernel32.dll!RegQueryValueExW                                                            0000000077123f20 5 bytes JMP 000000016fff0180
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2320] C:\windows\system32\kernel32.dll!RegDeleteValueW                                                              000000007713ffb0 5 bytes JMP 000000016fff01b8
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2320] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW                                                        000000007714f2e0 5 bytes JMP 000000016fff0110
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2320] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                      0000000077179a30 7 bytes JMP 000000016fff00d8
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2320] C:\windows\system32\kernel32.dll!K32GetModuleInformation                                                      00000000771894c0 5 bytes JMP 000000016fff0148
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2320] C:\windows\system32\kernel32.dll!RegSetValueExA                                                              00000000771a87e0 7 bytes JMP 000000016fff01f0
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2320] C:\windows\system32\KERNELBASE.dll!FreeLibrary                                                                000007fefd212db0 5 bytes JMP 000007fffd200180
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2320] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW                                                          000007fefd2137d0 7 bytes JMP 000007fffd2000d8
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2320] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                                            000007fefd218ef0 6 bytes JMP 000007fffd200148
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2320] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                        000007fefd22af60 5 bytes JMP 000007fffd200110
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2320] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                          000007fefdda89f0 8 bytes JMP 000007fffd2001f0
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2320] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                        000007fefddabe50 8 bytes JMP 000007fffd2001b8
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2624] C:\windows\system32\kernel32.dll!RegSetValueExW                                                      000000007711a400 7 bytes JMP 000000016fff0228
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2624] C:\windows\system32\kernel32.dll!RegQueryValueExW                                                    0000000077123f20 5 bytes JMP 000000016fff0180
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2624] C:\windows\system32\kernel32.dll!RegDeleteValueW                                                    000000007713ffb0 5 bytes JMP 000000016fff01b8
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2624] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW                                              000000007714f2e0 5 bytes JMP 000000016fff0110
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2624] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx                                            0000000077179a30 7 bytes JMP 000000016fff00d8
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2624] C:\windows\system32\kernel32.dll!K32GetModuleInformation                                            00000000771894c0 5 bytes JMP 000000016fff0148
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2624] C:\windows\system32\kernel32.dll!RegSetValueExA                                                      00000000771a87e0 7 bytes JMP 000000016fff01f0
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2624] C:\windows\system32\KERNELBASE.dll!FreeLibrary                                                      000007fefd212db0 5 bytes JMP 000007fffd090180
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2624] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW                                                  000007fefd2137d0 7 bytes JMP 000007fffd0900d8
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2624] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                                    000007fefd218ef0 6 bytes JMP 000007fffd090148
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2624] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                000007fefd22af60 5 bytes JMP 000007fffd090110
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2624] C:\windows\system32\ole32.dll!CoCreateInstance                                                      000007fefe337490 11 bytes JMP 000007fffd090228
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2624] C:\windows\system32\ole32.dll!CoSetProxyBlanket                                                      000007fefe34bf00 7 bytes JMP 000007fffd090260
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2624] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                000007fefdda89f0 8 bytes JMP 000007fffd0901f0
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2624] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                              000007fefddabe50 8 bytes JMP 000007fffd0901b8
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2624] C:\windows\system32\d3d9.dll!Direct3DCreate9Ex                                                      000007fef44e2460 4 bytes JMP 000007fefd0902d0
.text    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2624] C:\windows\system32\d3d9.dll!Direct3DCreate9                                                        000007fef45196b0 6 bytes JMP 000007fefd090298
.text    C:\windows\system32\taskeng.exe[3888] C:\windows\system32\KERNELBASE.dll!FreeLibrary                                                                                      000007fefd212db0 5 bytes JMP 000007fffd200180
.text    C:\windows\system32\taskeng.exe[3888] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                  000007fefd2137d0 7 bytes JMP 000007fffd2000d8
.text    C:\windows\system32\taskeng.exe[3888] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                    000007fefd218ef0 6 bytes JMP 000007fffd200148
.text    C:\windows\system32\taskeng.exe[3888] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                000007fefd22af60 5 bytes JMP 000007fffd200110
.text    C:\windows\system32\taskeng.exe[3888] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                000007fefdda89f0 8 bytes JMP 000007fffd2001f0
.text    C:\windows\system32\taskeng.exe[3888] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                              000007fefddabe50 8 bytes JMP 000007fffd2001b8
.text    C:\windows\system32\taskeng.exe[3888] C:\windows\system32\ole32.dll!CoCreateInstance                                                                                      000007fefe337490 11 bytes JMP 000007fffd200228
.text    C:\windows\system32\taskeng.exe[3888] C:\windows\system32\ole32.dll!CoSetProxyBlanket                                                                                      000007fefe34bf00 7 bytes JMP 000007fffd200260
.text    C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe[3932] C:\windows\syswow64\kernel32.dll!RegQueryValueExW                                                0000000075651f0e 7 bytes JMP 00000001711c4b10
.text    C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe[3932] C:\windows\syswow64\kernel32.dll!RegSetValueExW                                                  0000000075655bad 7 bytes JMP 00000001711c54b0
.text    C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe[3932] C:\windows\syswow64\kernel32.dll!RegSetValueExA                                                  0000000075661409 7 bytes JMP 00000001711c4e50
