NickHilfe | 10.07.2014 16:54 | Gmer.txt Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-08 21:20:32
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST1000LM rev.2AR1 931,51GB
Running: b098o7xn.exe; Driver: C:\Users\Nick\AppData\Local\Temp\uxtdapod.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800035b2000 63 bytes [00, 00, 0F, 02, 4B, 4C, 73, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 592 fffff800035b2040 72 bytes {ADD AL, DL; PUSH RCX; ADD AL, 0x7; CMP DL, 0xff; CALL QWORD [RAX]}
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f11465 2 bytes [F1, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f114bb 2 bytes [F1, 76]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f11465 2 bytes [F1, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f114bb 2 bytes [F1, 76]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f11465 2 bytes [F1, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f114bb 2 bytes [F1, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe[3704] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000077543495 5 bytes JMP 0000000100329c38
.text C:\Windows\SysWOW64\PnkBstrA.exe[3812] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000070b61a22 2 bytes [B6, 70]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3812] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000070b61ad0 2 bytes [B6, 70]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3812] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000070b61b08 2 bytes [B6, 70]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3812] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000070b61bba 2 bytes [B6, 70]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3812] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000070b61bda 2 bytes [B6, 70]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f11465 2 bytes [F1, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[3812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f114bb 2 bytes [F1, 76]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrB.exe[3884] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000070b61a22 2 bytes [B6, 70]
.text C:\Windows\SysWOW64\PnkBstrB.exe[3884] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000070b61ad0 2 bytes [B6, 70]
.text C:\Windows\SysWOW64\PnkBstrB.exe[3884] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000070b61b08 2 bytes [B6, 70]
.text C:\Windows\SysWOW64\PnkBstrB.exe[3884] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000070b61bba 2 bytes [B6, 70]
.text C:\Windows\SysWOW64\PnkBstrB.exe[3884] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000070b61bda 2 bytes [B6, 70]
.text C:\Windows\SysWOW64\PnkBstrB.exe[3884] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076f11465 2 bytes [F1, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[3884] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076f114bb 2 bytes [F1, 76]
.text ... * 2
.text C:\Windows\SysWOW64\RunDll32.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076f11465 2 bytes [F1, 76]
.text C:\Windows\SysWOW64\RunDll32.exe[5100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076f114bb 2 bytes [F1, 76]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000779b11f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000779b1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000779b143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000779b158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000779b191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000779b1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000779b1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000779b1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000779b1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000779b1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000779b1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000779b1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000779b1fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000779b2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000779b2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000779b2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779b27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000779b27d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000779b282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000779b2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000779b2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000779b2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000779b3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000779b323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000779b33c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000779b3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000779b3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000779b3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000779b3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000779b4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077a01380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077a01500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a01530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a01650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077a01700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a01d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077a01f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a027e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000749a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000749a146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000749a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000749a16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000749a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000749a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000749a1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000749a1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000749a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6376] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000749a1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000779b11f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000779b1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000779b143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000779b158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000779b191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000779b1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000779b1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000779b1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000779b1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000779b1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000779b1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000779b1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000779b1fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000779b2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000779b2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000779b2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779b27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000779b27d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000779b282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000779b2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000779b2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000779b2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000779b3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000779b323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000779b33c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000779b3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000779b3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000779b3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000779b3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000779b4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077a01380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077a01500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a01530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a01650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077a01700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a01d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077a01f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a027e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000749a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000749a146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000749a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000749a16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000749a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000749a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000749a1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000749a1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000749a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000749a1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000779b11f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000779b1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000779b143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000779b158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000779b191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000779b1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000779b1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000779b1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000779b1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000779b1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000779b1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000779b1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000779b1fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000779b2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000779b2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000779b2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779b27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000779b27d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000779b282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000779b2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000779b2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000779b2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000779b3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000779b323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000779b33c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000779b3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000779