Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 8: PUP.Optional.Trovi.A

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 16.04.2015, 23:56   #1
Sabine74
 
Windows 8: PUP.Optional.Trovi.A - Standard

Windows 8: PUP.Optional.Trovi.A



Hallo Helfer des Trojaner-Boards!
Ich habe einen Schädling bei einem Scan mit Malwarebytes gefunden: PUP.Optional.Trovi.A

Die dann erforderlichen Scans habe ich alle durchgeführt und poste hier die Logfiles. Wäre super, wenn Ihr mir helfen könntet.
Danke schonmal!
Sabine

Log Malwarebytes:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 16.04.2015
Suchlauf-Zeit: 21:46:15
Logdatei: Malwarelog.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.04.16.05
Rootkit Datenbank: v2015.03.31.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Thomas

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 456515
Verstrichene Zeit: 30 Min, 8 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 1
PUP.Vulnerable.DellSystemDetect, HKU\S-1-5-21-1023412029-2558512523-2891409035-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DellSystemDetect, C:\Users\Thomas\AppData\Local\Apps\2.0\1OX02EW3.8YL\W4443XCH.2CW\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe, , [0540165783076accdbac0cb361a21ee2]

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 1
PUP.Optional.Trovi.A, C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Gut: (), Schlecht: (   "homepage": "hxxp://www.trovi.com/?gd=&ctid=CT3330152&octid=EB_ORIGINAL_CTID&ISID=M39612086-3067-41E0-920E-3B17A2D03C97&SearchSource=55&CUI=&UM=6&UP=SP22406D82-85F1-4A80-83AB-C8CCF6AD1AA8&SSPV=",), ,[6fd6d994088296a0c3618bb79a6c9868]

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
         
Log FRST.txt
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 04
Ran by Thomas (administrator) on PC-WOHNZIMMER on 16-04-2015 23:28:36
Running from C:\Users\Thomas\Downloads
Loaded Profiles: Thomas (Available profiles: UpdatusUser & Sabine & Thomas)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Thomas\Desktop\Defogger.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [692208 2012-12-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [4391072 2012-11-09] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-09-06] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [OV3_Monitor] => C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\FirstStart.exe [55664 2014-09-09] (OLYMPUS IMAGING CORP.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\...\Run: [CAHeadless] => c:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [835224 2011-09-14] (Adobe Systems Incorporated)
HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\...\Run: [OV3_Monitor] => C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe [420208 2014-09-09] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\...\RunOnce: [DeleteMarkAny] => C:\Windows\SysWOW64\MASetupCleaner.exe [24576 2013-05-22] ((주)마크애니)
HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [589312 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
AppInit_DLLs: c:\windows\system32\nvinitx.dll => c:\windows\system32\nvinitx.dll [168616 2013-12-18] (NVIDIA Corporation)
AppInit_DLLs: , c:\windows\system32\nvinitx.dll => c:\windows\system32\nvinitx.dll [168616 2013-12-18] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [141336 2013-12-18] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk
ShortcutTarget: Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk
ShortcutTarget: Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1023412029-2558512523-2891409035-1004 -> {CE8B75EB-17F6-4674-98BD-489442F37A2F} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-11-07] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-18] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-20] (Kaspersky Lab ZAO)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-02-18] (Kaspersky Lab ZAO)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-11-07] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-18] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-20] (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-02-18] (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\zc8liam4.default-1415884574506
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1023412029-2558512523-2891409035-1004: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Extension: WEB.DE MailCheck - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\zc8liam4.default-1415884574506\Extensions\toolbar@web.de [2015-03-03]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-09-17]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-09-17]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-09-17]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-09-17]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-09-17]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR HomePage: Default -> https://www.google.de/
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3330152&octid=EB_ORIGINAL_CTID&ISID=M39612086-3067-41E0-920E-3B17A2D03C97&SearchSource=55&CUI=&UM=6&UP=SP22406D82-85F1-4A80-83AB-C8CCF6AD1AA8&SSPV="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-20]
CHR Extension: (Google Docs) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-20]
CHR Extension: (Google Drive) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-20]
CHR Extension: (Kaspersky Protection) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-09-20]
CHR Extension: (YouTube) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-20]
CHR Extension: (Google Search) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-20]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-09-20]
CHR Extension: (Google Sheets) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-20]
CHR Extension: (Safe Money) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-09-20]
CHR Extension: (Dangerous Websites Blocker) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-09-20]
CHR Extension: (Virtual Keyboard) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-09-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-20]
CHR Extension: (Gmail) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-20]
CHR Extension: (Anti-Banner) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-09-20]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor10.0; c:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-02] (Kaspersky Lab ZAO)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [211320 2015-02-11] (Dell Inc.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915408 2013-10-10] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-02-26] (Dell Computer Corporation)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-07] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2013-11-07] (Kaspersky Lab)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-10-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-02] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2013-12-20] (Kaspersky Lab ZAO)
S3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [43456 2014-08-06] (hxxp://libusb-win32.sourceforge.net)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-16 23:28 - 2015-04-16 23:29 - 00031586 _____ () C:\Users\Thomas\Downloads\FRST.txt
2015-04-16 23:28 - 2015-04-16 23:28 - 00000000 ____D () C:\FRST
2015-04-16 23:27 - 2015-04-16 23:27 - 02097664 _____ (Farbar) C:\Users\Thomas\Desktop\FRST64.exe
2015-04-16 23:26 - 2015-04-16 23:26 - 00000474 _____ () C:\Users\Thomas\Desktop\defogger_disable.log
2015-04-16 23:26 - 2015-04-16 23:26 - 00000000 _____ () C:\Users\Thomas\defogger_reenable
2015-04-16 23:25 - 2015-04-16 23:25 - 00050477 _____ () C:\Users\Thomas\Desktop\Defogger.exe
2015-04-16 22:48 - 2015-04-16 22:48 - 05344528 _____ (Piriform Ltd) C:\Users\Thomas\Downloads\ccsetup504.exe
2015-04-16 22:40 - 2015-04-16 22:40 - 00001286 _____ () C:\Users\Thomas\Desktop\Revo Uninstaller.lnk
2015-04-16 22:40 - 2015-04-16 22:40 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-04-16 22:39 - 2015-04-16 22:39 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Thomas\Downloads\revosetup95.exe
2015-04-16 22:30 - 2015-04-16 22:30 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-16 22:11 - 2015-04-16 22:12 - 00000000 ____D () C:\Program Files\IDT
2015-04-16 22:11 - 2015-04-16 22:11 - 00001650 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDT Audio Control Panel.lnk
2015-04-16 22:07 - 2015-04-16 22:07 - 00000000 ____D () C:\Program Files (x86)\Dell Update
2015-04-16 22:06 - 2015-04-16 22:06 - 14313040 _____ (Dell Inc.) C:\Users\Thomas\Downloads\Application_56J82_WN32_1.4.2000.0_A07.EXE
2015-04-16 22:04 - 2015-04-16 22:04 - 00417064 _____ () C:\Users\Thomas\Downloads\DellSystemDetectLauncher.exe
2015-04-16 10:38 - 2015-04-16 10:38 - 00300963 _____ () C:\Users\Thomas\Downloads\winmail.dat
2015-04-15 16:59 - 2015-04-15 16:59 - 06821496 _____ (TomTom International B.V.) C:\Users\Thomas\Downloads\InstallMyDriveConnect(1).exe
2015-04-15 14:08 - 2015-04-15 14:08 - 06821496 _____ (TomTom International B.V.) C:\Users\Thomas\Downloads\InstallMyDriveConnect.exe
2015-04-15 13:20 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-15 13:20 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-15 13:20 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-15 13:20 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-15 13:20 - 2015-03-14 10:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-15 13:20 - 2015-03-14 10:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-15 13:19 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-15 13:19 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-15 13:19 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-15 13:19 - 2014-12-03 01:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-04-15 11:52 - 2015-03-23 23:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-15 11:52 - 2015-03-23 23:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-15 11:52 - 2015-03-23 23:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-15 11:52 - 2015-03-23 23:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-15 11:52 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-15 11:52 - 2015-03-20 06:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-15 11:52 - 2015-03-20 06:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-15 11:52 - 2015-03-20 06:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-15 11:52 - 2015-03-20 05:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-15 11:52 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-15 11:52 - 2015-03-20 04:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-15 11:52 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-15 11:52 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-15 11:52 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-15 11:52 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-15 11:52 - 2015-03-13 05:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-15 11:52 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-15 11:52 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-15 11:52 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-15 11:52 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-15 11:52 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-15 11:52 - 2015-03-13 05:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-15 11:52 - 2015-03-13 05:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-15 11:52 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-15 11:52 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-15 11:52 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-15 11:52 - 2015-03-13 04:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-15 11:52 - 2015-03-13 04:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-15 11:52 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-15 11:52 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-15 11:52 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-15 11:52 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-15 11:52 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-15 11:52 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-15 11:52 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-15 11:52 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-15 11:52 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-15 11:52 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-15 11:52 - 2015-02-21 01:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-15 11:51 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-15 11:51 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-15 11:51 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-15 11:51 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-15 11:51 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-15 11:51 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-15 11:51 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-15 11:51 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-15 11:51 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-15 11:51 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-15 11:51 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-15 11:51 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-15 11:51 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-15 11:51 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-15 11:51 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-15 11:51 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-15 11:51 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-15 11:51 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-15 11:51 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 11:51 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 11:51 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-15 11:51 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-13 19:58 - 2015-04-13 19:59 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-13 19:58 - 2015-04-13 19:58 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-12 19:48 - 2015-04-12 19:48 - 00004040 _____ () C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-04-12 19:48 - 2015-04-12 19:48 - 00003484 _____ () C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2015-04-12 19:48 - 2015-04-12 19:48 - 00003230 _____ () C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2015-04-12 19:48 - 2015-04-12 19:48 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2015-04-12 19:48 - 2015-04-12 19:48 - 00000000 ____D () C:\Program Files\Dell Support Center
2015-04-11 22:20 - 2015-04-11 22:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-11 21:44 - 2015-04-11 21:44 - 00001767 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-04-11 21:44 - 2015-04-11 21:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-11 21:43 - 2015-04-11 21:43 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-04-11 21:43 - 2015-04-11 21:43 - 00000000 ____D () C:\Program Files\iTunes
2015-04-11 21:43 - 2015-04-11 21:43 - 00000000 ____D () C:\Program Files\iPod
2015-03-20 21:17 - 2015-03-20 21:17 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2015-03-20 21:17 - 2015-03-20 21:17 - 00000000 __HDC () C:\ProgramData\{6AACA38B-2810-4B47-BDEC-D7A1F38B1531}
2015-03-20 21:16 - 2015-03-27 13:31 - 00000000 ____D () C:\ProgramData\SupportAssistAgent
2015-03-20 21:16 - 2015-03-20 21:16 - 00000000 ____D () C:\Program Files (x86)\Dell

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-16 23:26 - 2013-12-06 00:07 - 00000000 ____D () C:\Users\Thomas
2015-04-16 23:26 - 2013-04-13 22:30 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-16 23:25 - 2013-05-30 21:51 - 03637248 ___SH () C:\Users\Thomas\Downloads\Thumbs.db
2015-04-16 23:05 - 2014-09-20 13:38 - 00001146 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-16 23:05 - 2013-04-13 20:08 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1023412029-2558512523-2891409035-1004
2015-04-16 23:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-16 23:00 - 2013-07-04 11:26 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Samsung
2015-04-16 23:00 - 2013-07-04 11:26 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Samsung
2015-04-16 23:00 - 2013-07-04 11:21 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-04-16 22:59 - 2013-07-04 11:21 - 00000000 ____D () C:\ProgramData\Samsung
2015-04-16 22:59 - 2013-04-03 04:37 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-16 22:55 - 2015-03-14 23:24 - 01452345 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-16 22:51 - 2014-06-11 22:53 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-16 22:48 - 2013-04-29 14:09 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-16 22:48 - 2013-04-29 14:09 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-16 22:43 - 2013-04-03 04:52 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-04-16 22:41 - 2014-12-17 13:11 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Deployment
2015-04-16 22:36 - 2014-11-06 16:59 - 00000000 ___RD () C:\Users\Thomas\iCloudDrive
2015-04-16 22:35 - 2014-09-20 13:38 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-16 22:35 - 2013-09-17 13:27 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-04-16 22:33 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-16 22:30 - 2015-03-14 00:20 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-16 22:07 - 2013-04-15 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-04-16 22:07 - 2013-04-03 04:43 - 00000000 ____D () C:\ProgramData\PCDr
2015-04-16 22:07 - 2013-04-03 04:43 - 00000000 ____D () C:\ProgramData\Dell
2015-04-16 14:37 - 2013-04-13 20:00 - 00000000 ____D () C:\Users\Thomas\AppData\Local\VirtualStore
2015-04-16 14:35 - 2013-09-02 19:09 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-16 14:32 - 2013-04-17 10:16 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-16 14:32 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-16 10:34 - 2014-08-27 09:08 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Adobe
2015-04-15 21:39 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-15 19:38 - 2013-09-30 06:14 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-15 19:38 - 2013-09-30 05:56 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-04-15 19:38 - 2013-09-30 05:56 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-04-15 16:53 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-15 16:45 - 2013-09-09 20:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-15 14:08 - 2014-06-04 20:17 - 00000000 ____D () C:\Program Files (x86)\MyDrive Connect
2015-04-15 11:45 - 2014-11-12 12:27 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-04-14 22:08 - 2013-04-16 20:01 - 00000000 ____D () C:\Users\Thomas\Documents\Urlaubsplanungen
2015-04-14 21:07 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-14 20:26 - 2013-04-13 22:30 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-14 01:24 - 2015-03-14 11:55 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-14 01:24 - 2015-03-14 11:55 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-12 21:57 - 2013-04-13 20:00 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Packages
2015-04-11 21:43 - 2014-03-18 15:08 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-04-11 21:43 - 2013-05-26 14:01 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-04-11 21:22 - 2014-09-20 13:39 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-26 08:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-26 08:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-26 08:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-26 08:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-26 08:57 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-26 08:57 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-20 21:16 - 2013-04-03 04:37 - 00000000 ____D () C:\Program Files\Dell
2015-03-18 20:38 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-18 20:34 - 2013-04-17 08:36 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-18 14:05 - 2013-04-16 20:01 - 00000000 ____D () C:\Users\Thomas\Documents\EB Kindergarten

==================== Files in the root of some directories =======

2014-12-11 22:40 - 2014-12-11 22:40 - 0007602 _____ () C:\Users\Thomas\AppData\Local\Resmon.ResmonCfg
2013-04-03 04:49 - 2013-04-03 04:50 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-04-03 04:46 - 2013-04-03 04:47 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-04-03 04:47 - 2013-04-03 04:48 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-04-03 04:45 - 2013-04-03 04:46 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-04-03 04:48 - 2013-04-03 04:49 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-15 17:32