.text    C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe[3932] C:\windows\syswow64\kernel32.dll!RegDeleteValueW                                                000000007566ea45 7 bytes JMP 00000001711c4b00
.text    C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe[3932] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                        00000000756f8e24 7 bytes JMP 00000001711c45c0
.text    C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe[3932] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation                                        00000000756f8ea9 5 bytes JMP 00000001711c4670
.text    C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe[3932] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                          00000000756f91ff 5 bytes JMP 00000001711c45d0
.text    C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[3944] C:\windows\syswow64\kernel32.dll!RegQueryValueExW                                                          0000000075651f0e 7 bytes JMP 00000001711c4b10
.text    C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[3944] C:\windows\syswow64\kernel32.dll!RegSetValueExW                                                            0000000075655bad 7 bytes JMP 00000001711c54b0
.text    C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[3944] C:\windows\syswow64\kernel32.dll!RegSetValueExA                                                            0000000075661409 7 bytes JMP 00000001711c4e50
.text    C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[3944] C:\windows\syswow64\kernel32.dll!RegDeleteValueW                                                          000000007566ea45 7 bytes JMP 00000001711c4b00
.text    C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[3944] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                  00000000756f8e24 7 bytes JMP 00000001711c45c0
.text    C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[3944] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation                                                  00000000756f8ea9 5 bytes JMP 00000001711c4670
.text    C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[3944] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                    00000000756f91ff 5 bytes JMP 00000001711c45d0
.text    C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[3972] C:\windows\syswow64\kernel32.dll!RegQueryValueExW                                                      0000000075651f0e 7 bytes JMP 00000001711c4b10
.text    C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[3972] C:\windows\syswow64\kernel32.dll!RegSetValueExW                                                        0000000075655bad 7 bytes JMP 00000001711c54b0
.text    C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[3972] C:\windows\syswow64\kernel32.dll!RegSetValueExA                                                        0000000075661409 7 bytes JMP 00000001711c4e50
.text    C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[3972] C:\windows\syswow64\kernel32.dll!RegDeleteValueW                                                      000000007566ea45 7 bytes JMP 00000001711c4b00
.text    C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[3972] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                              00000000756f8e24 7 bytes JMP 00000001711c45c0
.text    C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[3972] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation                                              00000000756f8ea9 5 bytes JMP 00000001711c4670
.text    C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[3972] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                00000000756f91ff 5 bytes JMP 00000001711c45d0
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4052] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                      0000000076cf1401 2 bytes JMP 7567b21b C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4052] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                        0000000076cf1419 2 bytes JMP 7567b346 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4052] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                      0000000076cf1431 2 bytes JMP 756f8ea9 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4052] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                      0000000076cf144a 2 bytes CALL 756548ad C:\windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                        * 9
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4052] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                          0000000076cf14dd 2 bytes JMP 756f87a2 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4052] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                  0000000076cf14f5 2 bytes JMP 756f8978 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4052] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                          0000000076cf150d 2 bytes JMP 756f8698 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4052] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                  0000000076cf1525 2 bytes JMP 756f8a62 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4052] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                        0000000076cf153d 2 bytes JMP 7566fca8 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4052] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17                              0000000076cf1555 2 bytes JMP 756768ef C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4052] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                      0000000076cf156d 2 bytes JMP 756f8f61 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4052] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                        0000000076cf1585 2 bytes JMP 756f8ac2 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4052] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                            0000000076cf159d 2 bytes JMP 756f865c C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4052] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                        0000000076cf15b5 2 bytes JMP 7566fd41 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4052] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                      0000000076cf15cd 2 bytes JMP 7567b2dc C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4052] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                  0000000076cf16b2 2 bytes JMP 756f8e24 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4052] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                  0000000076cf16bd 2 bytes JMP 756f85f1 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files\Logitech Gaming Software\LCore.exe[5604] C:\windows\system32\kernel32.dll!RegSetValueExW                                                                  000000007711a400 7 bytes JMP 000000016fff0228
.text    C:\Program Files\Logitech Gaming Software\LCore.exe[5604] C:\windows\system32\kernel32.dll!RegQueryValueExW                                                                0000000077123f20 5 bytes JMP 000000016fff0180
.text    C:\Program Files\Logitech Gaming Software\LCore.exe[5604] C:\windows\system32\kernel32.dll!RegDeleteValueW                                                                000000007713ffb0 5 bytes JMP 000000016fff01b8
.text    C:\Program Files\Logitech Gaming Software\LCore.exe[5604] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW                                                          000000007714f2e0 5 bytes JMP 000000016fff0110
.text    C:\Program Files\Logitech Gaming Software\LCore.exe[5604] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                        0000000077179a30 7 bytes JMP 000000016fff00d8