b3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000779b3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000779b3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000779b4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077a01380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077a01500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a01530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a01650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077a01700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a01d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077a01f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a027e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000749a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000749a146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000749a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000749a16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000749a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000749a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000749a1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000749a1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000749a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7312] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000749a1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000749a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000749a146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000749a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000749a16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000749a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000749a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000749a1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000749a1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000749a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000749a1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077baf9e0 5 bytes JMP 000000016bdef270
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey 0000000077bafa28 5 bytes JMP 000000016bdef8d2
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 0000000077bafa40 5 bytes JMP 000000016bdee00d
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SysWOW64\ntdll.dll!NtQueryKey 0000000077bafa90 5 bytes JMP 000000016bdedb69
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 0000000077bafaa8 5 bytes JMP 000000016bdede5a
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey 0000000077bafb40 5 bytes JMP 000000016bdefb12
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 0000000077bafc38 5 bytes JMP 000000016bdfaccc
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateKey 0000000077bafd4c 5 bytes JMP 000000016bded9b1
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077bafd64 5 bytes JMP 000000016bdfa2ee
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 0000000077bafd98 5 bytes JMP 000000016bdfa5e9
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077bafe44 5 bytes JMP 000000016bdeee45
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 0000000077bafe5c 5 bytes JMP 000000016bdfa417
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077bb00b4 5 bytes JMP 000000016bdfa133
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077bb01c4 5 bytes JMP 000000016bdee1b5
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SysWOW64\ntdll.dll!NtCreateKeyTransacted 0000000077bb0754 5 bytes JMP 000000016bdefbb4
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SysWOW64\ntdll.dll!NtDeleteFile 0000000077bb09e4 5 bytes JMP 000000016bdfa32b
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SysWOW64\ntdll.dll!NtDeleteKey 0000000077bb09fc 5 bytes JMP 000000016bded785
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077bb0a44 5 bytes JMP 000000016bdee36b
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SysWOW64\ntdll.dll!NtFlushKey 0000000077bb0b80 5 bytes JMP 000000016bded89b
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeKey 0000000077bb0f70 5 bytes JMP 000000016bdee7f8
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077bb0f88 5 bytes JMP 000000016bdee994
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx 0000000077bb1018 5 bytes JMP 000000016bdef95f
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyTransacted 0000000077bb1030 5 bytes JMP 000000016bdefa82
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyTransactedEx 0000000077bb1048 5 bytes JMP 000000016bdef9ef
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 0000000077bb133c 5 bytes JMP 000000016bdfa500
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey 0000000077bb147c 5 bytes JMP 000000016bdee66b
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SysWOW64\ntdll.dll!NtQuerySecurityObject 0000000077bb1528 5 bytes JMP 000000016bdeeb58
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SysWOW64\ntdll.dll!NtRenameKey 0000000077bb1718 5 bytes JMP 000000016bdee4e3
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationKey 0000000077bb1a58 5 bytes JMP 000000016bdedd12
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[6200] C:\Windows\SysWOW64\ntdll.dll!NtSetSecurityObject 0000000077bb1b9c 5 bytes JMP 000000016bdeecda
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000779b11f5 8 bytes {JMP 0xd}
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000779b1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000779b143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000779b158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000779b191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000779b1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000779b1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000779b1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000779b1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000779b1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000779b1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000779b1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000779b1fd7 8 bytes {JMP 0xb}
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000779b2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000779b2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000779b2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000779b27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000779b27d2 8 bytes {JMP 0x10}
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000779b282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000779b2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000779b2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000779b2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000779b3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000779b323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000779b33c0 16 bytes {JMP 0x4e}
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000779b3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000779b3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000779b3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000779b3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000779b4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077a01380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077a01500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a01530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077a01650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077a01700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077a01d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077a01f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a027e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000749a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000749a146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000749a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000749a16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000749a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000749a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000749a1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000749a1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000749a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Nick\Desktop\b098o7xn.exe[3424] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000749a1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [6860:7464] 000007fee96b9688
---- Processes - GMER 2.1 ----
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [6200] 0000000057c40000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\adal.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [6200] 000000006d410000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\riched20.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [6200] 000000006bbf0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\MSPTLS.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [6200] 000000006ab30000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\csi.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [6200] 00000000655e0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\ACEOLEDB.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [6200] 000000006bba0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\ACECORE.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [6200] 0000000069de0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\1031\ACEWSTR.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [6200] 0000000069d00000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\ACEES.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [6200] 0000000069c60000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\VBAJET32.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [6200] 00000000734d0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\expsrv.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [6200] 000000006bb40000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\ACEERR.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [6200] 0000000073bc0000
---- EOF - GMER 2.1 ---- Addition.txt Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2014 01
Ran by Nick at 2014-07-08 20:43:29
Running from C:\Users\Nick\Desktop\Trojaner-Board
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(T)Raumschiff Surprise - Periode 1 - XXL (HKLM-x32\...\{6FF1763A-35B2-4DF5-AB57-AB5613AFBAE0}) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.3.0.3670 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.1) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.1 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassin's Creed III 1.01 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.01 - Ubisoft)
AV VoizGame 6.0 (HKLM-x32\...\AV VoizGame 6.0) (Version: 6.0.50 - AVSOFT Corp.)