==================== End Of Log ============================
         
Log Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-04-2015 04
Ran by Thomas at 2015-04-16 23:29:28
Running from C:\Users\Thomas\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.18 (HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 2013 v.11.0.6 (HKLM-x32\...\{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1) (Version: 11.0.6 - Ashampoo GmbH & Co. KG)
B & W Drivers;  (x32 Version: 1.0.4.0 - Bowers & Wilkins) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bowers & Wilkins Control (HKLM-x32\...\{b654f426-3497-44b5-9b4a-159cb6658d56}) (Version: 1.1.0.4584 - Bowers & Wilkins)
Bowers & Wilkins Control (x32 Version: 1.1.0.4584 - Bowers & Wilkins) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MG5300 series Benutzerregistrierung (HKLM-x32\...\Canon MG5300 series Benutzerregistrierung) (Version:  - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version:  - Canon Inc.)
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.1.1 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.1.1 - Dell Inc.)
Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.2.57295 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.217 - ALPS ELECTRIC CO., LTD.)
Dell Update (HKLM-x32\...\{D9E0A33F-19D6-45A7-83BB-535C7B5F699B}) (Version: 1.5.3000.0 - Dell Inc.)
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Elevated Installer (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free YouTube Download version 3.2.53.128 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.53.128 - DVDVideoSoft Ltd.)
Garmin Express (HKLM-x32\...\{855d8086-4275-4bd3-a7a8-b44da3a56d7a}) (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6426.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Müller Foto (HKLM-x32\...\Müller Foto) (Version: 5.1.7 - CEWE Stiftung u Co. KGaA)
MyDriveConnect 3.3.0.1812 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
MyFreeCodec (HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\...\MyFreeCodec) (Version:  - )
NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
OLYMPUS Digital Camera Updater (HKLM-x32\...\{D18925CE-5AF9-4394-8EF7-1081FFE7E98B}) (Version: 1.2.0 - OLYMPUS IMAGING CORP.)
OLYMPUS Viewer 3 (HKLM-x32\...\{BC12793B-1F89-4950-BB6C-63467B76B2D9}) (Version: 1.2.0 - OLYMPUS IMAGING CORP.)
PRE10STI64Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.37 - Dell Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Secunia PSI (3.0.0.7011) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Premiere Elements 10 x64 Plugin (HKLM\...\{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}) (Version: 5.70.0001 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (HKLM-x32\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (x32 Version: 5.7.1 - SmartSound Software Inc.) Hidden
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VoiceOver Kit (HKLM-x32\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows-Treiberpaket - Atmel Corporation (libusb0) Atmel USB Devices  (10/02/2010 1.2.2.0) (HKLM\...\52DAED6955BA3A58B0EA4BAC7B5158E5BBB8B427) (Version: 10/02/2010 1.2.2.0 - Atmel Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Zahlenbuch 1 (HKLM-x32\...\Zahlenbuch 1) (Version:  - )
Zeppelin Air Recovery Utility (x32 Version: 2.2.1.309 - Bowers & Wilkins) Hidden
Zeppelin Recovery Utility (HKLM-x32\...\{ad6dad04-1bf9-4986-abc7-4e6764bde4a2}) (Version: 2.2.1.309 - Bowers & Wilkins)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1023412029-2558512523-2891409035-1004_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Thomas\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

26-03-2015 18:36:43 Geplanter Prüfpunkt
12-04-2015 11:12:21 Geplanter Prüfpunkt
15-04-2015 12:14:44 Windows Update
16-04-2015 22:09:45 Dell Update: IDT High-Definition Audio driver

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1818CD5E-AB82-4826-8599-C0A3256555F0} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {1E35F5F7-4894-444B-BA1E-1C3C460C53DA} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {22AEA3BE-B78A-461D-97FE-7DC653E2D933} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-20] (Google Inc.)
Task: {26DDDCD5-A2FF-4D1B-A647-045C68EE5EC8} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {2F48A043-F0F8-4AB1-9199-99D7987A4B83} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)
Task: {315D8422-40D7-40E6-B2B6-E2D266BDF937} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {38BC8938-A869-46AD-B943-E046F3428D29} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {3A35CF3A-9403-4ACC-9FA8-0B4EB8EFDD21} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-12-31] ()
Task: {40E3951B-FF9D-43D7-945F-00B7923CC635} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1023412029-2558512523-2891409035-1004 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {4E1A5B44-6813-4FD4-87B0-D5980F6529E4} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {5C71061F-7109-49EF-8032-6EF3C820DE25} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {6817339B-583F-445A-BEB6-2DA68912AAED} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6EF000A9-5DE6-4691-AAD2-13EDF60D011F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {B711ABEB-DBBD-49A7-9CB2-D8AF0D8E4AAD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-20] (Google Inc.)
Task: {BF92D21F-5199-4EA2-A3B1-004664D81B51} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-03-04] (Dell Inc.)
Task: {C85AFA53-D3B4-4277-8CD8-6C610768AE55} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)
Task: {C85B459B-5D3A-4364-AA0B-C8540AB91FB1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {CF426700-0917-41D2-B79A-584860BB0FA2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {D21A371F-E4EF-4267-AA2D-773F73E25FFC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-16] (Microsoft Corporation)
Task: {D64E44A8-7039-4F4F-87AD-DD8A4B9C285F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {DEDECE93-D122-4F85-8AE1-611709366A4A} - System32\Tasks\AdobeAAMUpdater-1.0-PC-Wohnzimmer-Thomas => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {DF61D17F-BFDE-455E-98A9-C2A19A604E7A} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-03-20] (PC-Doctor, Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-09-05 03:36 - 2013-12-18 15:42 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-12-06 00:01 - 2013-10-23 10:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-15 15:21 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-05-07 11:00 - 2011-02-07 09:56 - 00138192 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2013-04-03 04:48 - 2012-04-25 04:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-10-04 00:42 - 2013-10-04 00:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-05-30 13:15 - 2012-05-30 13:15 - 00404008 _____ () C:\Program Files\Intel\TurboBoost\de\SignalIslandUi.resources.dll
2013-10-14 18:07 - 2013-08-19 17:21 - 00484640 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2015-03-13 15:54 - 2015-03-13 15:54 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-04-16 23:25 - 2015-04-16 23:25 - 00050477 _____ () C:\Users\Thomas\Desktop\Defogger.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Thomas\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Fotogalerie-Hintergrundbild.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
HKLM\...\StartupApproved\Run: => "CanonMyPrinter"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "IJNetworkScannerSelectorEX"
HKLM\...\StartupApproved\Run32: => "CanonSolutionMenuEx"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\...\StartupApproved\Run: => "KiesPreload"
HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\...\StartupApproved\Run: => ""
HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\...\StartupApproved\Run: => "AmazonMP3DownloaderHelper"
HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\...\StartupApproved\Run: => "AppleIEDAV"
HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\...\StartupApproved\Run: => "MyDriveConnect.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-1023412029-2558512523-2891409035-500 - Administrator - Disabled)
Gast (S-1-5-21-1023412029-2558512523-2891409035-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1023412029-2558512523-2891409035-1008 - Limited - Enabled)
Sabine (S-1-5-21-1023412029-2558512523-2891409035-1002 - Administrator - Enabled) => C:\Users\Sabine
Thomas (S-1-5-21-1023412029-2558512523-2891409035-1004 - Administrator - Enabled) => C:\Users\Thomas
UpdatusUser (S-1-5-21-1023412029-2558512523-2891409035-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/16/2015 10:28:58 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.

Error: (04/16/2015 10:08:59 PM) (Source: MsiInstaller) (EventID: 1013) (User: PC-Wohnzimmer)
Description: Product: Dell Update -- A newer version of Dell Update is already installed.

Error: (04/16/2015 03:02:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1218

Error: (04/16/2015 03:02:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1218

Error: (04/16/2015 03:02:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/16/2015 00:55:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1094

Error: (04/16/2015 00:55:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1094

Error: (04/16/2015 00:55:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/16/2015 00:54:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4428718

Error: (04/16/2015 00:54:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4428718


System errors:
=============
Error: (04/16/2015 10:33:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (04/16/2015 10:33:49 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1326

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (04/16/2015 10:22:06 PM) (Source: DCOM) (EventID: 10010) (User: PC-Wohnzimmer)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (04/16/2015 07:28:22 PM) (Source: DCOM) (EventID: 10010) (User: PC-Wohnzimmer)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (04/16/2015 07:15:25 PM) (Source: DCOM) (EventID: 10010) (User: PC-Wohnzimmer)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (04/16/2015 02:31:35 PM) (Source: DCOM) (EventID: 10010) (User: PC-Wohnzimmer)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (04/15/2015 04:54:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (04/15/2015 04:54:41 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1326

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (04/15/2015 04:54:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/15/2015 04:54:40 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Core Update Service erreicht.


Microsoft Office Sessions:
=========================
Error: (04/16/2015 10:28:58 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestc:\program files\CCleaner\CCleaner.exe

Error: (04/16/2015 10:08:59 PM) (Source: MsiInstaller) (EventID: 1013) (User: PC-Wohnzimmer)
Description: Product: Dell Update -- A newer version of Dell Update is already installed.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/16/2015 03:02:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1218

Error: (04/16/2015 03:02:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1218

Error: (04/16/2015 03:02:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/16/2015 00:55:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1094

Error: (04/16/2015 00:55:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1094

Error: (04/16/2015 00:55:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/16/2015 00:54:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4428718

Error: (04/16/2015 00:54:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4428718


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 30%
Total physical RAM: 8048.93 MB
Available physical RAM: 5595.58 MB
Total Pagefile: 9328.93 MB
Available Pagefile: 6481.32 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:915.5 GB) (Free:599.74 GB) NTFS
Drive x: () (Fixed) (Total:0.34 GB) (Free:0.04 GB) NTFS
Drive y: (PBR Image) (Fixed) (Total:14.53 GB) (Free:0.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 184ED0B4)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Alt 16.04.2015, 23:59   #2
Sabine74
 
Windows 8: PUP.Optional.Trovi.A - Standard

Windows 8: PUP.Optional.Trovi.A



GMER.txt (Teil 1)
Code:
ATTFilter
Code:
ATTFilter
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-16 23:40:49
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000031 WDC_WD10JPVT-75A1YT0 rev.01.01A01 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Thomas\AppData\Local\Temp\awdiypow.sys