.text    C:\Program Files\Logitech Gaming Software\LCore.exe[5604] C:\windows\system32\kernel32.dll!K32GetModuleInformation                                                        00000000771894c0 5 bytes JMP 000000016fff0148
.text    C:\Program Files\Logitech Gaming Software\LCore.exe[5604] C:\windows\system32\kernel32.dll!RegSetValueExA                                                                  00000000771a87e0 7 bytes JMP 000000016fff01f0
.text    C:\Program Files\Logitech Gaming Software\LCore.exe[5604] C:\windows\system32\KERNELBASE.dll!FreeLibrary                                                                  000007fefd212db0 5 bytes JMP 000007fffd090180
.text    C:\Program Files\Logitech Gaming Software\LCore.exe[5604] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW                                                              000007fefd2137d0 7 bytes JMP 000007fffd0900d8
.text    C:\Program Files\Logitech Gaming Software\LCore.exe[5604] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                000007fefd218ef0 6 bytes JMP 000007fffd090148
.text    C:\Program Files\Logitech Gaming Software\LCore.exe[5604] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                            000007fefd22af60 5 bytes JMP 000007fffd090110
.text    C:\Program Files\Logitech Gaming Software\LCore.exe[5604] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                            000007fefdda89f0 8 bytes JMP 000007fffd0901f0
.text    C:\Program Files\Logitech Gaming Software\LCore.exe[5604] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                          000007fefddabe50 8 bytes JMP 000007fffd0901b8
.text    C:\Program Files\Logitech Gaming Software\LCore.exe[5604] C:\windows\system32\ole32.dll!CoCreateInstance                                                                  000007fefe337490 11 bytes JMP 000007fffd090228
.text    C:\Program Files\Logitech Gaming Software\LCore.exe[5604] C:\windows\system32\ole32.dll!CoSetProxyBlanket                                                                  000007fefe34bf00 7 bytes JMP 000007fffd090260
.text    C:\Program Files\Logitech Gaming Software\LCore.exe[5604] C:\windows\system32\d3d9.dll!Direct3DCreate9Ex                                                                  000007fef44e2460 4 bytes JMP 000007fefd0902d0
.text    C:\Program Files\Logitech Gaming Software\LCore.exe[5604] C:\windows\system32\d3d9.dll!Direct3DCreate9                                                                    000007fef45196b0 6 bytes JMP 000007fefd090298
.text    C:\Program Files\Windows Sidebar\sidebar.exe[5616] C:\windows\system32\kernel32.dll!RegSetValueExW                                                                        000000007711a400 7 bytes JMP 000000016fff0228
.text    C:\Program Files\Windows Sidebar\sidebar.exe[5616] C:\windows\system32\kernel32.dll!RegQueryValueExW                                                                      0000000077123f20 5 bytes JMP 000000016fff0180
.text    C:\Program Files\Windows Sidebar\sidebar.exe[5616] C:\windows\system32\kernel32.dll!RegDeleteValueW                                                                        000000007713ffb0 5 bytes JMP 000000016fff01b8
.text    C:\Program Files\Windows Sidebar\sidebar.exe[5616] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                  000000007714f2e0 5 bytes JMP 000000016fff0110
.text    C:\Program Files\Windows Sidebar\sidebar.exe[5616] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                0000000077179a30 7 bytes JMP 000000016fff00d8
.text    C:\Program Files\Windows Sidebar\sidebar.exe[5616] C:\windows\system32\kernel32.dll!K32GetModuleInformation                                                                00000000771894c0 5 bytes JMP 000000016fff0148
.text    C:\Program Files\Windows Sidebar\sidebar.exe[5616] C:\windows\system32\kernel32.dll!RegSetValueExA                                                                        00000000771a87e0 7 bytes JMP 000000016fff01f0
.text    C:\Program Files\Windows Sidebar\sidebar.exe[5616] C:\windows\system32\KERNELBASE.dll!FreeLibrary                                                                          000007fefd212db0 5 bytes JMP 000007fffd030180
.text    C:\Program Files\Windows Sidebar\sidebar.exe[5616] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                    000007fefd2137d0 7 bytes JMP 000007fffd0300d8
.text    C:\Program Files\Windows Sidebar\sidebar.exe[5616] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                      000007fefd218ef0 6 bytes JMP 000007fffd030148
.text    C:\Program Files\Windows Sidebar\sidebar.exe[5616] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                  000007fefd22af60 5 bytes JMP 000007fffd030110
.text    C:\Program Files\Windows Sidebar\sidebar.exe[5616] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                    000007fefdda89f0 8 bytes JMP 000007fffd0301f0
.text    C:\Program Files\Windows Sidebar\sidebar.exe[5616] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                  000007fefddabe50 8 bytes JMP 000007fffd0301b8
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                        00000000772311f5 8 bytes {JMP 0xd}
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                      0000000077231390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                              000000007723143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                              000000007723158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                      000000007723191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                      0000000077231b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                    0000000077231bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                        0000000077231d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                        0000000077231eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                            0000000077231edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                          0000000077231f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                          0000000077231fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                  0000000077231fd7 8 bytes {JMP 0xb}
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                              0000000077232272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                              0000000077232301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                  0000000077232792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                          00000000772327b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                        00000000772327d2 8 bytes {JMP 0x10}
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                        000000007723282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                        0000000077232890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                        * 2
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                0000000077232d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                0000000077232d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                        * 3
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                        0000000077233023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                            000000007723323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                            00000000772333c0 16 bytes {JMP 0x4e}