AVIcodec (remove only) (HKLM-x32\...\AVIcodec) (Version: - )
Avid Free DigiRack Plug-Ins 9.0 (HKLM-x32\...\{A24C2C43-4312-493E-96B3-5D1DCE24DEBF}) (Version: 9.0 - Avid Technology, Inc.)
Avid Pro Tools Creative Collection 9.0 (HKLM-x32\...\{3BB2CF34-1FC8-46E2-9D64-4A8D1D577549}) (Version: 9.0 - Avid Technology, Inc.)
Avid Pro Tools MP 9.0 (HKLM-x32\...\{3C89685D-D38C-4124-B8C4-56203B399875}) (Version: 9.0 - Avid Technology, Inc.)
Ballerburg (HKLM-x32\...\Ballerburg_is1) (Version: - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 2(TM) (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version: - )
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.0.0 - Electronic Arts)
BCC 7 OFX 64Bit (HKLM\...\{05D8FAA8-958E-4E47-96DA-F1E043EB01E5}) (Version: 7.0.4.1 - Boris FX, Inc.)
Benutzerhandbuch (x32 Version: 1.0.0.6 - Lenovo) Hidden
Blender (HKLM\...\Blender) (Version: 2.70a - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version: - )
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version: - )
Call of Duty: Ghosts - Multiplayer (HKLM-x32\...\Steam App 209170) (Version: - )
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version: - Infinity Ward)
Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version: - Infinity Ward)
CCleaner (HKLM\...\CCleaner) (Version: 3.19 - Piriform)
Chicken Invaders v1.30 (HKLM-x32\...\Chicken Invaders_is1) (Version: - InterAction studios)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.32.50 - Conexant)
Counter-Strike(TM) (HKLM-x32\...\{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}) (Version: 1.0.0.0 - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\{9580813D-94B1-4C28-9426-A441E2BB29A5}) (Version: 1.0.0.0 - Valve)
CyberGhost VPN (HKLM\...\CyberGhost VPN_is1) (Version: - CyberGhost S.R.L.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Die Schlacht um Mittelerde(tm) (HKLM-x32\...\{3F290582-3F4E-4B96-009C-E0BABAA40C42}) (Version: - )
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.11 - Dolby Laboratories Inc)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: - Steinberg Media Technologies GmbH)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.3.4 - Lenovo)
Energy Management (x32 Version: 7.0.3.4 - Lenovo) Hidden
ESL Wire 1.17.2 (HKLM\...\ESL Wire_is1) (Version: - Turtle Entertainment GmbH)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Free AVI Video Converter version 5.0.37.327 (HKLM-x32\...\Free AVI Video Converter_is1) (Version: 5.0.37.327 - DVDVideoSoft Ltd.)
Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.3.5.623 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.41.623 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.41.623 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.11.35.1031 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.35.1031 - DVDVideoSoft Ltd.)