---- User code sections - GMER 2.1 ----

.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation                                                                                  00007ffa84b83e10 7 bytes JMP 00007ffb825a02d0
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW                                                                                         00007ffa84b83e20 7 bytes JMP 00007ffb825a0308
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW                                                                                           00007ffa84c339b0 7 bytes JMP 00007ffb825a03b0
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW                                                                                          00007ffa84c33ef0 7 bytes JMP 00007ffb825a0340
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA                                                                                           00007ffa84c33fe0 7 bytes JMP 00007ffb825a0378
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx                                                                                  00007ffa84c606c0 7 bytes JMP 00007ffb825a0228
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW                                                                                    00007ffa84c60730 7 bytes JMP 00007ffb825a0298
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleFileNameExW                                                                                  00007ffa84c60760 7 bytes JMP 00007ffb825a0260
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary                                                                                            00007ffa825b21d0 5 bytes JMP 00007ffb825a0180
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW                                                                                       00007ffa825b29d0 7 bytes JMP 00007ffb825a00d8
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                     00007ffa825b4310 5 bytes JMP 00007ffb825a0110
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW                                                                                         00007ffa825b8d80 5 bytes JMP 00007ffb825a0148
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\USER32.dll!CreateWindowExW                                                                                            00007ffa82b66d90 10 bytes JMP 00007ffb825a0490
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW                                                                                        00007ffa82b774a0 5 bytes JMP 00007ffb825a0458
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo                                                                                 00007ffa82b77560 1 byte JMP 00007ffb825a03e8
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2                                                                             00007ffa82b77562 7 bytes {JMP 0xffffffffffa28e88}
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA                                                                                        00007ffa82b86b10 5 bytes JMP 00007ffb825a0420
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                    00007ffa83051500 8 bytes JMP 00007ffb825a01b8
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                      00007ffa83051750 8 bytes JMP 00007ffb825a01f0
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory                                                                                            00007ffa7f837750 5 bytes JMP 00007ffb7f6800d8
.text   C:\WINDOWS\system32\dwm.exe[976] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory1                                                                                           00007ffa7f838ee0 5 bytes JMP 00007ffb7f680110
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                      00007ffa85064b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                          00007ffa85064f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                      00007ffa85065206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                            00007ffa850653ff 8 bytes {JMP 0xffffffffffffffee}
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                       00007ffa8506579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420                                              00007ffa85065954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                         00007ffa85065ef1 8 bytes {JMP 0xffffffffffffff9e}
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78            00007ffa85065f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399                                        00007ffa850660ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977                 00007ffa850664d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310                                          00007ffa85066616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491                                          00007ffa850666cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359                               00007ffa85068397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67                                    00007ffa85068a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864                                   00007ffa85068d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143                                    00007ffa85068e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510                                       00007ffa850690ae 8 bytes {JMP 0xffffffffffffff96}
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715                                       00007ffa8506917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772                                         00007ffa85069d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrAddRefDll + 685                                             00007ffa85069fcd 8 bytes {JMP 0xffffffffffffffaf}
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 352                                        00007ffa8506aae0 8 bytes {JMP 0xffffffffffffffcd}
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 488                                        00007ffa8506ab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 3
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetVersion + 565                                            00007ffa8506b2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78                                       00007ffa8506b33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll + 311                                             00007ffa8506c4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll + 528                                             00007ffa8506c5b0 8 bytes {JMP 0xffffffffffffffc7}
.text   ...                                                                                                                                                                        * 2
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579                        00007ffa8506d0d3 8 bytes {JMP 0xffffffffffffffef}
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47                       00007ffa8506d10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495                                        00007ffa8506d57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43                                        00007ffa8506d6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456                                       00007ffa8506d888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!TpReleaseWait + 180                                            00007ffa8506d944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRegisterWait + 596                                          00007ffa8506dba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWait + 424                                              00007ffa8506dd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSetWaitEx + 771                                              00007ffa8506e073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSetWaitEx + 948                                              00007ffa8506e124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48                                    00007ffa8506e160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRandomEx + 756                                              00007ffa8506eb74 8 bytes {JMP 0xffffffffffffffd0}
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371                                   00007ffa8506fe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556                                      00007ffa8507009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProtectHeap + 171                                           00007ffa8507015b 8 bytes [70, 6C, 48, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744                           00007ffa85071438 8 bytes [40, 6C, 48, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214                                   00007ffa850715e6 8 bytes [30, 6C, 48, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567                                  00007ffa85071877 8 bytes [20, 6C, 48, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429                                 00007ffa85071a2d 8 bytes [10, 6C, 48, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213                                    00007ffa85071c35 8 bytes [00, 6C, 48, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread                                         00007ffa850e1290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread                                       00007ffa850e1410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection                                             00007ffa850e1440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                           00007ffa850e1560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread                                               00007ffa850e1610 8 bytes {JMP QWORD [RIP-0x71122]}
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                               00007ffa850e1cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread                                             00007ffa850e1fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                             00007ffa850e2850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438                                         00000000776313f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387                                         0000000077631583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                               0000000077631621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68                                         0000000077631674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23                                     00000000776316d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                                 00000000776316e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                                0000000077631727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 7
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 16                               00000000776325d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\system32\wow64cpu.dll!CpuInitializeStartupContext + 308                           0000000077632714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 529                             0000000077632961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2960] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessTerm + 595                                        0000000077632bd3 8 bytes [DC, 6A, 48, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                  00007ffa85064b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                      00007ffa85064f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                  00007ffa85065206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                        00007ffa850653ff 8 bytes {JMP 0xffffffffffffffee}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                   00007ffa8506579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420                                          00007ffa85065954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                     00007ffa85065ef1 8 bytes {JMP 0xffffffffffffff9e}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78        00007ffa85065f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399                                    00007ffa850660ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977             00007ffa850664d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310                                      00007ffa85066616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491                                      00007ffa850666cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359                           00007ffa85068397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67                                00007ffa85068a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864                               00007ffa85068d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143                                00007ffa85068e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510                                   00007ffa850690ae 8 bytes {JMP 0xffffffffffffff96}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715                                   00007ffa8506917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772                                     00007ffa85069d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrAddRefDll + 685                                         00007ffa85069fcd 8 bytes {JMP 0xffffffffffffffaf}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 352                                    00007ffa8506aae0 8 bytes {JMP 0xffffffffffffffcd}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 488                                    00007ffa8506ab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 3
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetVersion + 565                                        00007ffa8506b2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78                                   00007ffa8506b33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll + 311                                         00007ffa8506c4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll + 528                                         00007ffa8506c5b0 8 bytes {JMP 0xffffffffffffffc7}
.text   ...                                                                                                                                                                        * 2
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579                    00007ffa8506d0d3 8 bytes {JMP 0xffffffffffffffef}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47                   00007ffa8506d10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495                                    00007ffa8506d57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43                                    00007ffa8506d6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456                                   00007ffa8506d888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!TpReleaseWait + 180                                        00007ffa8506d944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRegisterWait + 596                                      00007ffa8506dba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWait + 424                                          00007ffa8506dd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSetWaitEx + 771                                          00007ffa8506e073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSetWaitEx + 948                                          00007ffa8506e124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48                                00007ffa8506e160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRandomEx + 756                                          00007ffa8506eb74 8 bytes {JMP 0xffffffffffffffd0}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371                               00007ffa8506fe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556                                  00007ffa8507009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProtectHeap + 171                                       00007ffa8507015b 8 bytes [70, 6C, 95, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744                       00007ffa85071438 8 bytes [40, 6C, 95, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214                               00007ffa850715e6 8 bytes [30, 6C, 95, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567                              00007ffa85071877 8 bytes [20, 6C, 95, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429                             00007ffa85071a2d 8 bytes [10, 6C, 95, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213                                00007ffa85071c35 8 bytes [00, 6C, 95, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread                                     00007ffa850e1290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread                                   00007ffa850e1410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection                                         00007ffa850e1440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                       00007ffa850e1560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread                                           00007ffa850e1610 8 bytes {JMP QWORD [RIP-0x71122]}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                           00007ffa850e1cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread                                         00007ffa850e1fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                         00007ffa850e2850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438                                     00000000776313f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387                                     0000000077631583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                           0000000077631621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68                                     0000000077631674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23                                 00000000776316d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                             00000000776316e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                            0000000077631727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 7
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 16                           00000000776325d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\system32\wow64cpu.dll!CpuInitializeStartupContext + 308                       0000000077632714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 529                         0000000077632961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[2632] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessTerm + 595                                    0000000077632bd3 8 bytes [DC, 6A, 95, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                               00007ffa85064b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                                   00007ffa85064f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                               00007ffa85065206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                                     00007ffa850653ff 8 bytes {JMP 0xffffffffffffffee}
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                                00007ffa8506579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420                                                       00007ffa85065954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                                  00007ffa85065ef1 8 bytes {JMP 0xffffffffffffff9e}
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78                     00007ffa85065f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399                                                 00007ffa850660ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977                          00007ffa850664d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310                                                   00007ffa85066616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491                                                   00007ffa850666cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359                                        00007ffa85068397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67                                             00007ffa85068a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864                                            00007ffa85068d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143                                             00007ffa85068e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510                                                00007ffa850690ae 8 bytes {JMP 0xffffffffffffff96}
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715                                                00007ffa8506917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772                                                  00007ffa85069d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrAddRefDll + 685                                                      00007ffa85069fcd 8 bytes {JMP 0xffffffffffffffaf}
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 352                                                 00007ffa8506aae0 8 bytes {JMP 0xffffffffffffffcd}
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 488                                                 00007ffa8506ab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 3
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetVersion + 565                                                     00007ffa8506b2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78                                                00007ffa8506b33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll + 311                                                      00007ffa8506c4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll + 528                                                      00007ffa8506c5b0 8 bytes {JMP 0xffffffffffffffc7}
.text   ...                                                                                                                                                                        * 2
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579                                 00007ffa8506d0d3 8 bytes {JMP 0xffffffffffffffef}
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47                                00007ffa8506d10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495                                                 00007ffa8506d57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43                                                 00007ffa8506d6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456                                                00007ffa8506d888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!TpReleaseWait + 180                                                     00007ffa8506d944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRegisterWait + 596                                                   00007ffa8506dba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWait + 424                                                       00007ffa8506dd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSetWaitEx + 771                                                       00007ffa8506e073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSetWaitEx + 948                                                       00007ffa8506e124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48                                             00007ffa8506e160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRandomEx + 756                                                       00007ffa8506eb74 8 bytes {JMP 0xffffffffffffffd0}
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371                                            00007ffa8506fe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556                                               00007ffa8507009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProtectHeap + 171                                                    00007ffa8507015b 8 bytes [70, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744                                    00007ffa85071438 8 bytes [40, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214                                            00007ffa850715e6 8 bytes [30, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567                                           00007ffa85071877 8 bytes [20, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429                                          00007ffa85071a2d 8 bytes [10, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213                                             00007ffa85071c35 8 bytes [00, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread                                                  00007ffa850e1290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                00007ffa850e1410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                      00007ffa850e1440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                    00007ffa850e1560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread                                                        00007ffa850e1610 8 bytes {JMP QWORD [RIP-0x71122]}
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                        00007ffa850e1cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread                                                      00007ffa850e1fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                      00007ffa850e2850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438                                                  00000000776313f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387                                                  0000000077631583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                        0000000077631621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68                                                  0000000077631674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23                                              00000000776316d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                                          00000000776316e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                                         0000000077631727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 7
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 16                                        00000000776325d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\system32\wow64cpu.dll!CpuInitializeStartupContext + 308                                    0000000077632714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 529                                      0000000077632961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe[3980] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessTerm + 595                                                 0000000077632bd3 8 bytes [DC, 6A, F8, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                                              00007ffa85064b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                                                  00007ffa85064f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                                              00007ffa85065206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                                                    00007ffa850653ff 8 bytes {JMP 0xffffffffffffffee}
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                                               00007ffa8506579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420                                                                      00007ffa85065954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                                                 00007ffa85065ef1 8 bytes {JMP 0xffffffffffffff9e}
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78                                    00007ffa85065f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399                                                                00007ffa850660ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977                                         00007ffa850664d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310                                                                  00007ffa85066616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491                                                                  00007ffa850666cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359                                                       00007ffa85068397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67                                                            00007ffa85068a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864                                                           00007ffa85068d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143                                                            00007ffa85068e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510                                                               00007ffa850690ae 8 bytes {JMP 0xffffffffffffff96}
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715                                                               00007ffa8506917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772                                                                 00007ffa85069d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrAddRefDll + 685                                                                     00007ffa85069fcd 8 bytes {JMP 0xffffffffffffffaf}
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 352                                                                00007ffa8506aae0 8 bytes {JMP 0xffffffffffffffcd}
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 488                                                                00007ffa8506ab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 3
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetVersion + 565                                                                    00007ffa8506b2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78                                                               00007ffa8506b33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll + 311                                                                     00007ffa8506c4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll + 528                                                                     00007ffa8506c5b0 8 bytes {JMP 0xffffffffffffffc7}
.text   ...                                                                                                                                                                        * 2
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579                                                00007ffa8506d0d3 8 bytes {JMP 0xffffffffffffffef}
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47                                               00007ffa8506d10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495                                                                00007ffa8506d57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43                                                                00007ffa8506d6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456                                                               00007ffa8506d888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!TpReleaseWait + 180                                                                    00007ffa8506d944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRegisterWait + 596                                                                  00007ffa8506dba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWait + 424                                                                      00007ffa8506dd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSetWaitEx + 771                                                                      00007ffa8506e073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSetWaitEx + 948                                                                      00007ffa8506e124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48                                                            00007ffa8506e160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRandomEx + 756                                                                      00007ffa8506eb74 8 bytes {JMP 0xffffffffffffffd0}
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371                                                           00007ffa8506fe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556                                                              00007ffa8507009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProtectHeap + 171                                                                   00007ffa8507015b 8 bytes [70, 6C, 9D, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744                                                   00007ffa85071438 8 bytes [40, 6C, 9D, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214                                                           00007ffa850715e6 8 bytes [30, 6C, 9D, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567                                                          00007ffa85071877 8 bytes [20, 6C, 9D, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429                                                         00007ffa85071a2d 8 bytes [10, 6C, 9D, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213                                                            00007ffa85071c35 8 bytes [00, 6C, 9D, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                 00007ffa850e1290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                               00007ffa850e1410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                     00007ffa850e1440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                   00007ffa850e1560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                       00007ffa850e1610 8 bytes {JMP QWORD [RIP-0x71122]}
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                       00007ffa850e1cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread                                                                     00007ffa850e1fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                     00007ffa850e2850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438                                                                 00000000776313f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387                                                                 0000000077631583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                                       0000000077631621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68                                                                 0000000077631674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                             00000000776316d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                                                         00000000776316e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                                                        0000000077631727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 7
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 16                                                       00000000776325d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\system32\wow64cpu.dll!CpuInitializeStartupContext + 308                                                   0000000077632714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 529                                                     0000000077632961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2664] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessTerm + 595                                                                0000000077632bd3 8 bytes [DC, 6A, 9D, 7F, 00, 00, 00, ...]
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\system32\KERNEL32.dll!K32GetModuleInformation                                                        00007ffa84b83e10 7 bytes JMP 00007ffb825a03b0
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\system32\KERNEL32.dll!RegQueryValueExW                                                               00007ffa84b83e20 7 bytes JMP 00007ffb825a03e8
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\system32\KERNEL32.dll!RegSetValueExW                                                                 00007ffa84c339b0 7 bytes JMP 00007ffb825a0490
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\system32\KERNEL32.dll!RegDeleteValueW                                                                00007ffa84c33ef0 7 bytes JMP 00007ffb825a0420
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\system32\KERNEL32.dll!RegSetValueExA                                                                 00007ffa84c33fe0 7 bytes JMP 00007ffb825a0458
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\system32\KERNEL32.dll!K32EnumProcessModulesEx                                                        00007ffa84c606c0 7 bytes JMP 00007ffb825a0308
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\system32\KERNEL32.dll!K32GetMappedFileNameW                                                          00007ffa84c60730 7 bytes JMP 00007ffb825a0378
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\system32\KERNEL32.dll!K32GetModuleFileNameExW                                                        00007ffa84c60760 7 bytes JMP 00007ffb825a0340
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary                                                                  00007ffa825b21d0 5 bytes JMP 00007ffb825a0180
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW                                                             00007ffa825b29d0 7 bytes JMP 00007ffb825a00d8
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW                                                           00007ffa825b4310 5 bytes JMP 00007ffb825a0110
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW                                                               00007ffa825b8d80 5 bytes JMP 00007ffb825a0148
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance                                                                00007ffa84dad050 7 bytes JMP 00007ffb825a0228
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket                                                               00007ffa84ddb170 5 bytes JMP 00007ffb825a0260
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\system32\USER32.dll!CreateWindowExW                                                                  00007ffa82b66d90 10 bytes JMP 00007ffb825a0570
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW                                                              00007ffa82b774a0 5 bytes JMP 00007ffb825a0538
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo                                                       00007ffa82b77560 9 bytes JMP 00007ffb825a04c8
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA                                                              00007ffa82b86b10 5 bytes JMP 00007ffb825a0500
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                          00007ffa83051500 8 bytes JMP 00007ffb825a01b8
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                            00007ffa83051750 8 bytes JMP 00007ffb825a01f0
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\SYSTEM32\d3d9.dll!Direct3DCreate9Ex                                                                  00007ffa66f5ead0 5 bytes JMP 00007ffa825a02d0
.text   C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe[2500] C:\WINDOWS\SYSTEM32\d3d9.dll!Direct3DCreate9                                                                    00007ffa66f8eb90 6 bytes JMP 00007ffa825a0298
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                            00007ffa85064b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                00007ffa85064f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                            00007ffa85065206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                  00007ffa850653ff 8 bytes {JMP 0xffffffffffffffee}
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                             00007ffa8506579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420                                    00007ffa85065954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                               00007ffa85065ef1 8 bytes {JMP 0xffffffffffffff9e}
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78  00007ffa85065f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399                              00007ffa850660ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977       00007ffa850664d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310                                00007ffa85066616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491                                00007ffa850666cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359                     00007ffa85068397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67                          00007ffa85068a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864                         00007ffa85068d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143                          00007ffa85068e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510                             00007ffa850690ae 8 bytes {JMP 0xffffffffffffff96}
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715                             00007ffa8506917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772                               00007ffa85069d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrAddRefDll + 685                                   00007ffa85069fcd 8 bytes {JMP 0xffffffffffffffaf}
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 352                              00007ffa8506aae0 8 bytes {JMP 0xffffffffffffffcd}
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 488                              00007ffa8506ab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 3
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetVersion + 565                                  00007ffa8506b2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78                             00007ffa8506b33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll + 311                                   00007ffa8506c4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll + 528                                   00007ffa8506c5b0 8 bytes {JMP 0xffffffffffffffc7}
.text   ...                                                                                                                                                                        * 2
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579              00007ffa8506d0d3 8 bytes {JMP 0xffffffffffffffef}
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47             00007ffa8506d10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495                              00007ffa8506d57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43                              00007ffa8506d6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456                             00007ffa8506d888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!TpReleaseWait + 180                                  00007ffa8506d944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRegisterWait + 596                                00007ffa8506dba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWait + 424                                    00007ffa8506dd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSetWaitEx + 771                                    00007ffa8506e073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSetWaitEx + 948                                    00007ffa8506e124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48                          00007ffa8506e160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRandomEx + 756                                    00007ffa8506eb74 8 bytes {JMP 0xffffffffffffffd0}
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371                         00007ffa8506fe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556                            00007ffa8507009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProtectHeap + 171                                 00007ffa8507015b 8 bytes [70, 6C, 52, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744                 00007ffa85071438 8 bytes [40, 6C, 52, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214                         00007ffa850715e6 8 bytes [30, 6C, 52, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567                        00007ffa85071877 8 bytes [20, 6C, 52, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429                       00007ffa85071a2d 8 bytes [10, 6C, 52, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213                          00007ffa85071c35 8 bytes [00, 6C, 52, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread                               00007ffa850e1290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread                             00007ffa850e1410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection                                   00007ffa850e1440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                 00007ffa850e1560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread                                     00007ffa850e1610 8 bytes {JMP QWORD [RIP-0x71122]}
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                     00007ffa850e1cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread                                   00007ffa850e1fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                   00007ffa850e2850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438                               00000000776313f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387                               0000000077631583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                     0000000077631621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68                               0000000077631674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23                           00000000776316d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                       00000000776316e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                      0000000077631727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 7
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 16                     00000000776325d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\system32\wow64cpu.dll!CpuInitializeStartupContext + 308                 0000000077632714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 529                   0000000077632961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[3004] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessTerm + 595                              0000000077632bd3 8 bytes [DC, 6A, 52, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                               00007ffa85064b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                   00007ffa85064f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                               00007ffa85065206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                     00007ffa850653ff 8 bytes {JMP 0xffffffffffffffee}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                00007ffa8506579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420                                       00007ffa85065954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                  00007ffa85065ef1 8 bytes {JMP 0xffffffffffffff9e}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78     00007ffa85065f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399                                 00007ffa850660ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977          00007ffa850664d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310                                   00007ffa85066616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491                                   00007ffa850666cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359                        00007ffa85068397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67                             00007ffa85068a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864                            00007ffa85068d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143                             00007ffa85068e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510                                00007ffa850690ae 8 bytes {JMP 0xffffffffffffff96}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715                                00007ffa8506917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772                                  00007ffa85069d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrAddRefDll + 685                                      00007ffa85069fcd 8 bytes {JMP 0xffffffffffffffaf}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 352                                 00007ffa8506aae0 8 bytes {JMP 0xffffffffffffffcd}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 488                                 00007ffa8506ab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 3
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetVersion + 565                                     00007ffa8506b2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78                                00007ffa8506b33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll + 311                                      00007ffa8506c4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll + 528                                      00007ffa8506c5b0 8 bytes {JMP 0xffffffffffffffc7}
.text   ...                                                                                                                                                                        * 2
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579                 00007ffa8506d0d3 8 bytes {JMP 0xffffffffffffffef}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47                00007ffa8506d10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495                                 00007ffa8506d57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43                                 00007ffa8506d6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456                                00007ffa8506d888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!TpReleaseWait + 180                                     00007ffa8506d944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRegisterWait + 596                                   00007ffa8506dba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWait + 424                                       00007ffa8506dd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSetWaitEx + 771                                       00007ffa8506e073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSetWaitEx + 948                                       00007ffa8506e124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48                             00007ffa8506e160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRandomEx + 756                                       00007ffa8506eb74 8 bytes {JMP 0xffffffffffffffd0}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371                            00007ffa8506fe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556                               00007ffa8507009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProtectHeap + 171                                    00007ffa8507015b 8 bytes [70, 6C, 47, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744                    00007ffa85071438 8 bytes [40, 6C, 47, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214                            00007ffa850715e6 8 bytes [30, 6C, 47, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567                           00007ffa85071877 8 bytes [20, 6C, 47, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429                          00007ffa85071a2d 8 bytes [10, 6C, 47, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213                             00007ffa85071c35 8 bytes [00, 6C, 47, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread                                  00007ffa850e1290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread                                00007ffa850e1410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection                                      00007ffa850e1440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                    00007ffa850e1560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread                                        00007ffa850e1610 8 bytes {JMP QWORD [RIP-0x71122]}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                        00007ffa850e1cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread                                      00007ffa850e1fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                      00007ffa850e2850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438                                  00000000776313f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387                                  0000000077631583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                        0000000077631621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68                                  0000000077631674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23                              00000000776316d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                          00000000776316e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                         0000000077631727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 7
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 16                        00000000776325d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\system32\wow64cpu.dll!CpuInitializeStartupContext + 308                    0000000077632714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 529                      0000000077632961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4020] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessTerm + 595
         