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                          0000000077233a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                          0000000077233ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                              0000000077233b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                              0000000077233d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                        0000000077234190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                  0000000077281380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                0000000077281500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                      0000000077281530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                    0000000077281650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                        0000000077281700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                        0000000077281d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                      0000000077281f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                      00000000772827e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                    00000000739c13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                    00000000739c146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                00000000739c16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                  00000000739c16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                              00000000739c19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                              00000000739c19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                        00000000739c1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                          00000000739c1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                        00000000739c1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                            00000000739c1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\syswow64\kernel32.dll!RegQueryValueExW                                                                    0000000075651f0e 7 bytes JMP 00000001711c4b10
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\syswow64\kernel32.dll!RegSetValueExW                                                                      0000000075655bad 7 bytes JMP 00000001711c54b0
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\syswow64\kernel32.dll!RegSetValueExA                                                                      0000000075661409 7 bytes JMP 00000001711c4e50
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\syswow64\kernel32.dll!RegDeleteValueW                                                                      000000007566ea45 7 bytes JMP 00000001711c4b00
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                              00000000756f8e24 7 bytes JMP 00000001711c45c0
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation                                                              00000000756f8ea9 5 bytes JMP 00000001711c4670
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                00000000756f91ff 5 bytes JMP 00000001711c45d0
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                  00000000753a1d29 5 bytes JMP 00000001711c4580
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                                00000000753a1dd7 5 bytes JMP 00000001711c4540
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                    00000000753a2ab1 5 bytes JMP 00000001711c4680
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                        00000000753a2d17 5 bytes JMP 00000001711c4360
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                                000000007579e96b 5 bytes JMP 00000001711c3b60
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                                  000000007579eba5 5 bytes JMP 00000001711c3b80
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\syswow64\USER32.dll!CreateWindowExW                                                                        0000000075d28a29 5 bytes JMP 00000001711c3a40
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                                    0000000075d34572 5 bytes JMP 00000001711c42e0
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW                                                                    0000000075d4e567 5 bytes JMP 00000001711c4350
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                                                              0000000075d707d7 5 bytes JMP 00000001711c3850
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                                            0000000075d87a5c 5 bytes JMP 00000001711c42d0
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket                                                                      0000000075835ea5 5 bytes JMP 00000001711c3a00
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[6028] C:\windows\syswow64\ole32.dll!CoCreateInstance                                                                        0000000075869d0b 5 bytes JMP 00000001711c3990
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                            00000000772311f5 8 bytes {JMP 0xd}
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                          0000000077231390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                  000000007723143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                  000000007723158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                          000000007723191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                          0000000077231b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                        0000000077231bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                            0000000077231d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                            0000000077231eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                0000000077231edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                              0000000077231f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                              0000000077231fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                      0000000077231fd7 8 bytes {JMP 0xb}
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                  0000000077232272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                  0000000077232301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                      0000000077232792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                              00000000772327b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                            00000000772327d2 8 bytes {JMP 0x10}
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                            000000007723282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                            0000000077232890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                        * 2
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                    0000000077232d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                    0000000077232d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                        * 3
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                            0000000077233023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                000000007723323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                00000000772333c0 16 bytes {JMP 0x4e}
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                              0000000077233a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                              0000000077233ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                  0000000077233b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...]