Gameforge Live 1.7.0 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.7.0 - Gameforge)
GhostMouse (HKLM-x32\...\GhostMouse_is1) (Version: Free V3.2.1 - ghost-mouse.com)
GIMP 2.6.8 (HKLM\...\WinGimp-2.0_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Grand Theft Auto San Andreas (HKLM-x32\...\{086BADF8-9B1F-4E89-B207-2EDA520972D6}) (Version: 1.00.00001 - Rockstar Games)
Grand Theft Auto Vice City (HKLM-x32\...\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}) (Version: 1.00.000 - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HyperCam 3 (HKLM-x32\...\HyperCam 3 3.5.1210.30) (Version: 3.5.1210.30 - Solveig Multimedia)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2656 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
K-Lite Codec Pack 10.4.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.4.0 - )
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 2.0.0713 - KYOCERA Document Solutions Inc.)
Kyocera TWAIN Driver (HKLM-x32\...\InstallShield_{C1C5C0F5-4B4B-48AD-B2F0-90CAB520C989}) (Version: 2.0.2507 - KYOCERA Document Solutions Inc.)
Kyocera TWAIN Driver (x32 Version: 2.0.2507 - KYOCERA Document Solutions Inc.) Hidden
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2300 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.11.1206.1 - Vimicro)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.9 - Lenovo)
Lenovo pointing device (HKLM\...\Elantech) (Version: 10.4.2.8 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3712.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.3712.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{4041B18B-DE30-4D78-9D60-6ADC586C5E00}) (Version: 2.1.003.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
License Support (HKLM-x32\...\InstallShield_{3165EA9B-36CC-499B-96FF-36FC30E10EF4}) (Version: 1.00.0000 - PACE Anti-Piracy, Inc.)
License Support (Version: 1.00.0000 - PACE Anti-Piracy, Inc.) Hidden
LockKey (HKLM-x32\...\InstallShield_{AF192694-4B15-4AC1-92F3-1B02E98C08BD}) (Version: 1.38.1.2 - Lenovo)
LockKey (x32 Version: 1.38.1.2 - Lenovo) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.214 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.214 - LogMeIn, Inc.) Hidden
Magic Bullet Looks Vegas (HKLM-x32\...\Magic Bullet Looks Vegas) (Version: - )
Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{93488C33-D8D6-472A-83BB-F71603355CF0}) (Version: 11.1.0 - Red Giant Software)
Magic Bullet Suite 64-bit (Version: 11.1.0 - Red Giant Software) Hidden
M-Audio MobilePre Driver 1.0.4 (x64) (HKLM\...\{205811A2-78C0-11DF-87D8-1AF2DED72085}) (Version: 1.0.4 - M-Audio)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Metin2 (HKLM-x32\...\Metin2_is1) (Version: - Gameforge 4D GmbH)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Age of Empires (HKLM-x32\...\Age of Empires) (Version: - )
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 Small Business Premium - de-de (HKLM\...\O365SmallBusPremRetail - de-de) (Version: 15.0.4623.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Movavi Video Converter 12 (HKLM-x32\...\Movavi Video Converter 12) (Version: 12.3.0 - Movavi)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Neverwinter (HKLM-x32\...\Neverwinter) (Version: - Cryptic Studios)
NewBlue Art Effects (HKLM-x32\...\NewBlue Art Effects) (Version: - )
NewBlue Motion Effects (HKLM-x32\...\NewBlue Motion Effects) (Version: - )
NewBlue Video Essentials II for Windows (HKLM-x32\...\NewBlue Video Essentials II for Windows) (Version: - )
NewBlue Video Essentials III for Windows (HKLM-x32\...\NewBlue Video Essentials III for Windows) (Version: - )
Nostale(DE) (HKLM-x32\...\NosTale(DE)_is1) (Version: - Gameforge 4D GmbH)
NVIDIA Grafiktreiber 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.11.1111 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.11.1111 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.1111 - NVIDIA Corporation)
NVIDIA Systemsteuerung 306.97 (Version: 306.97 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.76.1.0 - Overwolf Ltd.)