__________________


Alt 17.04.2015, 00:00   #3
Sabine74
 
Windows 8: PUP.Optional.Trovi.A - Standard

Windows 8: PUP.Optional.Trovi.A



GMER.txt (Teil 2)
Code:
ATTFilter
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                00007ffa85064b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                    00007ffa85064f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                00007ffa85065206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                      00007ffa850653ff 8 bytes {JMP 0xffffffffffffffee}
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                 00007ffa8506579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420                                        00007ffa85065954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                   00007ffa85065ef1 8 bytes {JMP 0xffffffffffffff9e}
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78      00007ffa85065f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399                                  00007ffa850660ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977           00007ffa850664d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310                                    00007ffa85066616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491                                    00007ffa850666cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359                         00007ffa85068397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67                              00007ffa85068a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864                             00007ffa85068d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143                              00007ffa85068e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510                                 00007ffa850690ae 8 bytes {JMP 0xffffffffffffff96}
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715                                 00007ffa8506917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772                                   00007ffa85069d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrAddRefDll + 685                                       00007ffa85069fcd 8 bytes {JMP 0xffffffffffffffaf}
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 352                                  00007ffa8506aae0 8 bytes {JMP 0xffffffffffffffcd}
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 488                                  00007ffa8506ab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 3
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetVersion + 565                                      00007ffa8506b2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78                                 00007ffa8506b33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll + 311                                       00007ffa8506c4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll + 528                                       00007ffa8506c5b0 8 bytes {JMP 0xffffffffffffffc7}
.text   ...                                                                                                                                                                        * 2
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579                  00007ffa8506d0d3 8 bytes {JMP 0xffffffffffffffef}
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47                 00007ffa8506d10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495                                  00007ffa8506d57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43                                  00007ffa8506d6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456                                 00007ffa8506d888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!TpReleaseWait + 180                                      00007ffa8506d944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRegisterWait + 596                                    00007ffa8506dba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWait + 424                                        00007ffa8506dd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSetWaitEx + 771                                        00007ffa8506e073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSetWaitEx + 948                                        00007ffa8506e124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48                              00007ffa8506e160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRandomEx + 756                                        00007ffa8506eb74 8 bytes {JMP 0xffffffffffffffd0}
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371                             00007ffa8506fe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556                                00007ffa8507009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProtectHeap + 171                                     00007ffa8507015b 8 bytes [70, 6C, D5, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744                     00007ffa85071438 8 bytes [40, 6C, D5, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214                             00007ffa850715e6 8 bytes [30, 6C, D5, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567                            00007ffa85071877 8 bytes [20, 6C, D5, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429                           00007ffa85071a2d 8 bytes [10, 6C, D5, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213                              00007ffa85071c35 8 bytes [00, 6C, D5, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread                                   00007ffa850e1290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread                                 00007ffa850e1410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection                                       00007ffa850e1440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                     00007ffa850e1560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread                                         00007ffa850e1610 8 bytes {JMP QWORD [RIP-0x71122]}
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                         00007ffa850e1cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread                                       00007ffa850e1fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                       00007ffa850e2850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438                                   00000000776313f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387                                   0000000077631583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                         0000000077631621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68                                   0000000077631674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23                               00000000776316d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                           00000000776316e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                          0000000077631727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 7
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 16                         00000000776325d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\system32\wow64cpu.dll!CpuInitializeStartupContext + 308                     0000000077632714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 529                       0000000077632961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1444] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessTerm + 595                                  0000000077632bd3 8 bytes [DC, 6A, D5, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                                            00007ffa85064b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                                                00007ffa85064f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                                            00007ffa85065206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                                                  00007ffa850653ff 8 bytes {JMP 0xffffffffffffffee}
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                                             00007ffa8506579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420                                                                    00007ffa85065954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                                               00007ffa85065ef1 8 bytes {JMP 0xffffffffffffff9e}
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78                                  00007ffa85065f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399                                                              00007ffa850660ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977                                       00007ffa850664d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310                                                                00007ffa85066616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491                                                                00007ffa850666cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359                                                     00007ffa85068397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67                                                          00007ffa85068a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864                                                         00007ffa85068d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143                                                          00007ffa85068e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510                                                             00007ffa850690ae 8 bytes {JMP 0xffffffffffffff96}
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715                                                             00007ffa8506917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772                                                               00007ffa85069d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrAddRefDll + 685                                                                   00007ffa85069fcd 8 bytes {JMP 0xffffffffffffffaf}
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 352                                                              00007ffa8506aae0 8 bytes {JMP 0xffffffffffffffcd}
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 488                                                              00007ffa8506ab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 3
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetVersion + 565                                                                  00007ffa8506b2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78                                                             00007ffa8506b33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll + 311                                                                   00007ffa8506c4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll + 528                                                                   00007ffa8506c5b0 8 bytes {JMP 0xffffffffffffffc7}
.text   ...                                                                                                                                                                        * 2
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579                                              00007ffa8506d0d3 8 bytes {JMP 0xffffffffffffffef}
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47                                             00007ffa8506d10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495                                                              00007ffa8506d57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43                                                              00007ffa8506d6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456                                                             00007ffa8506d888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!TpReleaseWait + 180                                                                  00007ffa8506d944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRegisterWait + 596                                                                00007ffa8506dba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWait + 424                                                                    00007ffa8506dd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSetWaitEx + 771                                                                    00007ffa8506e073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSetWaitEx + 948                                                                    00007ffa8506e124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48                                                          00007ffa8506e160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRandomEx + 756                                                                    00007ffa8506eb74 8 bytes {JMP 0xffffffffffffffd0}
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371                                                         00007ffa8506fe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556                                                            00007ffa8507009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProtectHeap + 171                                                                 00007ffa8507015b 8 bytes [70, 6C, 31, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744                                                 00007ffa85071438 8 bytes [40, 6C, 31, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214                                                         00007ffa850715e6 8 bytes [30, 6C, 31, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567                                                        00007ffa85071877 8 bytes [20, 6C, 31, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429                                                       00007ffa85071a2d 8 bytes [10, 6C, 31, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213                                                          00007ffa85071c35 8 bytes [00, 6C, 31, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread                                                               00007ffa850e1290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                             00007ffa850e1410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                   00007ffa850e1440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                 00007ffa850e1560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                     00007ffa850e1610 8 bytes {JMP QWORD [RIP-0x71122]}
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                     00007ffa850e1cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread                                                                   00007ffa850e1fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                   00007ffa850e2850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438                                                               00000000776313f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387                                                               0000000077631583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                                     0000000077631621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68                                                               0000000077631674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                           00000000776316d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                                                       00000000776316e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                                                      0000000077631727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 7
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 16                                                     00000000776325d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\system32\wow64cpu.dll!CpuInitializeStartupContext + 308                                                 0000000077632714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 529                                                   0000000077632961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Update\DellUpTray.exe[1576] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessTerm + 595                                                              0000000077632bd3 8 bytes [DC, 6A, 31, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                              00007ffa85064b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                  00007ffa85064f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                              00007ffa85065206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                    00007ffa850653ff 8 bytes {JMP 0xffffffffffffffee}
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                               00007ffa8506579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420                                      00007ffa85065954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                 00007ffa85065ef1 8 bytes {JMP 0xffffffffffffff9e}
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78    00007ffa85065f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399                                00007ffa850660ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977         00007ffa850664d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310                                  00007ffa85066616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491                                  00007ffa850666cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359                       00007ffa85068397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67                            00007ffa85068a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864                           00007ffa85068d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143                            00007ffa85068e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510                               00007ffa850690ae 8 bytes {JMP 0xffffffffffffff96}
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715                               00007ffa8506917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772                                 00007ffa85069d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrAddRefDll + 685                                     00007ffa85069fcd 8 bytes {JMP 0xffffffffffffffaf}
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 352                                00007ffa8506aae0 8 bytes {JMP 0xffffffffffffffcd}
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 488                                00007ffa8506ab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 3
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetVersion + 565                                    00007ffa8506b2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78                               00007ffa8506b33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll + 311                                     00007ffa8506c4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll + 528                                     00007ffa8506c5b0 8 bytes {JMP 0xffffffffffffffc7}
.text   ...                                                                                                                                                                        * 2
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579                00007ffa8506d0d3 8 bytes {JMP 0xffffffffffffffef}
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47               00007ffa8506d10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495                                00007ffa8506d57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43                                00007ffa8506d6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456                               00007ffa8506d888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!TpReleaseWait + 180                                    00007ffa8506d944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRegisterWait + 596                                  00007ffa8506dba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWait + 424                                      00007ffa8506dd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSetWaitEx + 771                                      00007ffa8506e073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSetWaitEx + 948                                      00007ffa8506e124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48                            00007ffa8506e160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRandomEx + 756                                      00007ffa8506eb74 8 bytes {JMP 0xffffffffffffffd0}
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371                           00007ffa8506fe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556                              00007ffa8507009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProtectHeap + 171                                   00007ffa8507015b 8 bytes [70, 6C, 0D, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744                   00007ffa85071438 8 bytes [40, 6C, 0D, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214                           00007ffa850715e6 8 bytes [30, 6C, 0D, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567                          00007ffa85071877 8 bytes [20, 6C, 0D, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429                         00007ffa85071a2d 8 bytes [10, 6C, 0D, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213                            00007ffa85071c35 8 bytes [00, 6C, 0D, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread                                 00007ffa850e1290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread                               00007ffa850e1410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection                                     00007ffa850e1440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                   00007ffa850e1560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread                                       00007ffa850e1610 8 bytes {JMP QWORD [RIP-0x71122]}
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                       00007ffa850e1cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread                                     00007ffa850e1fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                     00007ffa850e2850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438                                 00000000776313f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387                                 0000000077631583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                       0000000077631621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68                                 0000000077631674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23                             00000000776316d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                         00000000776316e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                        0000000077631727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 7
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 16                       00000000776325d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\system32\wow64cpu.dll!CpuInitializeStartupContext + 308                   0000000077632714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 529                     0000000077632961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE[4756] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessTerm + 595                                0000000077632bd3 8 bytes [DC, 6A, 0D, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                                   00007ffa85064b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                                       00007ffa85064f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                                   00007ffa85065206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                                         00007ffa850653ff 8 bytes {JMP 0xffffffffffffffee}
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                                    00007ffa8506579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420                                                           00007ffa85065954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                                      00007ffa85065ef1 8 bytes {JMP 0xffffffffffffff9e}
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78                         00007ffa85065f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399                                                     00007ffa850660ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977                              00007ffa850664d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310                                                       00007ffa85066616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491                                                       00007ffa850666cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359                                            00007ffa85068397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67                                                 00007ffa85068a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864                                                00007ffa85068d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143                                                 00007ffa85068e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510                                                    00007ffa850690ae 8 bytes {JMP 0xffffffffffffff96}
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715                                                    00007ffa8506917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772                                                      00007ffa85069d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrAddRefDll + 685                                                          00007ffa85069fcd 8 bytes {JMP 0xffffffffffffffaf}
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 352                                                     00007ffa8506aae0 8 bytes {JMP 0xffffffffffffffcd}
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 488                                                     00007ffa8506ab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 3
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetVersion + 565                                                         00007ffa8506b2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78                                                    00007ffa8506b33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll + 311                                                          00007ffa8506c4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll + 528                                                          00007ffa8506c5b0 8 bytes {JMP 0xffffffffffffffc7}
.text   ...                                                                                                                                                                        * 2
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579                                     00007ffa8506d0d3 8 bytes {JMP 0xffffffffffffffef}
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47                                    00007ffa8506d10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495                                                     00007ffa8506d57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43                                                     00007ffa8506d6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456                                                    00007ffa8506d888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!TpReleaseWait + 180                                                         00007ffa8506d944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRegisterWait + 596                                                       00007ffa8506dba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWait + 424                                                           00007ffa8506dd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSetWaitEx + 771                                                           00007ffa8506e073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSetWaitEx + 948                                                           00007ffa8506e124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48                                                 00007ffa8506e160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRandomEx + 756                                                           00007ffa8506eb74 8 bytes {JMP 0xffffffffffffffd0}
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371                                                00007ffa8506fe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556                                                   00007ffa8507009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProtectHeap + 171                                                        00007ffa8507015b 8 bytes [70, 6C, 88, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744                                        00007ffa85071438 8 bytes [40, 6C, 88, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214                                                00007ffa850715e6 8 bytes [30, 6C, 88, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567                                               00007ffa85071877 8 bytes [20, 6C, 88, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429                                              00007ffa85071a2d 8 bytes [10, 6C, 88, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213                                                 00007ffa85071c35 8 bytes [00, 6C, 88, 7F, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread                                                      00007ffa850e1290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                    00007ffa850e1410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                          00007ffa850e1440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                        00007ffa850e1560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread                                                            00007ffa850e1610 8 bytes {JMP QWORD [RIP-0x71122]}
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                            00007ffa850e1cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread                                                          00007ffa850e1fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                          00007ffa850e2850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438                                                      00000000776313f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387                                                      0000000077631583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                            0000000077631621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68                                                      0000000077631674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                  00000000776316d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                                              00000000776316e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                                             0000000077631727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 7
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 16                                            00000000776325d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\system32\wow64cpu.dll!CpuInitializeStartupContext + 308                                        0000000077632714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 529                                          0000000077632961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE[832] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessTerm + 595                                                     0000000077632bd3 8 bytes [DC, 6A, 88, 7F, 00, 00, 00, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                                                       00007ffa85064b04 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                                                           00007ffa85064f2c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                                                       00007ffa85065206 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                                                             00007ffa850653ff 8 bytes {JMP 0xffffffffffffffee}
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                                                        00007ffa8506579f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420                                                                               00007ffa85065954 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                                                          00007ffa85065ef1 8 bytes {JMP 0xffffffffffffff9e}
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78                                             00007ffa85065f4e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 399                                                                         00007ffa850660ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfStateChangeNotification + 977                                                  00007ffa850664d1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSimpleTryPost + 310                                                                           00007ffa85066616 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSimpleTryPost + 491                                                                           00007ffa850666cb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlReportSilentProcessExit + 359                                                                00007ffa85068397 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 67                                                                     00007ffa85068a13 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrFindEntryForAddress + 864                                                                    00007ffa85068d30 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrGetDllHandleByName + 143                                                                     00007ffa85068e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 510                                                                        00007ffa850690ae 8 bytes {JMP 0xffffffffffffff96}
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 715                                                                        00007ffa8506917b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlQueueWorkItem + 772                                                                          00007ffa85069d14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrAddRefDll + 685                                                                              00007ffa85069fcd 8 bytes {JMP 0xffffffffffffffaf}
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 352                                                                         00007ffa8506aae0 8 bytes {JMP 0xffffffffffffffcd}
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!SbSelectProcedure + 488                                                                         00007ffa8506ab68 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 3
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetVersion + 565                                                                             00007ffa8506b2e5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetNtProductType + 78                                                                        00007ffa8506b33e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll + 311                                                                              00007ffa8506c4d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll + 528                                                                              00007ffa8506c5b0 8 bytes {JMP 0xffffffffffffffc7}
.text   ...                                                                                                                                                                        * 2
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 579                                                         00007ffa8506d0d3 8 bytes {JMP 0xffffffffffffffef}
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47                                                        00007ffa8506d10f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProcessFlsData + 495                                                                         00007ffa8506d57f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43                                                                         00007ffa8506d6eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 456                                                                        00007ffa8506d888 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!TpReleaseWait + 180                                                                             00007ffa8506d944 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRegisterWait + 596                                                                           00007ffa8506dba4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWait + 424                                                                               00007ffa8506dd58 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSetWaitEx + 771                                                                               00007ffa8506e073 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!TpSetWaitEx + 948                                                                               00007ffa8506e124 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsA + 48                                                                     00007ffa8506e160 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRandomEx + 756                                                                               00007ffa8506eb74 8 bytes {JMP 0xffffffffffffffd0}
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDeleteFunctionTable + 371                                                                    00007ffa8506fe63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAddFunctionTable + 556                                                                       00007ffa8507009c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProtectHeap + 171                                                                            00007ffa8507015b 8 bytes [70, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlInitializeCriticalSectionEx + 744                                                            00007ffa85071438 8 bytes [40, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwRegisterTraceGuidsW + 214                                                                    00007ffa850715e6 8 bytes [30, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!EtwNotificationRegister + 567                                                                   00007ffa85071877 8 bytes [20, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDllShutdownInProgress + 429                                                                  00007ffa85071a2d 8 bytes [10, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 213                                                                     00007ffa85071c35 8 bytes [00, 6C, F8, 7F, 00, 00, 00, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                          00007ffa850e1290 8 bytes {JMP QWORD [RIP-0x6fe5e]}
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                        00007ffa850e1410 8 bytes {JMP QWORD [RIP-0x6fe30]}
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                              00007ffa850e1440 8 bytes {JMP QWORD [RIP-0x712eb]}
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                            00007ffa850e1560 8 bytes {JMP QWORD [RIP-0x70c1e]}
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                00007ffa850e1610 8 bytes {JMP QWORD [RIP-0x71122]}
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                00007ffa850e1cd0 8 bytes {JMP QWORD [RIP-0x700a1]}
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread                                                                              00007ffa850e1fd0 8 bytes {JMP QWORD [RIP-0x705a9]}
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                              00007ffa850e2850 8 bytes {JMP QWORD [RIP-0x70fdf]}
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438                                                                          00000000776313f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387                                                                          0000000077631583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                                                0000000077631621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68                                                                          0000000077631674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                                      00000000776316d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                                                                  00000000776316e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                                                                 0000000077631727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 7
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 16                                                                00000000776325d0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\system32\wow64cpu.dll!CpuInitializeStartupContext + 308                                                            0000000077632714 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 529                                                              0000000077632961 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\Thomas\Desktop\Gmer-19357.exe[7104] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessTerm + 595                                                                         0000000077632bd3 8 bytes [DC, 6A, F8, 7F, 00, 00, 00, ...]