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                  0000000077233d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...]
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                            0000000077234190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...]
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                      0000000077281380 8 bytes JMP 3f3f3f3f
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                    0000000077281500 8 bytes JMP 3f3f3f3f
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                          0000000077281530 8 bytes JMP 3f3f3f3f
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                        0000000077281650 8 bytes JMP 3f3f3f3f
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                            0000000077281700 8 bytes JMP 3f3f3f3f
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                            0000000077281d30 8 bytes JMP 3f3f3f3f
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                          0000000077281f80 8 bytes JMP 3f3f3f3f
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                          00000000772827e0 8 bytes JMP 3f3f3f3f
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                        00000000739c13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                        00000000739c146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                    00000000739c16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                      00000000739c16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                  00000000739c19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                  00000000739c19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                            00000000739c1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                              00000000739c1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                            00000000739c1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5436] C:\windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                00000000739c1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                            00000000772311f5 8 bytes {JMP 0xd}
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                          0000000077231390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                  000000007723143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                  000000007723158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                          000000007723191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                          0000000077231b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                        0000000077231bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                            0000000077231d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                            0000000077231eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                0000000077231edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                              0000000077231f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                              0000000077231fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                      0000000077231fd7 8 bytes {JMP 0xb}
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                  0000000077232272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                  0000000077232301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                      0000000077232792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                              00000000772327b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                            00000000772327d2 8 bytes {JMP 0x10}
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                            000000007723282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                            0000000077232890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                        * 2
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                    0000000077232d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                    0000000077232d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]

Lolbobolp 25.10.2014 14:24
Code:
.text    ...                                                                                                                                                                        * 3
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                            0000000077233023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                000000007723323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                00000000772333c0 16 bytes {JMP 0x4e}
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                              0000000077233a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                              0000000077233ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                  0000000077233b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                  0000000077233d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                            0000000077234190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                      0000000077281380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                    0000000077281500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                          0000000077281530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                        0000000077281650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                            0000000077281700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                            0000000077281d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                          0000000077281f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                          00000000772827e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                        00000000739c13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                        00000000739c146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                    00000000739c16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                      00000000739c16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                  00000000739c19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                  00000000739c19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                            00000000739c1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                              00000000739c1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                            00000000739c1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                00000000739c1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                  0000000076cf1401 2 bytes JMP 7567b21b C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                    0000000076cf1419 2 bytes JMP 7567b346 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                  0000000076cf1431 2 bytes JMP 756f8ea9 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                  0000000076cf144a 2 bytes CALL 756548ad C:\windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                        * 9
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                      0000000076cf14dd 2 bytes JMP 756f87a2 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                              0000000076cf14f5 2 bytes JMP 756f8978 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                      0000000076cf150d 2 bytes JMP 756f8698 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                              0000000076cf1525 2 bytes JMP 756f8a62 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                    0000000076cf153d 2 bytes JMP 7566fca8 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                          0000000076cf1555 2 bytes JMP 756768ef C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                  0000000076cf156d 2 bytes JMP 756f8f61 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                    0000000076cf1585 2 bytes JMP 756f8ac2 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                        0000000076cf159d 2 bytes JMP 756f865c C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                    0000000076cf15b5 2 bytes JMP 7566fd41 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                  0000000076cf15cd 2 bytes JMP 7567b2dc C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                              0000000076cf16b2 2 bytes JMP 756f8e24 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Secunia\PSI\sua.exe[6204] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                              0000000076cf16bd 2 bytes JMP 756f85f1 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                  00000000772311f5 8 bytes {JMP 0xd}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                