ok wird gemacht
hier sind noch die gmer und addition logs
gmer Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-23 18:33:31
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000038 TOSHIBA_THNSNH128GMCT rev.HTCAN102 119.24GB
Running: Gmer-19357.exe; Driver: C:\Users\Merfi\AppData\Local\Temp\axdyypob.sys
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\dwm.exe[452] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffa4fdc28c0 7 bytes JMP 00007ffb4d8f02d0
.text C:\WINDOWS\system32\dwm.exe[452] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffa4fdc43d8 7 bytes JMP 00007ffb4d8f0308
.text C:\WINDOWS\system32\dwm.exe[452] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffa4fe71f20 7 bytes JMP 00007ffb4d8f0378
.text C:\WINDOWS\system32\dwm.exe[452] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffa4fe740b4 7 bytes JMP 00007ffb4d8f03b0
.text C:\WINDOWS\system32\dwm.exe[452] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffa4fe74510 7 bytes JMP 00007ffb4d8f0340
.text C:\WINDOWS\system32\dwm.exe[452] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleFileNameExW 00007ffa4fe74af0 7 bytes JMP 00007ffb4d8f0260
.text C:\WINDOWS\system32\dwm.exe[452] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffa4fe9cea0 7 bytes JMP 00007ffb4d8f0228
.text C:\WINDOWS\system32\dwm.exe[452] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffa4fe9cf10 7 bytes JMP 00007ffb4d8f0298
.text C:\WINDOWS\system32\dwm.exe[452] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffa4d952300 7 bytes JMP 00007ffb4d8f00d8
.text C:\WINDOWS\system32\dwm.exe[452] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffa4d955770 5 bytes JMP 00007ffb4d8f0180
.text C:\WINDOWS\system32\dwm.exe[452] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffa4d955860 5 bytes JMP 00007ffb4d8f0148
.text C:\WINDOWS\system32\dwm.exe[452] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffa4d955a30 5 bytes JMP 00007ffb4d8f0110
.text C:\WINDOWS\system32\dwm.exe[452] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffa4f99b6f4 10 bytes JMP 00007ffb4d8f0490
.text C:\WINDOWS\system32\dwm.exe[452] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffa4f9a45e8 5 bytes JMP 00007ffb4d8f0458
.text C:\WINDOWS\system32\dwm.exe[452] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffa4f9a4760 1 byte JMP 00007ffb4d8f03e8
.text C:\WINDOWS\system32\dwm.exe[452] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffa4f9a4762 7 bytes {JMP 0xfffffffffdf4bc88}
.text C:\WINDOWS\system32\dwm.exe[452] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffa4f9b4fc0 5 bytes JMP 00007ffb4d8f0420
.text C:\WINDOWS\system32\dwm.exe[452] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffa50121500 8 bytes JMP 00007ffb4d8f01b8
.text C:\WINDOWS\system32\dwm.exe[452] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffa50121750 8 bytes JMP 00007ffb4d8f01f0
.text C:\WINDOWS\system32\dwm.exe[452] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory1 00007ffa4b7a7a88 5 bytes JMP 00007ffb4b620110
.text C:\WINDOWS\system32\dwm.exe[452] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory 00007ffa4b7b4990 5 bytes JMP 00007ffb4b6200d8
.text C:\WINDOWS\System32\spoolsv.exe[1472] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffa4df0169a 4 bytes [F0, 4D, FA, 7F]
.text C:\WINDOWS\System32\spoolsv.exe[1472] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffa4df016a2 4 bytes [F0, 4D, FA, 7F]
.text C:\WINDOWS\System32\spoolsv.exe[1472] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffa4df0181a 4 bytes [F0, 4D, FA, 7F]
.text C:\WINDOWS\System32\spoolsv.exe[1472] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffa4df01832 4 bytes [F0, 4D, FA, 7F]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2096] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffa4df0169a 4 bytes [F0, 4D, FA, 7F]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2096] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffa4df016a2 4 bytes [F0, 4D, FA, 7F]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2096] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffa4df0181a 4 bytes [F0, 4D, FA, 7F]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2096] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffa4df01832 4 bytes [F0, 4D, FA, 7F]
.text C:\WINDOWS\system32\svchost.exe[2500] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffa4df0169a 4 bytes [F0, 4D, FA, 7F]
.text C:\WINDOWS\system32\svchost.exe[2500] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffa4df016a2 4 bytes [F0, 4D, FA, 7F]
.text C:\WINDOWS\system32\svchost.exe[2500] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffa4df0181a 4 bytes [F0, 4D, FA, 7F]
.text C:\WINDOWS\system32\svchost.exe[2500] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffa4df01832 4 bytes [F0, 4D, FA, 7F]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4984] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffa38c01f6a 4 bytes [C0, 38, FA, 7F]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4984] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffa38c01f82 4 bytes [C0, 38, FA, 7F]
.text C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe[3548] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffa4df0169a 4 bytes [F0, 4D, FA, 7F]
.text C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe[3548] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffa4df016a2 4 bytes [F0, 4D, FA, 7F]