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [660:672]                                                                                                                                    fffff960009ad2d0

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                                                      unknown MBR code

---- EOF - GMER 2.1 ----
         
__________________

Alt 19.04.2015, 20:48   #4
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Windows 8: PUP.Optional.Trovi.A - Standard

Windows 8: PUP.Optional.Trovi.A





Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.


Los geht's:

Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 19.04.2015, 21:03   #5
Sabine74
 
Windows 8: PUP.Optional.Trovi.A - Standard

Windows 8: PUP.Optional.Trovi.A



Hallo Jürgen,
danke für deine Antwort!
Hier das Log von ADWcleaner:
Code:
ATTFilter
# AdwCleaner v4.201 - Bericht erstellt 19/04/2015 um 20:55:40
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-19.4 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Thomas - PC-WOHNZIMMER
# Gestarted von : C:\Users\Thomas\Desktop\AdwCleaner_4.201(1).exe
# Option : Suchlauf

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v37.0.1 (x86 de)

[zc8liam4.default-1415884574506] - Zeile Gefunden : user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml");

-\\ Google Chrome v42.0.2311.90

[C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gefunden [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gefunden [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gefunden [Startup_URLs] : hxxp://www.trovi.com/?gd=&ctid=CT3330152&octid=EB_ORIGINAL_CTID&ISID=M39612086-3067-41E0-920E-3B17A2D03C97&SearchSource=55&CUI=&UM=6&UP=SP22406D82-85F1-4A80-83AB-C8CCF6AD1AA8&SSPV=
[C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gefunden [Default_Search_Provider_Data] : {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}{google:contextualSearchVersion}ie={inputEncoding}",
         "usage_count": 0
      }
   },
   "extensions": {
      "settings": {
         "aapocclcgogkmnckokdopfmhonfmgoek": {
            "ack_external": true,
            "active_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "app_launcher_ordinal": "zm",
            "commands": {

            },
            "content_settings": [  ],
            "creation_flags": 137,
            "events": [  ],
            "from_bookmark": false,
            "from_webstore": true,
            "granted_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "incognito_content_settings": [  ],
            "incognito_preferences": {

            },
            "initial_keybindings_set": true,
            "install_time": "13068984708739966",
            "lastpingday": "13073382000362795",
            "location": 1,
            "manifest": {
               "api_console_project_id": "889782162350",
               "app": {
                  "launch": {
                     "local_path": "main.html"
                  }
               },
               "container": "GOOGLE_DRIVE",
               "current_locale": "de",
               "default_locale": "en_US",
               "description": "Präsentationen erstellen und bearbeiten",
               "icons": {
                  "128": "icon_128.png",
                  "16": "icon_16.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLOGW2Hoztw8m2z6SmCjm7y4Oe2o6aRqO+niYKCXhZab572by7acqFIFF0On3e3a967SwNijsTx2n+7Mt3KqWzEKtnwUZqzHYSsdZZK64vWIHIduawP0EICWRMf2RGIBEdDC6I1zErtcDiSrJWeRlnb0DHWXDXlt1YseM7RiON9wIDAQAB",
               "manifest_version": 2,
               "name": "Google Präsentationen",
               "offline_enabled": true,
               "update_url": "hxxps://clients2.google.com/service/update2/crx",
               "version": "0.9"
            },
            "page_ordinal": "n",
            "path": "aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0",
            "preferences": {

            },
            "regular_only_preferences": {

            },
            "state": 1,
            "was_installed_by_default": true,
            "was_installed_by_oem": false
         },
         "ahfgeienlihckogmohjhadlkjgocpleb": {
            "active_permissions": {
               "api": [ "management", "system.display", "system.storage", "webstorePrivate", "system.cpu", "system.memory", "system.network" ],
               "manifest_permissions": [  ]
            },
            "app_launcher_ordinal": "t",
            "commands": {

            },
            "content_settings": [  ],
            "creation_flags": 1,
            "ephemeral_app": false,
            "events": [  ],
            "from_bookmark": false,
            "from_webstore": false,
            "incognito_content_settings": [  ],
            "incognito_preferences": {

            },
            "install_time": "13055686744616890",
            "location": 5,
            "manifest": {
               "app": {
                  "launch": {
                     "web_url": "hxxps://chrome.google.com/webstore"
                  },
                  "urls": [ "hxxps://chrome.google.com/webstore" ]
               },
               "description": "Chrome Web Store",
               "icons": {
                  "128": "webstore_icon_128.png",
                  "16": "webstore_icon_16.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB",
               "name": "Store",
               "permissions": [ "webstorePrivate", "management" ],
               "version": "0.2"
            },
            "page_ordinal": "n",
            "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\37.0.2062.120\\resources\\web_store",
            "preferences": {

            },
            "regular_only_preferences": {

            },
            "was_installed_by_default": false,
            "was_installed_by_oem": false
         },
         "aohghmighlieiainnegkcijnfilokake": {
            "ack_external": true,
            "active_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "app_launcher_ordinal": "w",
            "commands": {

            },
            "content_settings": [  ],
            "creation_flags": 137,
            "events": [  ],
            "from_bookmark": false,
            "from_webstore": true,
            "granted_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "incognito_content_settings": [  ],
            "incognito_preferences": {

            },
            "initial_keybindings_set": true,
            "install_time": "13068984715022244",
            "lastpingday": "13073382000362795",
            "location": 1,
            "manifest": {
               "api_console_project_id": "619683526622",
               "app": {
                  "launch": {
                     "local_path": "main.html"
                  }
               },
               "container": "GOOGLE_DRIVE",
               "current_locale": "de",
               "default_locale": "en_US",
               "description": "Dokumente erstellen und bearbeiten",
               "icons": {
                  "128": "icon_128.png",
                  "16": "icon_16.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJhLK6fk/BWTEvJhywpk7jDe4A2r0bGXGOLZW4/AdBp3IiD9o9nx4YjLAtv0tIPxi7MvFd/GUUbQBwHT5wQWONJj1z/0Rc2qBkiJA0yqXh42p0snuA8dCfdlhOLsp7/XTMEwAVasjV5hC4awl78eKfJYlZ+8fM/UldLWJ/51iBQwIDAQAB",
               "manifest_version": 2,
               "name": "Google Docs",
               "offline_enabled": true,
               "update_url": "hxxps://clients2.google.com/service/update2/crx",
               "version": "0.9"
            },
            "page_ordinal": "n",
            "path": "aohghmighlieiainnegkcijnfilokake\\0.9_0",
            "preferences": {

            },
            "regular_only_preferences": {

            },
            "state": 1,
            "was_installed_by_default": true,
            "was_installed_by_oem": false
         },
         "apdfllckaahabafndbhieahigkjlhalf": {
            "ack_external": true,
            "active_permissions": {
               "api": [ "background", "clipboardRead", "clipboardWrite", "notifications", "unlimitedStorage" ],
               "manifest_permissions": [  ]
            },
            "app_launcher_ordinal": "y",
            "commands": {

            },
            "content_settings": [  ],
            "creation_flags": 137,
            "events": [  ],
            "from_bookmark": false,
            "from_webstore": true,
            "granted_permissions": {
               "api": [ "background", "clipboardRead", "clipboardWrite", "notifications", "unlimitedStorage" ],
               "manifest_permissions": [  ]
            },
            "incognito_content_settings": [  ],
            "incognito_preferences": {

            },
            "install_time": "13068984711230207",
            "lastpingday": "13073382000362795",
            "location": 1,
            "manifest": {
               "app": {
                  "launch": {
                     "web_url": "hxxps://drive.google.com/?usp=chrome_app"
                  },
                  "urls": [ "hxxp://docs.google.com/", "hxxp://drive.google.com/", "hxxps://docs.google.com/", "hxxps://drive.google.com/" ]
               },
               "background": {
                  "allow_js_access": false
               },
               "current_locale": "de",
               "default_locale": "en_US",
               "description": "Google Drive: Alle Inhalte an einem Ort erstellen, teilen und speichern.",
               "icons": {
                  "128": "128.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIl5KlKwL2TSkntkpY3naLLz5jsN0YwjhZyObcTOK6Nda4Ie21KRqZau9lx5SHcLh7pE2/S9OiArb+na2dn7YK5EvH+aRXS1ec3uxVlBhqLdnleVgwgwlg5fH95I52IeHcoeK6pR4hW/Nv39GNlI/Uqk6O6GBCCsAxYrdxww9BiQIDAQAB",
               "manifest_version": 2,
               "name": "Google Drive",
               "offline_enabled": true,
               "options_page": "hxxps://drive.google.com/settings",
               "permissions": [ "background", "clipboardRead", "clipboardWrite", "notifications", "unlimitedStorage" ],
               "update_url": "hxxps://clients2.google.com/service/update2/crx",
               "version": "6.4"
            },
            "page_ordinal": "n",
            "path": "apdfllckaahabafndbhieahigkjlhalf\\6.4_0",
            "preferences": {

            },
            "regular_only_preferences": {

            },
            "state": 1,
            "was_installed_by_default": true,
            "was_installed_by_oem": false
         },
         "bepbmhgboaologfdajaanbcjmnhjmhfn": {
            "disable_reasons": 1,
            "state": 0
         },
         "blbkdnmdcafmfhinpmnlhhddbepgkeaa": {
            "ack_external": true,
            "active_permissions": {
               "api": [ "contextMenus", "cookies", "management", "nativeMessaging", "tabs", "webNavigation", "webRequest", "webRequestBlocking" ],
               "explicit_host": [ "hxxp://*/*", "hxxps://*/*" ],
               "manifest_permissions": [  ],
               "scriptable_host": [ "\u003Call_urls>" ]
            },
            "commands": {

            },
            "content_settings": [  ],
            "creation_flags": 9,
            "ephemeral_app": false,
            "events": [  ],
            "from_bookmark": false,
            "from_webstore": true,
            "incognito_content_settings": [  ],
            "incognito_preferences": {