0000000077231390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                        000000007723143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                        000000007723158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                000000007723191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                0000000077231b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                              0000000077231bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                  0000000077231d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                  0000000077231eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!isalpha + 31                                      0000000077231edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                    0000000077231f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                    0000000077231fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                            0000000077231fd7 8 bytes {JMP 0xb}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                        0000000077232272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                        0000000077232301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578            0000000077232792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                    00000000772327b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                  00000000772327d2 8 bytes {JMP 0x10}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79  000000007723282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176  0000000077232890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                        * 2
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299          0000000077232d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367          0000000077232d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                        * 3
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                  0000000077233023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                      000000007723323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                      00000000772333c0 16 bytes {JMP 0x4e}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!_itow_s + 318                                    0000000077233a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!_itow_s + 403                                    0000000077233ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197        0000000077233b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611        0000000077233d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                  0000000077234190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread                            0000000077281380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                          0000000077281500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                0000000077281530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                              0000000077281650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                  0000000077281700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                  0000000077281d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread                                0000000077281f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                00000000772827e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312              00000000739c13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471              00000000739c146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                          00000000739c16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                            00000000739c16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                        00000000739c19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                        00000000739c19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                  00000000739c1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                    00000000739c1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                  00000000739c1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                      00000000739c1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\syswow64\kernel32.dll!RegQueryValueExW                              0000000075651f0e 7 bytes JMP 00000001711c4b10
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\syswow64\kernel32.dll!RegSetValueExW                                0000000075655bad 7 bytes JMP 00000001711c54b0
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\syswow64\kernel32.dll!RegSetValueExA                                0000000075661409 7 bytes JMP 00000001711c4e50
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\syswow64\kernel32.dll!RegDeleteValueW                                000000007566ea45 7 bytes JMP 00000001711c4b00
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                        00000000756f8e24 7 bytes JMP 00000001711c45c0
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation                        00000000756f8ea9 5 bytes JMP 00000001711c4670
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW                          00000000756f91ff 5 bytes JMP 00000001711c45d0
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW                            00000000753a1d29 5 bytes JMP 00000001711c4580
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                          00000000753a1dd7 5 bytes JMP 00000001711c4540
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW                              00000000753a2ab1 5 bytes JMP 00000001711c4680
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary                                  00000000753a2d17 5 bytes JMP 00000001711c4360
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\syswow64\USER32.dll!CreateWindowExW                                  0000000075d28a29 5 bytes JMP 00000001711c3a40
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA                              0000000075d34572 5 bytes JMP 00000001711c42e0
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW                              0000000075d4e567 5 bytes JMP 00000001711c4350
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                        0000000075d707d7 5 bytes JMP 00000001711c3850
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                      0000000075d87a5c 5 bytes JMP 00000001711c42d0
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                          000000007579e96b 5 bytes JMP 00000001711c3b60
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                            000000007579eba5 5 bytes JMP 00000001711c3b80
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\syswow64\ole32.dll!CoSetProxyBlanket                                0000000075835ea5 5 bytes JMP 00000001711c3a00
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[3192] C:\windows\syswow64\ole32.dll!CoCreateInstance                                  0000000075869d0b 5 bytes JMP 00000001711c3990
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                    00000000772311f5 8 bytes {JMP 0xd}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                  0000000077231390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                        000000007723143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                        000000007723158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                000000007723191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                0000000077231b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                0000000077231bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                  0000000077231d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                  0000000077231eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!isalpha + 31                                      0000000077231edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                      0000000077231f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                    0000000077231fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                            0000000077231fd7 8 bytes {JMP 0xb}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                        0000000077232272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                        0000000077232301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578              0000000077232792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                    00000000772327b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                  00000000772327d2 8 bytes {JMP 0x10}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79    000000007723282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176  0000000077232890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                        * 2
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299          0000000077232d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367          0000000077232d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                        * 3