.text C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe[3548] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffa4df0181a 4 bytes [F0, 4D, FA, 7F]
.text C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe[3548] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffa4df01832 4 bytes [F0, 4D, FA, 7F]
.text C:\WINDOWS\system32\RunDll32.exe[5196] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffa4df0169a 4 bytes [F0, 4D, FA, 7F]
.text C:\WINDOWS\system32\RunDll32.exe[5196] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffa4df016a2 4 bytes [F0, 4D, FA, 7F]
.text C:\WINDOWS\system32\RunDll32.exe[5196] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffa4df0181a 4 bytes [F0, 4D, FA, 7F]
.text C:\WINDOWS\system32\RunDll32.exe[5196] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffa4df01832 4 bytes [F0, 4D, FA, 7F]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDefaultNpAcl + 772 00007ffa5042293c 8 bytes {JMP 0xffffffffffffff8c}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!WinSqmAddToAverageDWORD + 21 00007ffa50422959 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrGetDllPath + 327 00007ffa504230f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrGetDllPath + 447 00007ffa5042316b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRegisterForWnfMetaNotification + 76 00007ffa50423c24 8 bytes {JMP 0xfffffffffffffff6}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlSubscribeWnfStateChangeNotification + 67 00007ffa50423c6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlSubscribeWnfStateChangeNotification + 363 00007ffa50423d97 8 bytes {JMP 0xffffffffffffffc5}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 372 00007ffa50424450 8 bytes {JMP 0xffffffffffffffdf}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDoesFileExists_U + 7 00007ffa5042445f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWithCompletionCallback + 147 00007ffa504244fb 8 bytes {JMP 0xffffffffffffffee}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 283 00007ffa5042461f 8 bytes {JMP 0xfffffffffffffff3}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetermineDosPathNameType_U + 123 00007ffa50424c8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlFlsFree + 279 00007ffa5042501b 8 bytes {JMP 0xffffffffffffff9c}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAreBitsSet + 184 00007ffa5042517c 8 bytes {JMP 0xffffffffffffffbd}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 203 00007ffa5042524f 8 bytes {JMP 0xffffffffffffffc3}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 316 00007ffa504252c0 8 bytes {JMP 0xffffffffffffffbb}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetFullPathName_U + 35 00007ffa5042543f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 368 00007ffa50425d0c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 20 00007ffa50427e7c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlSetBits + 539 00007ffa50428917 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!TpCallbackMayRunLong + 652 00007ffa50429120 8 bytes {JMP 0xffffffffffffffbb}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlTryEnterCriticalSection + 56 00007ffa50429988 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadAlternateResourceModule + 7 00007ffa5042a36b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadAlternateResourceModuleEx + 975 00007ffa5042a743 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlReleasePath + 203 00007ffa5042ac07 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlReleasePath + 439 00007ffa5042acf3 8 bytes {JMP 0xffffffffffffff9a}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47 00007ffa5042adb7 8 bytes [10, 6A, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlFreeActivationContextStack + 211 00007ffa5042ae93 8 bytes [00, 6A, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlExitUserThread + 455 00007ffa5042b1f7 8 bytes [F0, 69, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 31 00007ffa5042b21f 8 bytes [E0, 69, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 856 00007ffa5042b698 8 bytes {CALL RAX}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 920 00007ffa5042b6d8 8 bytes [C0, 69, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProcessFlsData + 363 00007ffa5042b84b 8 bytes [B0, 69, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43 00007ffa5042b87f 8 bytes [A0, 69, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffa504aadd0 8 bytes {JMP QWORD [RIP-0x7fbb7]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffa504aaf50 8 bytes {JMP QWORD [RIP-0x7f8be]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffa504aaf80 8 bytes {JMP QWORD [RIP-0x801cf]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffa504ab0a0 8 bytes {JMP QWORD [RIP-0x7feaf]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffa504ab150 8 bytes {JMP QWORD [RIP-0x802c3]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffa504ab810 8 bytes {JMP QWORD [RIP-0x7ff97]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffa504abb10 8 bytes {JMP QWORD [RIP-0x802cb]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffa504ac390 8 bytes {JMP QWORD [RIP-0x80cbe]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 381 000000007786137d 16 bytes {JMP 