            },
            "initial_keybindings_set": true,
            "install_time": "13055686759009093",
            "lastpingday": "13073382000362795",
            "location": 6,
            "manifest": {
               "background": {
                  "page": "background/main.html",
                  "persistent": true
               },
               "browser_action": {
                  "default_icon": "images/kbrd-mini.png",
                  "default_title": "Virtuelle Tastatur",
                  "permissions": [ "tabs", "hxxp://*/", "hxxps://*/" ]
               },
               "content_scripts": [ {
                  "all_frames": true,
                  "js": [ "content_scripts/content_blocker/content.js", "content_scripts/virtual_keyboard/keypress_emulator.js", "content_scripts/virtual_keyboard/keypress_emulator_chrome.js", "content_scripts/virtual_keyboard/protectable_element_detector.js", "content_scripts/virtual_keyboard/icon_injector.js", "content_scripts/virtual_keyboard/icon_helper.js", "content_scripts/virtual_keyboard/tooltip.js", "content_scripts/virtual_keyboard/once_timed_tooltip.js", "content_scripts/virtual_keyboard/element_screen_position.js", "content_scripts/virtual_keyboard/tsf_composition_view.js", "content_scripts/virtual_keyboard/tsf_editor.js", "content_scripts/virtual_keyboard/tsf_editors_manager.js", "content_scripts/virtual_keyboard/content.js" ],
                  "matches": [ "\u003Call_urls>" ],
                  "permissions": [ "tabs", "hxxp://*/", "hxxps://*/", "chrome://*/" ],
                  "run_at": "document_start"
               } ],
               "content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'",
               "current_locale": "de",
               "default_locale": "en",
               "description": "",
               "icons": {
                  "128": "images/kaspersky_protection_plugin.png"
               },
               "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlAD42idoJ4UQDk+XJAcCWUdefBNwvN2JxKvUYNwWLUPV1ASZu9eRgKYer1828plXQXeKzxgSfUU7Z+2qktHbj8UZRejW7hyNn+sgkRhZvkQjlPgBfxDIGebPNhj3oWTvpPRaH7OfdHxSkc2NRiRX2ZNIPpUsrHmcPLcsW6j5CvyHDiXPu5a6D9aaaqpdr16yEu+F9qkGRyI2ePVmK/Y1e/Aqt6ai6tmukg/5Ni9phCnV0y4mGB3cwOEipAGDHJ7HKDAVyQK7Dxp+Pxi/BWBm+LMAIysyARNNkk4J9tL5lBynQzLjrFqo4kp5oCf2idzpj+xNtq6hsvtNIVCnnMHaWQIDAQAB",
               "manifest_version": 2,
               "minimum_chrome_version": "22.0.0.0",
               "name": "Kaspersky Protection",
               "permissions": [ "management", "cookies", "nativeMessaging", "contextMenus", "webNavigation", "webRequest", "webRequestBlocking", "tabs", "hxxp://*/", "hxxps://*/" ],
               "update_url": "hxxps://clients2.google.com/service/update2/crx",
               "version": "3.1.0.122",
               "web_accessible_resources": [ "pages/content_blocked.html", "pages/content_blocked.js" ]
            },
            "path": "blbkdnmdcafmfhinpmnlhhddbepgkeaa\\3.1.0.122_0",
            "preferences": {

            },
            "regular_only_preferences": {

            },
            "state": 0,
            "was_installed_by_default": false,
            "was_installed_by_oem": false
         },
         "blpcfgokakmgnkcojhhkbfbldkacnbeo": {
            "ack_external": true,
            "active_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "app_launcher_ordinal": "z",
            "commands": {

            },
            "content_settings": [  ],
            "creation_flags": 153,
            "events": [  ],
            "from_bookmark": true,
            "from_webstore": true,
            "granted_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "incognito_content_settings": [  ],
            "incognito_preferences": {

            },
            "install_time": "13068984712804021",
            "lastpingday": "13073382000362795",
            "location": 1,
            "manifest": {
               "app": {
                  "launch": {
                     "container": "tab",
                     "web_url": "hxxp://www.youtube.com/?feature=ytca"
                  },
                  "web_content": {
                     "enabled": true,
                     "origin": "hxxp://www.youtube.com"
                  }
               },
               "current_locale": "de",
               "default_locale": "en",
               "description": "Die beliebteste Online-Video-Community der Welt",
               "icons": {
                  "128": "128.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB",
               "manifest_version": 2,
               "name": "YouTube",
               "update_url": "hxxp://clients2.google.com/service/update2/crx",
               "version": "4.2.7"
            },
            "page_ordinal": "n",
            "path": "blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.7_0",
            "preferences": {

            },
            "regular_only_preferences": {

            },
            "state": 1,
            "was_installed_by_default": true,
            "was_installed_by_oem": false
         },
         "booedmolknjekdopkepjjeckmjkdpfgl": {
            "active_permissions": {
               "api": [ "tabs", "webNavigation", "webRequest", "webRequestBlocking" ],
               "explicit_host": [ "chrome://newtab/*", "chrome://settings-frame/*", "hxxp://*/*", "hxxps://*/*" ],
               "manifest_permissions": [  ],
               "scriptable_host": [ "chrome://settings-frame/*" ]
            },
            "commands": {

            },
            "content_settings": [  ],
            "creation_flags": 1,
            "events": [  ],
            "from_bookmark": false,
            "from_webstore": false,
            "incognito_content_settings": [  ],
            "incognito_preferences": {

            },
            "initial_keybindings_set": true,
            "install_time": "13060288729929644",
            "location": 5,
            "manifest": {
               "background": {
                  "persistent": true,
                  "scripts": [ "bk.js" ]
               },
               "content_scripts": [ {
                  "js": [ "cs.js" ],
                  "matches": [ "chrome://settings-frame/*" ]
               } ],
               "content_security_policy": "default-src 'self'; script-src chrome://resources 'self' chrome://settings-frame 'unsafe-eval'; frame-src 'self' chrome://settings-frame; style-src 'self' 'unsafe-inline';object-src 'self';",
               "description": "Extutil",
               "incognito": "spanning",
               "key": "MIAfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQcByy+ea9jzazWF/DPn7NW47sW7lgmpk6eKc0BQM18q8hvEM3zNm2n7HkJv/R6fU+X5mtqkDuKvq5skF6qqUF4oEyaleWDFhd1xFwV7JV+/DU7bZ00w2+6gzqsabkerFpoP33ZRIw7OviJenP0c0uWqDWF8EGSyMhB3txqhOtiQIDAQAB",
               "manifest_version": 2,
               "name": "Extutil",
               "permissions": [ "chrome://newtab/", "tabs", "webNavigation", "webRequest", "webRequestBlocking", "hxxp://*/*", "hxxps://*/*", "chrome://settings-frame/" ],
               "version": "0.1"
            },
            "path": "C:\\Users\\Thomas\\AppData\\Local\\Temp\\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B",
            "preferences": {

            },
            "regular_only_preferences": {

            },
            "state": 1,
            "was_installed_by_default": false,
            "was_installed_by_oem": false
         },
         "coobgpohoikkiipiblmjeljniedjpjpf": {
            "ack_external": true,
            "active_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "app_launcher_ordinal": "x",
            "commands": {

            },
            "content_settings": [  ],
            "creation_flags": 153,
            "events": [  ],
            "from_bookmark": true,
            "from_webstore": true,
            "granted_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "incognito_content_settings": [  ],
            "incognito_preferences": {

            },
            "install_time": "13073424400357829",
            "lastpingday": "13073382000362795",
            "location": 1,
            "manifest": {
               "app": {
                  "launch": {
                     "web_url": "hxxp://www.google.com/webhp?source=search_app"
                  },
                  "urls": [ "*://www.google.com/search", "*://www.google.com/webhp", "*://www.google.com/imgres" ]
               },
               "current_locale": "de",
               "default_locale": "en",
               "description": "Die schnellste Suche im Web.",
               "icons": {
                  "128": "128.png",
                  "16": "16.png",
                  "32": "32.png",
                  "48": "48.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIiso3Loy5VJHL40shGhUl6it5ZG55XB9q/2EX6aa88jAxwPutbCgy5d9bm1YmBzLfSgpX4xcpgTU08ydWbd7b50fbkLsqWl1mRhxoqnN01kuNfv9Hbz9dWWYd+O4ZfD3L2XZs0wQqo0y6k64n+qeLkUMd1MIhf6MR8Xz1SOA8pwIDAQAB",
               "manifest_version": 2,
               "name": "Google-Suche",
               "permissions": [  ],
               "update_url": "hxxp://clients2.google.com/service/update2/crx",
               "version": "0.0.0.30"
            },
            "page_ordinal": "n",
            "path": "coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.30_0",
            "preferences": {

            },
            "regular_only_preferences": {

            },
            "state": 1,
            "was_installed_by_default": true,
            "was_installed_by_oem": false
         },
         "dchlnpcodkpfdpacogkljefecpegganj": {
            "ack_external": true,
            "active_permissions": {
               "api": [ "contextMenus", "plugin", "tabs" ],
               "explicit_host": [ "hxxp://*/*", "hxxps://*/*" ],
               "manifest_permissions": [  ],
               "scriptable_host": [ "\u003Call_urls>" ]
            },
            "commands": {

            },
            "content_settings": [  ],
            "creation_flags": 1,
            "ephemeral_app": false,
            "events": [  ],
            "external_first_run": true,
            "from_bookmark": false,
            "from_webstore": false,
            "incognito_content_settings": [  ],
            "incognito_preferences": {

            },
            "initial_keybindings_set": true,
            "install_time": "13055686747912093",
            "lastpingday": "13073382000362795",
            "location": 3,
            "manifest": {
               "background": {
                  "page": "background/main.html",
                  "persistent": true
               },
               "browser_action": {
                  "default_icon": "images/logo.png",
                  "permissions": [ "tabs", "hxxp://*/", "hxxps://*/" ]
               },
               "content_scripts": [ {
                  "js": [ "background/lcr.js", "background/links_mode.js", "content_scripts/parse_url.js", "content_scripts/images.js", "content_scripts/content.js" ],
                  "matches": [ "\u003Call_urls>" ],
                  "permissions": [ "tabs", "hxxp://*/", "hxxps://*/", "chrome://*/" ]
               } ],
               "current_locale": "de",
               "default_locale": "en",
               "description": "",
               "icons": {
                  "48": "images/linkfilter.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoT5JIHtvANTHxjeMIDoDIO4GErND6wLGKz6RgVBh0MkCUgWriFtriQH9VEj2ie+T4pGHPLsFvOSNu3Qe62IX1uJObiArdfdbiT//IRBIlPl3mqwj3xH8+M4YLpkXEU3zX6oavtcxZpWDkQHB+5Pfp9IRo+az61Td4rgBZwxEAyQIDAQAB",
               "manifest_version": 2,
               "minimum_chrome_version": "18.0.0.0",
               "name": "Modul zur Link-Untersuchung",
               "permissions": [ "contextMenus", "tabs", "hxxp://*/", "hxxps://*/" ],
               "plugins": [ {
                  "path": "plugin/npUrlAdvisor.dll",
                  "public": true
               } ],
               "version": "14.0.0.4651"
            },
            "path": "dchlnpcodkpfdpacogkljefecpegganj\\14.0.0.4651_0",
            "preferences": {

            },
            "regular_only_preferences": {

            },
            "state": 0,
            "was_installed_by_default": false,
            "was_installed_by_oem": false
         },
         "dnhpdliibojhegemfjheidglijccjfmc": {
            "active_permissions": {
               "api": [ "hotwordPrivate", "tabs", "webConnectable" ],
               "explicit_host": [ "*://*.google.co.uk/*", "*://*.google.com/*", "*://*.google.de/*", "*://*.google.fr/*", "*://*.google.ru/*", "chrome://newtab/*" ],
               "manifest_permissions": [  ]
            },
            "commands": {

            },
            "content_settings": [  ],
            "creation_flags": 1,
            "ephemeral_app": false,
            "events": [  ],
            "from_bookmark": false,
            "from_webstore": false,
            "incognito_content_settings": [  ],
            "incognito_preferences": {

            },
            "initial_keybindings_set": true,
            "install_time": "13055714607340427",
            "location": 5,
            "manifest": {
               "background": {
                  "persistent": false,
                  "scripts": [ "manager.js" ]
               },
               "externally_connectable": {
                  "matches": [ "*://*.google.com/*", "*://*.google.ru/*", "*://*.google.co.uk/*", "*://*.google.fr/*", "*://*.google.de/*", "chrome://newtab/" ]
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDagiQy1VGkO2CHJSjVh7eU5GtuBuOlg2/cTZt7203AcevqpcDd+65S2/yd9KAELYcU6pK8nHVGYBMI6s0u+0RgXfIJ0eFOlTlgfAQWHvg8ovHtJlFJd1COrOkbntD9+s9Jobr3ldmow87aZF1bVHUY4khVP56cZe6adlVw2wK31QIDAQAB",
               "manifest_version": 2,
               "minimum_chrome_version": "32",
               "name": "hotword helper",
               "permissions": [ "*://*.google.com/*", "*://*.google.ru/*", "*://*.google.co.uk/*", "*://*.google.fr/*", "*://*.google.de/*", "chrome://newtab/", "hotwordPrivate", "tabs" ],
               "version": "0.0.2.0"
            },
            "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\37.0.2062.120\\resources\\hotword_helper",
            "preferences": {

            },
            "regular_only_preferences": {

            },
            "was_installed_by_default": false,
            "was_installed_by_oem": false
         },
         "eemcgdkfndhakfknompkggombfjjjeno": {
            "active_permissions": {
               "api": [ "bookmarks", "bookmarkManagerPrivate", "metricsPrivate", "systemPrivate", "tabs" ],
               "explicit_host": [ "chrome://favicon/*", "chrome://resources/*" ],
               "manifest_permissions": [  ]
            },
            "commands": {

            },
            "content_settings": [  ],
            "creation_flags": 1,
            "ephemeral_app": false,
            "events": [  ],
            "from_bookmark": false,
            "from_webstore": false,
            "incognito_content_settings": [  ],
            "incognito_preferences": {

            },
            "initial_keybindings_set": true,
            "install_time": "13055686744616890",
            "location": 5,
            "manifest": {
               "chrome_url_overrides": {
                  "bookmarks": "main.html"
               },
               "content_security_policy": "object-src 'none'; script-src chrome://resources 'self'",
               "description": "Bookmark Manager",
               "icons": {

               },
               "incognito": "split",
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQcByy+eN9jzazWF/DPn7NW47sW7lgmpk6eKc0BQM18q8hvEM3zNm2n7HkJv/R6fU+X5mtqkDuKvq5skF6qqUF4oEyaleWDFhd1xFwV7JV+/DU7bZ00w2+6gzqsabkerFpoP33ZRIw7OviJenP0c0uWqDWF8EGSyMhB3txqhOtiQIDAQAB",
               "manifest_version": 2,
               "name": "Bookmark Manager",
               "permissions": [ "bookmarks", "bookmarkManagerPrivate", "metricsPrivate", "systemPrivate", "tabs", "chrome://favicon/", "chrome://resources/" ],
               "version": "0.1"
            },
            "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\37.0.2062.120\\resources\\bookmark_manager",
            "preferences": {