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                  0000000077233023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                      000000007723323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                      00000000772333c0 16 bytes {JMP 0x4e}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!_itow_s + 318                                      0000000077233a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!_itow_s + 403                                      0000000077233ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197          0000000077233b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611          0000000077233d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                  0000000077234190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread                            0000000077281380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                          0000000077281500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                0000000077281530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                              0000000077281650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                  0000000077281700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                  0000000077281d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread                                0000000077281f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                00000000772827e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312              00000000739c13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471              00000000739c146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                            00000000739c16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                              00000000739c16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                        00000000739c19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                        00000000739c19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                  00000000739c1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                    00000000739c1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                  00000000739c1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                        00000000739c1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\syswow64\kernel32.dll!RegQueryValueExW                                0000000075651f0e 7 bytes JMP 00000001711c4b10
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\syswow64\kernel32.dll!RegSetValueExW                                  0000000075655bad 7 bytes JMP 00000001711c54b0
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\syswow64\kernel32.dll!RegSetValueExA                                  0000000075661409 7 bytes JMP 00000001711c4e50
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\syswow64\kernel32.dll!RegDeleteValueW                                000000007566ea45 7 bytes JMP 00000001711c4b00
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                        00000000756f8e24 7 bytes JMP 00000001711c45c0
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation                        00000000756f8ea9 5 bytes JMP 00000001711c4670
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW                          00000000756f91ff 5 bytes JMP 00000001711c45d0
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW                              00000000753a1d29 5 bytes JMP 00000001711c4580
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                            00000000753a1dd7 5 bytes JMP 00000001711c4540
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                00000000753a2ab1 5 bytes JMP 00000001711c4680
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary                                  00000000753a2d17 5 bytes JMP 00000001711c4360
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\syswow64\USER32.dll!CreateWindowExW                                  0000000075d28a29 5 bytes JMP 00000001711c3a40
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA                              0000000075d34572 5 bytes JMP 00000001711c42e0
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW                              0000000075d4e567 5 bytes JMP 00000001711c4350
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                          0000000075d707d7 5 bytes JMP 00000001711c3850
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                        0000000075d87a5c 5 bytes JMP 00000001711c42d0
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                          000000007579e96b 5 bytes JMP 00000001711c3b60
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                            000000007579eba5 5 bytes JMP 00000001711c3b80
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                          0000000076cf1401 2 bytes JMP 7567b21b C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                            0000000076cf1419 2 bytes JMP 7567b346 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                          0000000076cf1431 2 bytes JMP 756f8ea9 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                          0000000076cf144a 2 bytes CALL 756548ad C:\windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                        * 9
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                            0000000076cf14dd 2 bytes JMP 756f87a2 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                      0000000076cf14f5 2 bytes JMP 756f8978 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                            0000000076cf150d 2 bytes JMP 756f8698 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                      0000000076cf1525 2 bytes JMP 756f8a62 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                            0000000076cf153d 2 bytes JMP 7566fca8 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                0000000076cf1555 2 bytes JMP 756768ef C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                          0000000076cf156d 2 bytes JMP 756f8f61 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                            0000000076cf1585 2 bytes JMP 756f8ac2 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                              0000000076cf159d 2 bytes JMP 756f865c C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                            0000000076cf15b5 2 bytes JMP 7566fd41 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                          0000000076cf15cd 2 bytes JMP 7567b2dc C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                      0000000076cf16b2 2 bytes JMP 756f8e24 C:\windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtbws.exe[7012] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                      0000000076cf16bd 2 bytes JMP 756f85f1 C:\windows\syswow64\kernel32.dll
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                                00000000772311f5 8 bytes {JMP 0xd}
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                              0000000077231390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                    000000007723143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                    000000007723158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                            000000007723191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                            0000000077231b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                            0000000077231bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                              0000000077231d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                              0000000077231eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                  0000000077231edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                                  0000000077231f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                                0000000077231fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                        0000000077231fd7 8 bytes {JMP 0xb}
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                    0000000077232272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                    0000000077232301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                          0000000077232792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                00000000772327b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                              00000000772327d2 8 bytes {JMP 0x10}
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                000000007723282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                              0000000077232890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                        * 2
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                      0000000077232d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                      0000000077232d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                        * 3