0xffffffffffffffd3}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 386 0000000077861512 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077861551 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23 0000000077861577 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 516 0000000077861784 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\system32\wow64cpu.dll!CpuThreadInit + 50 00000000778617c2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000778617e7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077861834 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 1 0000000077861841 24 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 513 0000000077861a41 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 16 0000000077862ae0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\system32\wow64cpu.dll!CpuInitializeStartupContext + 308 0000000077862c1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5220] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000077862c43 8 bytes [7C, 68, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicatorCom.exe[5244] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffa4df0169a 4 bytes [F0, 4D, FA, 7F]
.text C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicatorCom.exe[5244] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffa4df016a2 4 bytes [F0, 4D, FA, 7F]
.text C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicatorCom.exe[5244] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffa4df0181a 4 bytes [F0, 4D, FA, 7F]
.text C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicatorCom.exe[5244] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffa4df01832 4 bytes [F0, 4D, FA, 7F]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDefaultNpAcl + 772 00007ffa5042293c 8 bytes {JMP 0xffffffffffffff8c}
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!WinSqmAddToAverageDWORD + 21 00007ffa50422959 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrGetDllPath + 327 00007ffa504230f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrGetDllPath + 447 00007ffa5042316b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRegisterForWnfMetaNotification + 76 00007ffa50423c24 8 bytes {JMP 0xfffffffffffffff6}
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlSubscribeWnfStateChangeNotification + 67 00007ffa50423c6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlSubscribeWnfStateChangeNotification + 363 00007ffa50423d97 8 bytes {JMP 0xffffffffffffffc5}
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 372 00007ffa50424450 8 bytes {JMP 0xffffffffffffffdf}
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDoesFileExists_U + 7 00007ffa5042445f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWithCompletionCallback + 147 00007ffa504244fb 8 bytes {JMP 0xffffffffffffffee}
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 283 00007ffa5042461f 8 bytes {JMP 0xfffffffffffffff3}
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetermineDosPathNameType_U + 123 00007ffa50424c8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlFlsFree + 279 00007ffa5042501b 8 bytes {JMP 0xffffffffffffff9c}
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAreBitsSet + 184 00007ffa5042517c 8 bytes {JMP 0xffffffffffffffbd}
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 203 00007ffa5042524f 8 bytes {JMP 0xffffffffffffffc3}
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 316 00007ffa504252c0 8 bytes {JMP 0xffffffffffffffbb}
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetFullPathName_U + 35 00007ffa5042543f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 368 00007ffa50425d0c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 20 00007ffa50427e7c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlSetBits + 539 00007ffa50428917 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!TpCallbackMayRunLong + 652 00007ffa50429120 8 bytes {JMP 0xffffffffffffffbb}
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlTryEnterCriticalSection + 56 00007ffa50429988 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadAlternateResourceModule + 7 00007ffa5042a36b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadAlternateResourceModuleEx + 975 00007ffa5042a743 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlReleasePath + 203 00007ffa5042ac07 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlReleasePath + 439 00007ffa5042acf3 8 bytes {JMP 0xffffffffffffff9a}
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47 00007ffa5042adb7 8 bytes [10, 6A, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlFreeActivationContextStack + 211 00007ffa5042ae93 8 bytes [00, 6A, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlExitUserThread + 455 00007ffa5042b1f7 8 bytes [F0, 69, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 31 00007ffa5042b21f 8 bytes [E0, 69, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 856 00007ffa5042b698 8 bytes {CALL RAX}
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 920 00007ffa5042b6d8 8 bytes [C0, 69, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProcessFlsData + 363 00007ffa5042b84b 8 bytes [B0, 69, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43 00007ffa5042b87f 8 bytes [A0, 69, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffa504aadd0 8 bytes {JMP QWORD [RIP-0x7fbb7]}