PartyPoker (HKLM-x32\...\PartyPoker) (Version: - PartyGaming)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
QuickTime (HKLM-x32\...\{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}) (Version: 7.2.0.240 - Apple Inc.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7601.39016 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.48 - Piriform)
ROCCAT Kone Pure Mouse Driver (HKLM-x32\...\{4905245D-56E7-4176-BE68-962728B803D6}) (Version: - Roccat GmbH)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steinberg Cubase LE AI Elements 6 64bit (HKLM\...\{8EEEB23E-A3EB-44A4-AEE9-D2FD6F96E4A0}) (Version: 6.0.2 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 2.0.0.0 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Vintage Beatboxes (HKLM-x32\...\{DBF4BC99-53F1-4C97-84C3-7557D103E182}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE 64bit (HKLM\...\{B99C316B-C135-43B5-8E77-2BC5E241F964}) (Version: 1.5.2 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE Content for Cubase LE AI Elements (HKLM-x32\...\{CF45002F-2205-4116-BB51-2D015F436CAC}) (Version: 1.5.2.000 - Steinberg Media Technologies GmbH)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TemplateToaster 4 (HKLM-x32\...\TemplateToaster 4_is1) (Version: 4.0.0.5445 - TemplateToaster.com)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH)
UA-4FX-Treiber (HKLM\...\RolandRDID0061) (Version: - Roland Corporation)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
Vegas Pro 12.0 (64-bit) (HKLM\...\{BE94768F-5232-11E3-BD78-F04DA23A5C58}) (Version: 12.0.770 - Sony)
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.1.1230 - Lenovo)
Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version: - )
Visual C++ Redistributables (HKLM-x32\...\InstallShield_{C2AF7B2D-7018-414B-9B8B-D3C9F3BED04F}) (Version: 1.00.0000 - PACE Anti-Piracy, Inc.)
Visual C++ Redistributables (x32 Version: 1.00.0000 - PACE Anti-Piracy, Inc.) Hidden
War of the Immortals (HKLM-x32\...\Steam App 209710) (Version: - Perfect World Shanghai)
Winamp (HKLM-x32\...\Winamp) (Version: 5.65 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}) (Version: 16.0.9715 - WinZip Computing, S.L. )
Wizard101(DE) (HKCU\...\Wizard101(DE)_is1) (Version: - Gameforge 4D GmbH)
WoLoSoft SuperEdi 4.3.1 (HKLM-x32\...\SuperEdi_is1) (Version: 4.3.1 - WoLoSoft International)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.2-2 - BitNami)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.3) (Version: 1.3.3 - Xvid Team)
==================== Restore Points =========================
01-07-2014 16:33:09 Windows Update
07-07-2014 17:58:06 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2014-06-29 23:33 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {167C0AF0-680A-43BD-BE4A-6C5CA0287030} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-25] (Google Inc.)
Task: {1EE5A25A-ED17-42F6-A3F3-45B71FD0FA5B} - System32\Tasks\{BD198C11-5CE3-475F-B1BB-70CAC94C61ED} => Firefox.exe hxxp://ui.skype.com/ui/0/6.7.0.102/de/abandoninstall?page=tsProgressBar
Task: {56CE6734-4047-47F0-8774-865F65B82E67} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Lauch-Nick Lauch => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-06-19] (Microsoft Corporation)
Task: {57DA3532-E24E-4E30-93F5-AF24C3B977AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-25] (Google Inc.)