            },
            "regular_only_preferences": {

            },
            "was_installed_by_default": false,
            "was_installed_by_oem": false
         },
         "ennkphjdgehloodpbhlhldgbnhmacadg": {
            "active_permissions": {
               "api": [  ],
               "explicit_host": [ "chrome://settings-frame/*" ],
               "manifest_permissions": [  ]
            },
            "commands": {

            },
            "content_settings": [  ],
            "creation_flags": 1,
            "ephemeral_app": false,
            "events": [ "app.runtime.onLaunched" ],
            "from_bookmark": false,
            "from_webstore": false,
            "incognito_content_settings": [  ],
            "incognito_preferences": {

            },
            "initial_keybindings_set": true,
            "install_time": "13055686744616890",
            "location": 5,
            "manifest": {
               "app": {
                  "background": {
                     "scripts": [ "settings_app.js" ]
                  }
               },
               "description": "Settings",
               "display_in_launcher": false,
               "icons": {
                  "128": "settings_app_icon_128.png",
                  "16": "settings_app_icon_16.png",
                  "32": "settings_app_icon_32.png",
                  "48": "settings_app_icon_48.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoVDPGX6fvKPVVgc+gnkYlGqHuuapgFDyKhsy4z7UzRLO/95zXPv8h8e5EacqbAQJLUbP6DERH5jowyNEYVxq9GJyntJMwP1ejvoz/52hnY3CCGGCmttmKzzpp5zwLuq3iZf8bslwywfflNUYtaCFSDa0TtrBZz0aOPrAAd/AhNwIDAQAB",
               "manifest_version": 2,
               "name": "Settings",
               "permissions": [ "chrome://settings-frame/" ],
               "version": "0.2"
            },
            "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\37.0.2062.120\\resources\\settings_app",
            "preferences": {

            },
            "regular_only_preferences": {

            },
            "running": false,
            "was_installed_by_default": false,
            "was_installed_by_oem": false
         },
         "felcaaldnbdncclmgdcncolpebgiejap": {
            "ack_external": true,
            "active_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "app_launcher_ordinal": "zs",
            "commands": {

            },
            "content_settings": [  ],
            "creation_flags": 137,
            "events": [  ],
            "from_bookmark": false,
            "from_webstore": true,
            "granted_permissions": {
               "api": [  ],
               "manifest_permissions": [  ]
            },
            "incognito_content_settings": [  ],
            "incognito_preferences": {

            },
            "initial_keybindings_set": true,
            "install_time": "13068984709891428",
            "lastpingday": "13073382000362795",
            "location": 1,
            "manifest": {
               "api_console_project_id": "1083656409722",
               "app": {
                  "launch": {
                     "local_path": "main.html"
                  }
               },
               "container": "GOOGLE_DRIVE",
               "current_locale": "de",
               "default_locale": "en_US",
               "description": "Tabellen erstellen und bearbeiten",
               "icons": {
                  "128": "icon_128.png",
                  "16": "icon_16.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0AHrkP4MHPDKQI/O9LqZjtM24hKApaT3uVHeOduC06ZXWuwVRvx2wy5JUmMHfefXRG26tErgZSWpbxkm+2xfplKnT+grXF771HDgsNrNXERJHq7tnoYsWRiG3Gbs5BI4Ei+naZ/nyiWblbT4GyuD9N5yXNtoM0AnK+0FYhbO7IwIDAQAB",
               "manifest_version": 2,
               "name": "Google Tabellen",
               "offline_enabled": true,
               "update_url": "hxxps://clients2.google.com/service/update2/crx",
               "version": "1.1"
            },
            "page_ordinal": "n",
            "path": "felcaaldnbdncclmgdcncolpebgiejap\\1.1_0",
            "preferences": {

            },
            "regular_only_preferences": {

            },
            "state": 1,
            "was_installed_by_default": true,
            "was_installed_by_oem": false
         },
         "flpcjncodpafbgdpnkljologafpionhb": {
            "active_permissions": {
               "api": [ "tabs", "webNavigation" ],
               "explicit_host": [ "chrome://favicon/*", "chrome://resources/*", "chrome://settings-frame/*", "hxxp://*.conduit.com/*

*************************

AdwCleaner[R0].txt - [8532 Bytes] - [02/09/2013 22:05:54]
AdwCleaner[R1].txt - [5884 Bytes] - [13/11/2014 14:27:56]
AdwCleaner[R2].txt - [982 Bytes] - [13/11/2014 15:20:56]
AdwCleaner[R3].txt - [2106 Bytes] - [14/03/2015 23:49:13]
AdwCleaner[R4].txt - [34414 Bytes] - [19/04/2015 20:55:40]
AdwCleaner[S0].txt - [7905 Bytes] - [02/09/2013 22:08:40]
AdwCleaner[S1].txt - [1042 Bytes] - [13/11/2014 15:26:00]
AdwCleaner[S2].txt - [2121 Bytes] - [14/03/2015 23:57:07]

########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [34651 Bytes] ##########
         


Alt 19.04.2015, 21:20   #6
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Windows 8: PUP.Optional.Trovi.A - Standard

Windows 8: PUP.Optional.Trovi.A



Zitat:
# Option : Suchlauf
Bitte Löschen wählen und Log posten.
__________________
--> Windows 8: PUP.Optional.Trovi.A

Alt 19.04.2015, 21:23   #7
Sabine74
 
Windows 8: PUP.Optional.Trovi.A - Standard

Windows 8: PUP.Optional.Trovi.A



Ach so, das habe ich gemacht, wahrscheinlich war ist das dann dieses Log: (?)
Code:
ATTFilter
# AdwCleaner v4.201 - Bericht erstellt 19/04/2015 um 20:57:25
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-19.4 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Thomas - PC-WOHNZIMMER
# Gestarted von : C:\Users\Thomas\Desktop\AdwCleaner_4.201(1).exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v37.0.1 (x86 de)

[zc8liam4.default-1415884574506\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml");

-\\ Google Chrome v42.0.2311.90

[C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Startup_URLs] : hxxp://www.trovi.com/?gd=&ctid=CT3330152&octid=EB_ORIGINAL_CTID&ISID=M39612086-3067-41E0-920E-3B17A2D03C97&SearchSource=55&CUI=&UM=6&UP=SP22406D82-85F1-4A80-83AB-C8CCF6AD1AA8&SSPV=
[C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Default_Search_Provider_Data] : 

*************************

AdwCleaner[R0].txt - [8532 Bytes] - [02/09/2013 22:05:54]
AdwCleaner[R1].txt - [5884 Bytes] - [13/11/2014 14:27:56]
AdwCleaner[R2].txt - [982 Bytes] - [13/11/2014 15:20:56]
AdwCleaner[R3].txt - [2106 Bytes] - [14/03/2015 23:49:13]
AdwCleaner[R4].txt - [34731 Bytes] - [19/04/2015 20:55:40]
AdwCleaner[S0].txt - [7905 Bytes] - [02/09/2013 22:08:40]
AdwCleaner[S1].txt - [1042 Bytes] - [13/11/2014 15:26:00]
AdwCleaner[S2].txt - [2121 Bytes] - [14/03/2015 23:57:07]
AdwCleaner[S3].txt - [2092 Bytes] - [19/04/2015 20:57:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2151  Bytes] ##########
         

Alt 19.04.2015, 21:30   #8
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Windows 8: PUP.Optional.Trovi.A - Standard

Windows 8: PUP.Optional.Trovi.A





Schritt 1

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt 2



Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 20.04.2015, 08:54   #9
Sabine74
 
Windows 8: PUP.Optional.Trovi.A - Standard

Windows 8: PUP.Optional.Trovi.A



Hallo, hier das Eset Log:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e68599e886f78944a207c52edce7d5dc
# engine=23459
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-19 10:04:49
# local_time=2015-04-20 12:04:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1292 16777213 100 100 11165 60959111 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 2128011 36887569 0 0
# scanned=411196
# found=3
# cleaned=0
# scan_time=8574
sh=284BB394DE3FBCAB7D49FF34FC70255C3B9284A4 ft=1 fh=ba9d51b331077012 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ORBTR\Orbt.ext.vir"
sh=FA55D765ACECF0E142995558447BA1C0C64A95B9 ft=1 fh=8a5fed32a6adae19 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir"
sh=7377DE6939E0ECFF63C7638C5B4D7035DE2A5784 ft=1 fh=32eff61873665b66 vn="Win32/Bundlore.Q evtl. unerwünschte Anwendung" ac=I fn="C:\b383a41a-c551-4660-bdbf-0d0b127ec680\InstallerHelper.dll"
         
Entschuldige, habe gerade noch gesehen, dass ich FRST auch noch laufen lassen soll!

FRST.txt

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2015 01
Ran by Thomas (administrator) on PC-WOHNZIMMER on 20-04-2015 08:53:10
Running from C:\Users\Thomas\Desktop
Loaded Profiles: Thomas (Available profiles: UpdatusUser & Sabine & Thomas)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [692208 2012-12-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [4391072 2012-11-09] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-09-06] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [OV3_Monitor] => C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\FirstStart.exe [55664 2014-09-09] (OLYMPUS IMAGING CORP.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\...\Run: [CAHeadless] => c:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [835224 2011-09-14] (Adobe Systems Incorporated)
HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\...\Run: [OV3_Monitor] => C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe [420208 2014-09-09] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [589312 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
AppInit_DLLs: c:\windows\system32\nvinitx.dll => c:\windows\system32\nvinitx.dll [168616 2013-12-18] (NVIDIA Corporation)
AppInit_DLLs: , c:\windows\system32\nvinitx.dll => c:\windows\system32\nvinitx.dll [168616 2013-12-18] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [141336 2013-12-18] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-01-06]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013-09-06]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk [2013-04-18]
ShortcutTarget: Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2013-09-04]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk [2013-04-13]
ShortcutTarget: Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1023412029-2558512523-2891409035-1004 -> {CE8B75EB-17F6-4674-98BD-489442F37A2F} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-11-07] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-18] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-20] (Kaspersky Lab ZAO)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-02-18] (Kaspersky Lab ZAO)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-11-07] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-18] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-20] (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-02-18] (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\zc8liam4.default-1415884574506
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1023412029-2558512523-2891409035-1004: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Extension: WEB.DE MailCheck - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\zc8liam4.default-1415884574506\Extensions\toolbar@web.de [2015-04-18]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-09-17]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-09-17]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-09-17]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-09-17]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-09-17]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR HomePage: Default -> https://www.google.de/
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-20]
CHR Extension: (Google Docs) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-20]
CHR Extension: (Google Drive) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-20]
CHR Extension: (Kaspersky Protection) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-09-20]
CHR Extension: (YouTube) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-20]
CHR Extension: (Google Search) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-20]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-09-20]
CHR Extension: (Google Sheets) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-20]
CHR Extension: (Safe Money) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-09-20]
CHR Extension: (Dangerous Websites Blocker) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-09-20]
CHR Extension: (Virtual Keyboard) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-09-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-20]
CHR Extension: (Gmail) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-20]
CHR Extension: (Anti-Banner) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-09-20]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor10.0; c:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-02] (Kaspersky Lab ZAO)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [211320 2015-02-11] (Dell Inc.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915408 2013-10-10] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-02-26] (Dell Computer Corporation)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-07] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2013-11-07] (Kaspersky Lab)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-10-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-02] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2013-12-20] (Kaspersky Lab ZAO)
S3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [43456 2014-08-06] (hxxp://libusb-win32.sourceforge.net)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-20 08:52 - 2015-04-20 08:52 - 00000000 ____D () C:\Users\Thomas\Desktop\FRST-OlderVersion
2015-04-19 21:37 - 2015-04-19 21:37 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-04-19 21:35 - 2015-04-19 21:35 - 02347384 _____ (ESET) C:\Users\Thomas\Desktop\esetsmartinstaller_deu.exe
2015-04-19 20:58 - 2015-04-19 20:58 - 00000354 _____ () C:\WINDOWS\PFRO.log
2015-04-19 20:54 - 2015-04-19 20:54 - 02217984 _____ () C:\Users\Thomas\Desktop\AdwCleaner_4.201(1).exe
2015-04-19 20:52 - 2015-04-19 20:52 - 02217984 _____ () C:\Users\Thomas\Downloads\AdwCleaner_4.201.exe
2015-04-19 10:11 - 2015-04-19 10:11 - 00015872 ___SH () C:\Users\Thomas\Desktop\Thumbs.db
2015-04-19 10:11 - 2015-04-19 09:30 - 423004151 _____ () C:\Users\Thomas\Desktop\Moriskentanz 2003.wmv
2015-04-19 10:11 - 1980-01-01 00:02 - 00523812 _____ () C:\Users\Thomas\Desktop\MM_PLAY_TIME.ini
2015-04-19 10:11 - 1980-01-01 00:00 - 00000000 ____D () C:\Users\Thomas\Desktop\PVRRECORD
2015-04-17 09:06 - 2015-04-19 21:33 - 00002670 _____ () C:\WINDOWS\setupact.log
2015-04-17 09:06 - 2015-04-17 09:06 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-04-16 23:40 - 2015-04-16 23:40 - 00185988 _____ () C:\Users\Thomas\Desktop\Gmer.txt
2015-04-16 23:34 - 2015-04-16 23:34 - 00380416 _____ () C:\Users\Thomas\Desktop\Gmer-19357.exe
2015-04-16 23:29 - 2015-04-16 23:29 - 00032290 _____ () C:\Users\Thomas\Desktop\Addition.txt
2015-04-16 23:28 - 2015-04-20 08:53 - 00031237 _____ () C:\Users\Thomas\Desktop\FRST.txt
2015-04-16 23:28 - 2015-04-20 08:53 - 00000000 ____D () C:\FRST
2015-04-16 23:27 - 2015-04-20 08:52 - 02098176 _____ (Farbar) C:\Users\Thomas\Desktop\FRST64.exe
2015-04-16 23:26 - 2015-04-16 23:26 - 00000474 _____ () C:\Users\Thomas\Desktop\defogger_disable.log
2015-04-16 23:26 - 2015-04-16 23:26 - 00000000 _____ () C:\Users\Thomas\defogger_reenable
2015-04-16 23:25 - 2015-04-16 23:25 - 00050477 _____ () C:\Users\Thomas\Desktop\Defogger.exe
2015-04-16 22:48 - 2015-04-16 22:48 - 05344528 _____ (Piriform Ltd) C:\Users\Thomas\Downloads\ccsetup504.exe
2015-04-16 22:40 - 2015-04-16 22:40 - 00001286 _____ () C:\Users\Thomas\Desktop\Revo Uninstaller.lnk
2015-04-16 22:40 - 2015-04-16 22:40 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-04-16 22:39 - 2015-04-16 22:39 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Thomas\Downloads\revosetup95.exe
2015-04-16 22:30 - 2015-04-16 22:30 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-16 22:11 - 2015-04-16 22:12 - 00000000 ____D () C:\Program Files\IDT
2015-04-16 22:11 - 2015-04-16 22:11 - 00001650 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDT Audio Control Panel.lnk
2015-04-16 22:07 - 2015-04-16 22:07 - 00000000 ____D () C:\Program Files (x86)\Dell Update
2015-04-16 22:06 - 2015-04-16 22:06 - 14313040 _____ (Dell Inc.) C:\Users\Thomas\Downloads\Application_56J82_WN32_1.4.2000.0_A07.EXE
2015-04-16 22:04 - 2015-04-16 22:04 - 00417064 _____ () C:\Users\Thomas\Downloads\DellSystemDetectLauncher.exe
2015-04-16 10:38 - 2015-04-16 10:38 - 00300963 _____ () C:\Users\Thomas\Downloads\winmail.dat
2015-04-15 16:59 - 2015-04-15 16:59 - 06821496 _____ (TomTom International B.V.) C:\Users\Thomas\Downloads\InstallMyDriveConnect(1).exe
2015-04-15 14:08 - 2015-04-15 14:08 - 06821496 _____ (TomTom International B.V.) C:\Users\Thomas\Downloads\InstallMyDriveConnect.exe
2015-04-15 13:20 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-15 13:20 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-15 13:20 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-15 13:20 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-15 13:20 - 2015-03-14 10:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-15 13:20 - 2015-03-14 10:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-15 13:19 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-15 13:19 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-15 13:19 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-15 13:19 - 2014-12-03 01:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-04-15 11:52 - 2015-03-23 23:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-15 11:52 - 2015-03-23 23:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-15 11:52 - 2015-03-23 23:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-15 11:52 - 2015-03-23 23:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-15 11:52 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-15 11:52 - 2015-03-20 06:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-15 11:52 - 2015-03-20 06:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-15 11:52 - 2015-03-20 06:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-15 11:52 - 2015-03-20 05:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-15 11:52 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-15 11:52 - 2015-03-20 04:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-15 11:52 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-15 11:52 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-15 11:52 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-15 11:52 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-15 11:52 - 2015-03-13 05:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-15 11:52 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-15 11:52 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-15 11:52 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-15 11:52 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-15 11:52 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-15 11:52 - 2015-03-13 05:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-15 11:52 - 2015-03-13 05:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-15 11:52 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-15 11:52 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-15 11:52 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-15 11:52 - 2015-03-13 04:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-15 11:52 - 2015-03-13 04:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-15 11:52 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-15 11:52 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-15 11:52 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-15 11:52 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-15 11:52 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-15 11:52 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-15 11:52 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-15 11:52 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-15 11:52 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-15 11:52 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-15 11:52 - 2015-02-21 01:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-15 11:51 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-15 11:51 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-15 11:51 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-15 11:51 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-15 11:51 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-15 11:51 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-15 11:51 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-15 11:51 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-15 11:51 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-15 11:51 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-15 11:51 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-15 11:51 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-15 11:51 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-15 11:51 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-15 11:51 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-15 11:51 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-15 11:51 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-15 11:51 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-15 11:51 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 11:51 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 11:51 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-15 11:51 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-13 19:58 - 2015-04-13 19:59 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-13 19:58 - 2015-04-13 19:58 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-12 19:48 - 2015-04-12 19:48 - 00004040 _____ () C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-04-12 19:48 - 2015-04-12 19:48 - 00003484 _____ () C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2015-04-12 19:48 - 2015-04-12 19:48 - 00003230 _____ () C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2015-04-12 19:48 - 2015-04-12 19:48 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2015-04-12 19:48 - 2015-04-12 19:48 - 00000000 ____D () C:\Program Files\Dell Support Center
2015-04-11 22:20 - 2015-04-11 22:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-11 21:44 - 2015-04-11 21:44 - 00001767 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-04-11 21:44 - 2015-04-11 21:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-11 21:43 - 2015-04-11 21:43 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-04-11 21:43 - 2015-04-11 21:43 - 00000000 ____D () C:\Program Files\iTunes
2015-04-11 21:43 - 2015-04-11 21:43 - 00000000 ____D () C:\Program Files\iPod