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                              0000000077233023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                  000000007723323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                  00000000772333c0 16 bytes {JMP 0x4e}
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                  0000000077233a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                  0000000077233ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                      0000000077233b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                      0000000077233d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                              0000000077234190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                        0000000077281380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                      0000000077281500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                            0000000077281530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                          0000000077281650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                              0000000077281700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                              0000000077281d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                            0000000077281f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                            00000000772827e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                          00000000739c13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                          00000000739c146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                        00000000739c16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                          00000000739c16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                    00000000739c19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                    00000000739c19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                              00000000739c1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                                00000000739c1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                              00000000739c1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                    00000000739c1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\syswow64\kernel32.dll!RegQueryValueExW                                                                            0000000075651f0e 7 bytes JMP 00000001711c4b10
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\syswow64\kernel32.dll!RegSetValueExW                                                                              0000000075655bad 7 bytes JMP 00000001711c54b0
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\syswow64\kernel32.dll!RegSetValueExA                                                                              0000000075661409 7 bytes JMP 00000001711c4e50
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\syswow64\kernel32.dll!RegDeleteValueW                                                                            000000007566ea45 7 bytes JMP 00000001711c4b00
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                    00000000756f8e24 7 bytes JMP 00000001711c45c0
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                    00000000756f8ea9 5 bytes JMP 00000001711c4670
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                      00000000756f91ff 5 bytes JMP 00000001711c45d0
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                          00000000753a1d29 5 bytes JMP 00000001711c4580
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                                        00000000753a1dd7 5 bytes JMP 00000001711c4540
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                            00000000753a2ab1 5 bytes JMP 00000001711c4680
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                              00000000753a2d17 5 bytes JMP 00000001711c4360
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                                      000000007579e96b 5 bytes JMP 00000001711c3b60
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                                        000000007579eba5 5 bytes JMP 00000001711c3b80
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\syswow64\USER32.dll!CreateWindowExW                                                                              0000000075d28a29 5 bytes JMP 00000001711c3a40
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                                          0000000075d34572 5 bytes JMP 00000001711c42e0
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\syswow64\USER32.dll!EnumDisplayDevicesW                                                                          0000000075d4e567 5 bytes JMP 00000001711c4350
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                                                                      0000000075d707d7 5 bytes JMP 00000001711c3850
.text    C:\Users\Phillip\Desktop\Gmer-19357.exe[1460] C:\windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                                                    0000000075d87a5c 5 bytes JMP 00000001711c42d0

---- Threads - GMER 2.1 ----

Thread    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5436:4012]                                                                                                    0000000075807587
Thread    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5436:1340]                                                                                                    0000000067447712
Thread    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5436:2068]                                                                                                    0000000077462e65
Thread    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5436:7128]                                                                                                    0000000077463e85
Thread    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5436:6088]                                                                                                    000000007584d864
Thread    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5436:1908]                                                                                                    0000000077463e85
Thread    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5436:2984]                                                                                                    0000000077463e85

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\88532e003e75                                                                                               
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4749f59338f                                                                                               
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca97107b376                                                                                               
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\88532e003e75 (not active ControlSet)                                                                           
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4749f59338f (not active ControlSet)                                                                           
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca97107b376 (not active ControlSet)                                                                           

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                                                                                                      unknown MBR code

---- EOF - GMER 2.1 ----

schrauber 26.10.2014 10:23
Lade dir bitte Emsisoft MBR Master herunter und speichere es auf den Desktop.
  • Führe die mbrmastr.exe aus.
  • Drücke auf Backup MBR und speichere es als emsi auf den Desktop.
  • Schliesse dann das Programm wieder.
  • Packe die erstellte emsi.mbr in ein zip-Archiv (Rechtsklick -> Senden an -> Zip-komprimierten Ordner) und hänge die Datei hier an.
  • Auf dem Desktop wird ebenfalls eine Textdatei MBRMastr_<date>_<time>.txt erstellt. Poste deren Inhalt bitte hier.

Lolbobolp 26.10.2014 11:42
Code:
Detected Windows version: 6.1 Build 7601 Service Pack 1
Installing direct disk access driver ...
Driver connection handle: 0x00000140
1 valid drive(s) found.

Details for Disk 0 - SAMSUNG HN-M500MBB Rev 2AR1:
  Device name              : \\.\PhysicalDrive0
  Geometry (C/H/S)        : 60801/255/63
  Boot loader reputation  : Unknown
  Cross view comparison    : Passed
  Partition table integrity: Passed

  Boot loader hashes
    SHA-1                  : F5C09ACABD4A5370BDD907E8EDFE0C1DA0F9D3F5
    MD5                    : 2E5DEBB2116B3417023E0D6562D7ED07

schrauber 26.10.2014 18:31
alles gut.

Lolbobolp 26.10.2014 18:32
k thx


bb Lolbobolp


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:10 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131