Task: {6E064696-6578-45EB-9151-466D635BBB6E} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-17] ()
Task: {6F7CCC41-39BA-4195-8FDF-F94D8A84F881} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Thoosje Sevenbar\Thoosje Sevenbar.exe
Task: {78EA7C5C-A519-4DE3-A0D0-86C842255850} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-19] (Microsoft Corporation)
Task: {93583515-518D-42C6-B42D-268167731352} - System32\Tasks\CreateHardwareScanTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2013-05-17] (Lenovo)
Task: {AFE2A9A6-3FE2-40EE-8E64-BAA027CAAC79} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2014-06-10] (Overwolf LTD)
Task: {B6E41FD2-F9FF-4E47-B963-DD796CD00A05} - System32\Tasks\MySearchDial => C:\Users\Nick\AppData\Roaming\mysearchdial\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {C95C5ACD-DC36-4AC5-90CA-264FAC0B121F} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-17] (Lenovo)
Task: {DEA6D72E-CD82-42EC-BEBD-A0BF1B036B39} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-05-13] (Microsoft Corporation)
Task: {E09AE007-045C-4E18-B11B-55C0E70C4CC5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {EBF2FFF0-CF5C-4E10-AF35-F9D083DB0AF9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {ED476C2A-2215-4435-A110-57880BE3DCF7} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-28] (CyberLink)
Task: {F818FC61-56F7-42AA-BD0B-DA1224BBCC1D} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-05-17] (Lenovo)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\Nick\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2012-05-25 16:43 - 2012-10-02 21:51 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-05-25 17:06 - 2012-05-25 17:06 - 01508192 _____ () C:\Windows\system32\IcnOvrly.dll
2014-03-15 12:10 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-03-05 10:28 - 2012-02-17 18:21 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2008-12-20 03:20 - 2012-05-25 17:10 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-03-10 16:30 - 2012-05-25 17:10 - 01509936 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2012-03-10 16:31 - 2012-05-25 17:10 - 00012336 _____ () C:\Program Files (x86)\Lenovo\Energy Management\de-DE\EMWpfUI.resources.dll
2008-12-20 03:20 - 2012-05-25 17:10 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2012-09-08 16:10 - 2013-06-11 11:52 - 00663056 _____ () C:\Program Files\EslWire\service\WireHelperSvc.exe
2012-09-08 16:10 - 2013-07-09 13:12 - 00214016 _____ () C:\Program Files\EslWire\service\NocIPC64.dll
2012-11-22 19:15 - 2013-04-10 19:57 - 00076888 ____N () C:\Windows\SysWOW64\PnkBstrA.exe
2012-11-22 19:15 - 2013-05-18 08:42 - 00215128 ____N () C:\Windows\SysWOW64\PnkBstrB.exe
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-02-15 14:16 - 2014-02-15 14:16 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b162055347700182d96325676dd591c4\IsdiInterop.ni.dll
2012-05-25 16:31 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-05-25 16:32 - 2012-02-21 06:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-06-29 23:43 - 2014-06-06 06:38 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-06-19 12:23 - 2014-06-19 12:23 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Nick\Lokale Einstellungen:BayuW0rooKDnIhROGDzwpA2u
AlternateDataStreams: C:\Users\Nick\AppData\Local:BayuW0rooKDnIhROGDzwpA2u
AlternateDataStreams: C:\Users\Nick\AppData\Local\Anwendungsdaten:BayuW0rooKDnIhROGDzwpA2u
AlternateDataStreams: C:\Users\Nick\AppData\Local\lotvQuCq:IvQDx0Lg7ROjmRmUkdsbU4M
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Avnex Virtual Audio Device
Description: Avnex Virtual Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: AVNEX Ltd.
Service: VCSVADHWSer
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/08/2014 07:49:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (07/08/2014 07:49:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (07/08/2014 07:14:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvtray.exe, Version: 7.17.13.697, Zeitstempel: 0x506b3bc0
Name des fehlerhaften Moduls: nvtray.exe, Version: 7.17.13.697, Zeitstempel: 0x506b3bc0
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000153481
ID des fehlerhaften Prozesses: 0xb08
Startzeit der fehlerhaften Anwendung: 0xnvtray.exe0
Pfad der fehlerhaften Anwendung: nvtray.exe1
Pfad des fehlerhaften Moduls: nvtray.exe2
Berichtskennung: nvtray.exe3
Error: (07/08/2014 06:59:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: autoupdate-windows.exe, Version: 1.0.0.0, Zeitstempel: 0x5049c0c3
Name des fehlerhaften Moduls: nvinit.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x506b31f3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x746ece39
ID des fehlerhaften Prozesses: 0xd68
Startzeit der fehlerhaften Anwendung: 0xautoupdate-windows.exe0
Pfad der fehlerhaften Anwendung: autoupdate-windows.exe1
Pfad des fehlerhaften Moduls: autoupdate-windows.exe2
Berichtskennung: autoupdate-windows.exe3
Error: (07/08/2014 06:59:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/07/2014 07:49:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: autoupdate-windows.exe, Version: 1.0.0.0, Zeitstempel: 0x5049c0c3
Name des fehlerhaften Moduls: nvinit.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x506b31f3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x735dce39
ID des fehlerhaften Prozesses: 0xdac
Startzeit der fehlerhaften Anwendung: 0xautoupdate-windows.exe0
Pfad der fehlerhaften Anwendung: autoupdate-windows.exe1
Pfad des fehlerhaften Moduls: autoupdate-windows.exe2
Berichtskennung: autoupdate-windows.exe3
Error: (07/07/2014 07:49:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/06/2014 06:51:27 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936
Error: (07/06/2014 06:51:27 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {DB06CD57-3F27-4F67-B73A-E3D6A4F42E9A}
Error: (07/06/2014 06:51:15 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {DB06CD57-3F27-4F67-B73A-E3D6A4F42E9A}
System errors:
=============
Error: (07/08/2014 07:20:29 PM) (Source: BROWSER) (EventID: 8020) (User: )
Description: Der Suchdienst konnte sich nicht selbst zur Funktion als Hauptsuchdienst heraufstufen.