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-20 08:26 - 2013-04-13 22:30 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-20 08:20 - 2013-09-17 13:27 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-04-20 08:05 - 2015-03-14 23:24 - 01289738 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-20 08:05 - 2014-09-20 13:38 - 00001146 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-20 08:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-20 01:00 - 2014-08-27 09:08 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Adobe
2015-04-19 21:34 - 2013-09-30 06:14 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-19 21:34 - 2013-09-30 05:56 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-04-19 21:34 - 2013-09-30 05:56 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-04-19 21:07 - 2013-04-03 04:52 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-04-19 20:59 - 2014-11-06 16:59 - 00000000 ___RD () C:\Users\Thomas\iCloudDrive
2015-04-19 20:59 - 2014-09-20 13:38 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-19 20:58 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-19 20:58 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-19 20:57 - 2013-09-02 22:04 - 00000000 ____D () C:\AdwCleaner
2015-04-18 21:17 - 2013-04-13 20:08 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1023412029-2558512523-2891409035-1004
2015-04-18 21:06 - 2014-09-20 13:39 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-17 12:18 - 2015-03-20 21:16 - 00000000 ____D () C:\ProgramData\SupportAssistAgent
2015-04-17 10:04 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-17 09:52 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-17 09:31 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-16 23:26 - 2013-12-06 00:07 - 00000000 ____D () C:\Users\Thomas
2015-04-16 23:25 - 2013-05-30 21:51 - 03637248 ___SH () C:\Users\Thomas\Downloads\Thumbs.db
2015-04-16 23:00 - 2013-07-04 11:26 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Samsung
2015-04-16 23:00 - 2013-07-04 11:26 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Samsung
2015-04-16 23:00 - 2013-07-04 11:21 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-04-16 22:59 - 2013-07-04 11:21 - 00000000 ____D () C:\ProgramData\Samsung
2015-04-16 22:59 - 2013-04-03 04:37 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-16 22:51 - 2014-06-11 22:53 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-16 22:48 - 2013-04-29 14:09 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-16 22:48 - 2013-04-29 14:09 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-16 22:41 - 2014-12-17 13:11 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Deployment
2015-04-16 22:30 - 2015-03-14 00:20 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-16 22:07 - 2013-04-15 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-04-16 22:07 - 2013-04-03 04:43 - 00000000 ____D () C:\ProgramData\PCDr
2015-04-16 22:07 - 2013-04-03 04:43 - 00000000 ____D () C:\ProgramData\Dell
2015-04-16 14:37 - 2013-04-13 20:00 - 00000000 ____D () C:\Users\Thomas\AppData\Local\VirtualStore
2015-04-16 14:35 - 2013-09-02 19:09 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-16 14:32 - 2013-04-17 10:16 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-16 14:32 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-15 16:45 - 2013-09-09 20:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-15 14:08 - 2014-06-04 20:17 - 00000000 ____D () C:\Program Files (x86)\MyDrive Connect
2015-04-15 11:45 - 2014-11-12 12:27 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-04-14 22:08 - 2013-04-16 20:01 - 00000000 ____D () C:\Users\Thomas\Documents\Urlaubsplanungen
2015-04-14 20:26 - 2013-04-13 22:30 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-14 01:24 - 2015-03-14 11:55 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-14 01:24 - 2015-03-14 11:55 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-12 21:57 - 2013-04-13 20:00 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Packages
2015-04-11 21:43 - 2014-03-18 15:08 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-04-11 21:43 - 2013-05-26 14:01 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-26 08:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-26 08:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-26 08:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-26 08:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-26 08:57 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-26 08:57 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

==================== Files in the root of some directories =======

2014-12-11 22:40 - 2014-12-11 22:40 - 0007602 _____ () C:\Users\Thomas\AppData\Local\Resmon.ResmonCfg
2013-04-03 04:49 - 2013-04-03 04:50 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-04-03 04:46 - 2013-04-03 04:47 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-04-03 04:47 - 2013-04-03 04:48 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-04-03 04:45 - 2013-04-03 04:46 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-04-03 04:48 - 2013-04-03 04:49 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Some content of TEMP:
====================
C:\Users\Thomas\AppData\Local\Temp\Quarantine.exe
C:\Users\Thomas\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-19 21:21

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 20.04.2015, 10:30   #10
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Windows 8: PUP.Optional.Trovi.A - Standard

Windows 8: PUP.Optional.Trovi.A



Prima!

Rechner ist jetzt sauber:

Schritt 1



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
ATTFilter
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
C:\b383a41a-c551-4660-bdbf-0d0b127ec680\InstallerHelper.dll
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1023412029-2558512523-2891409035-1004 -> {CE8B75EB-17F6-4674-98BD-489442F37A2F} URL = 
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
         
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.



Cleanup:


Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Alle Logs gepostet? Ja! Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.




>>clean<<
Wir haben es geschafft!
Die Logs sehen für mich im Moment sauber aus.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.
Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.

Wie kann ich mich in Zukunft besser schützen?

Tipps, Dos & Don'ts

Updates & Software
Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.

Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.



Firewall, Antivirus & Co.
  • Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.
  • Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. (Updatefunktion aktivieren!)
    Meine Empfehlungen:
    Kaspersky Antivirus
    Emsisoft Anti-Malware
    avast Free Antivirus
  • Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

    Optional:
  • NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.


Cracks, Downloads & Co.


Neben unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.
Der Besuch dubioser Websites kann bereits Risiken bergen. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher und beliebter Weg um Malware zu verbreiten.
Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kann man nie sicher sein, ob auch wirklich drin ist, was drauf steht. (Trojanisches Pferd^^)
  • Auch virustotal.com ist Dein Freund! Lade dubiose oder unbekannte Dateien hoch, bevor Du diese startest oder installierst.

Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden zu verleiten, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
  • Surfe daher mit Vorsicht und klicke mit Verstand.
  • Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von Dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo Deine Daten eingeben.
  • Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst Du von einem Deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und Du solltest nicht denselben Fehler machen.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
  • Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
  • Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
  • Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
  • Erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
  • Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 20.04.2015, 16:42   #11
Sabine74
 
Windows 8: PUP.Optional.Trovi.A - Standard

Windows 8: PUP.Optional.Trovi.A



ok erledigt! Vielen, vielen Dank für die Hilfe! Ich werde euch gerne mit einer Spende unterstützen.
Viele Grüße
Sabine

Fixlist.txt
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-04-2015 01
Ran by Thomas at 2015-04-20 16:39:57 Run:1
Running from C:\Users\Thomas\Desktop
Loaded Profiles: Thomas (Available profiles: UpdatusUser & Sabine & Thomas)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
C:\b383a41a-c551-4660-bdbf-0d0b127ec680\InstallerHelper.dll
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1023412029-2558512523-2891409035-1004 -> {CE8B75EB-17F6-4674-98BD-489442F37A2F} URL = 
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
         
*****************

C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
C:\b383a41a-c551-4660-bdbf-0d0b127ec680\InstallerHelper.dll => Moved successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1023412029-2558512523-2891409035-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CE8B75EB-17F6-4674-98BD-489442F37A2F}" => Key deleted successfully.
HKCR\CLSID\{CE8B75EB-17F6-4674-98BD-489442F37A2F} => Key not found. 
Firefox newtab deleted successfully.

==== End of Fixlog 16:39:57 ====
         

Alt 20.04.2015, 21:13   #12
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Windows 8: PUP.Optional.Trovi.A - Standard

Windows 8: PUP.Optional.Trovi.A



Zitat:
Zitat von Sabine74 Beitrag anzeigen
ok erledigt! Vielen, vielen Dank für die Hilfe! Ich werde euch gerne mit einer Spende unterstützen.
Viele Grüße
Sabine
Vielen Dank, dass Du das TB aktiv unterstützt!
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Antwort

Themen zu Windows 8: PUP.Optional.Trovi.A
adware, bonjour, browser, ccsetup, computer, defender, desktop, ebanking, fehler, firefox, flash player, google, homepage, installation, kaspersky, mozilla, newtab, onedrive, realtek, registry, rundll, scan, schutz, schädling, security, software, super, svchost.exe, usb, windows



Ähnliche Themen: Windows 8: PUP.Optional.Trovi.A


  1. Windows 8: PUP.Optional.Trovi.A
    Log-Analyse und Auswertung - 14.06.2015 (9)
  2. Werde PUP.Optional Trovi.A nicht los
    Log-Analyse und Auswertung - 31.03.2015 (15)
  3. GMER stürzt ab - MBAM erkennt PUP.Optional.Agent, PUP.Optional.IEBho.A, PUP.Optional.MyFreeze.A
    Plagegeister aller Art und deren Bekämpfung - 07.02.2015 (13)
  4. Trovi.com entfernen in Windows 8.1
    Plagegeister aller Art und deren Bekämpfung - 28.12.2014 (25)
  5. WIN7: Fund PUP.Optional.DigitalSites.A, PUP.Optional.OpenCandy, PUP.Optional.Softonic.A, PUP.Optional.Updater.A. Weitere Vorgehensweise
    Log-Analyse und Auswertung - 08.10.2014 (11)
  6. Trojaner: PUP.Optional.CrossRider.A, PUP.Optional.MySearchDial.A, PUP.Optional.Babylon.A, PUP.Optional.BuenoSearch
    Plagegeister aller Art und deren Bekämpfung - 17.07.2014 (3)
  7. Trojaner, Virus ? (Windows 7) Outlook gesperrt, trovi.com bei Chrome, was tun?
    Plagegeister aller Art und deren Bekämpfung - 05.06.2014 (3)
  8. die Viren/Trojamer PUP.Optional.SearchProtect & PUP.Optional.Trovi.A
    Plagegeister aller Art und deren Bekämpfung - 22.05.2014 (11)
  9. Windows 8 nachdem (PUP.Optional.SweetPage.A) behoben ist, Fund von PUP.Optional.IePluginServiceA
    Log-Analyse und Auswertung - 15.05.2014 (19)
  10. Windows 7: PUP.Optional.Conduit.A und PUP.Optional.SearchProtect.A gefunden
    Log-Analyse und Auswertung - 21.03.2014 (7)
  11. Windows 8: Schädlingsbefall - PUP.Optional. DefaultTab.A und PUP.Optional.AlexaTB.A
    Log-Analyse und Auswertung - 15.01.2014 (14)
  12. Windows 8: Fund von TR/Dropper.gen, PUP.Optional.Iminent.A, PUP.Optional.BizzyBolt, PUP.Optional.DigitalSites.A
    Log-Analyse und Auswertung - 10.12.2013 (13)
  13. Windows 8.1 PUP.Optional.InstallCore.A + PUP.Optional.Chrome.A entdeckt
    Plagegeister aller Art und deren Bekämpfung - 28.11.2013 (13)
  14. Windows Vista: PUP.Optional.Tarma.A PUP.Optional.OpenCandy PUP.Optional.InstallCore.A
    Plagegeister aller Art und deren Bekämpfung - 11.09.2013 (13)
  15. 2x Windows Vista: PUP.Optional.Tarma.A PUP.Optional.OpenCandy PUP.Optional.InstallCore.A
    Mülltonne - 08.09.2013 (1)
  16. Windows 7, Malwarebytes findet 1 infizierte Datei: Trojan.PUP.Optional.FileScout.A, bei einen anderen Benutzer Pub.Optional.Open.Candy
    Log-Analyse und Auswertung - 30.08.2013 (32)
  17. Windows 7 Ultimate 64bit: Malewarebytes findet PUP.Optional.Conduit.A/PUP.Optional.Softonic
    Plagegeister aller Art und deren Bekämpfung - 22.08.2013 (6)

Zum Thema Windows 8: PUP.Optional.Trovi.A - Hallo Helfer des Trojaner-Boards! Ich habe einen Schädling bei einem Scan mit Malwarebytes gefunden: PUP.Optional.Trovi.A Die dann erforderlichen Scans habe ich alle durchgeführt und poste hier die Logfiles. Wäre super, - Windows 8: PUP.Optional.Trovi.A...
Archiv
Du betrachtest: Windows 8: PUP.Optional.Trovi.A auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.