Der Computer, der zurzeit die Funktion als Hauptsuchdienst erfüllt, ist unbekannt.
Error: (07/08/2014 07:14:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (07/08/2014 07:14:55 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (07/08/2014 07:01:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (07/08/2014 07:01:56 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (07/08/2014 06:59:46 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse ***********
registriert werden. Der Computer mit IP-Adresse *********** hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (07/08/2014 06:58:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lemsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (07/08/2014 06:58:29 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\DRIVERS\lemsgt.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (07/08/2014 06:58:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "hwpsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (07/08/2014 06:58:26 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\DRIVERS\hwpsgt.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Microsoft Office Sessions:
=========================
Error: (07/08/2014 07:49:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Nick\Desktop\Freizeit\Extras\SoftonicDownloader_fuer_freerip-mp3.exe
Error: (07/08/2014 07:49:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Nick\Desktop\Freizeit\Extras\SoftonicDownloader_fuer_freerip-mp3.exe
Error: (07/08/2014 07:14:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvtray.exe7.17.13.697506b3bc0nvtray.exe7.17.13.697506b3bc0400000150000000000153481b0801cf9acdc810e9abC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exe6219a7b5-06c3-11e4-8157-08edb997d346
Error: (07/08/2014 06:59:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: autoupdate-windows.exe1.0.0.05049c0c3nvinit.dll_unloaded0.0.0.0506b31f3c0000005746ece39d6801cf9acdda7088c9C:\Program Files (x86)\Xvid\autoupdate-windows.exenvinit.dll4796f7e0-06c1-11e4-8157-08edb997d346
Error: (07/08/2014 06:59:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/07/2014 07:49:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: autoupdate-windows.exe1.0.0.05049c0c3nvinit.dll_unloaded0.0.0.0506b31f3c0000005735dce39dac01cf9a0babc85cd4C:\Program Files (x86)\Xvid\autoupdate-windows.exenvinit.dll140b9a11-05ff-11e4-96b9-08edb997d346
Error: (07/07/2014 07:49:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/06/2014 06:51:27 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936
Error: (07/06/2014 06:51:27 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {DB06CD57-3F27-4F67-B73A-E3D6A4F42E9A}
Error: (07/06/2014 06:51:15 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {DB06CD57-3F27-4F67-B73A-E3D6A4F42E9A}
CodeIntegrity Errors:
===================================
Date: 2014-04-14 11:28:24.103
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vcsvad.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-04-14 11:28:23.994
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vcsvad.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-04-13 09:43:37.360
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vcsvad.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-04-13 09:43:37.266
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vcsvad.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-04-12 15:00:32.650
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vcsvad.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-04-12 15:00:32.556
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vcsvad.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-04-12 14:50:08.168
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vcsvad.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-04-12 14:50:08.106
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vcsvad.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-04-12 10:30:06.941
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vcsvad.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-04-12 10:30:06.848
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vcsvad.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 33%
Total physical RAM: 8094.36 MB
Available physical RAM: 5371.53 MB
Total Pagefile: 16186.89 MB
Available Pagefile: 12945.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:886.32 GB) (Free:595.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25.47 GB) (Free:22.2 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: CC1D1A93)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=886 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=20 GB) - (Type=12)
==================== End Of Log ============================ |