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffa504aaf50 8 bytes {JMP QWORD [RIP-0x7f8be]}
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffa504aaf80 8 bytes {JMP QWORD [RIP-0x801cf]}
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffa504ab0a0 8 bytes {JMP QWORD [RIP-0x7feaf]}
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffa504ab150 8 bytes {JMP QWORD [RIP-0x802c3]}
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffa504ab810 8 bytes {JMP QWORD [RIP-0x7ff97]}
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffa504abb10 8 bytes {JMP QWORD [RIP-0x802cb]}
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffa504ac390 8 bytes {JMP QWORD [RIP-0x80cbe]}
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 381 000000007786137d 16 bytes {JMP 0xffffffffffffffd3}
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 386 0000000077861512 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077861551 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23 0000000077861577 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 516 0000000077861784 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\system32\wow64cpu.dll!CpuThreadInit + 50 00000000778617c2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000778617e7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077861834 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 1 0000000077861841 24 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 513 0000000077861a41 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 16 0000000077862ae0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\system32\wow64cpu.dll!CpuInitializeStartupContext + 308 0000000077862c1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[5368] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000077862c43 8 bytes [7C, 68, F8, 7F, 00, 00, 00, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDefaultNpAcl + 772 00007ffa5042293c 8 bytes {JMP 0xffffffffffffff8c}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!WinSqmAddToAverageDWORD + 21 00007ffa50422959 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrGetDllPath + 327 00007ffa504230f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrGetDllPath + 447 00007ffa5042316b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRegisterForWnfMetaNotification + 76 00007ffa50423c24 8 bytes {JMP 0xfffffffffffffff6}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlSubscribeWnfStateChangeNotification + 67 00007ffa50423c6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlSubscribeWnfStateChangeNotification + 363 00007ffa50423d97 8 bytes {JMP 0xffffffffffffffc5}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 372 00007ffa50424450 8 bytes {JMP 0xffffffffffffffdf}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDoesFileExists_U + 7 00007ffa5042445f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWithCompletionCallback + 147 00007ffa504244fb 8 bytes {JMP 0xffffffffffffffee}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 283 00007ffa5042461f 8 bytes {JMP 0xfffffffffffffff3}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetermineDosPathNameType_U + 123 00007ffa50424c8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlFlsFree + 279 00007ffa5042501b 8 bytes {JMP 0xffffffffffffff9c}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAreBitsSet + 184 00007ffa5042517c 8 bytes {JMP 0xffffffffffffffbd}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 203 00007ffa5042524f 8 bytes {JMP 0xffffffffffffffc3}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 316 00007ffa504252c0 8 bytes {JMP 0xffffffffffffffbb}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetFullPathName_U + 35 00007ffa5042543f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 368 00007ffa50425d0c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 20 00007ffa50427e7c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlSetBits + 539 00007ffa50428917 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!TpCallbackMayRunLong + 652 00007ffa50429120 8 bytes {JMP 0xffffffffffffffbb}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlTryEnterCriticalSection + 56 00007ffa50429988 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadAlternateResourceModule + 7 00007ffa5042a36b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadAlternateResourceModuleEx + 975 00007ffa5042a743 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlReleasePath + 203 00007ffa5042ac07 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlReleasePath + 439 00007ffa5042acf3 8 bytes {JMP 0xffffffffffffff9a}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47 00007ffa5042adb7 8 bytes [10, 6A, EA, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlFreeActivationContextStack + 211 00007ffa5042ae93 8 bytes [00, 6A, EA, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlExitUserThread + 455 00007ffa5042b1f7 8 bytes [F0, 69, EA, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 31 00007ffa5042b21f 8 bytes [E0, 69, EA, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 856 00007ffa5042b698 8 bytes {CALL RAX}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 920 00007ffa5042b6d8 8 bytes [C0, 69, EA, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProcessFlsData + 363 00007ffa5042b84b 8 bytes [B0, 69, EA, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43 00007ffa5042b87f 8 bytes [A0, 69, EA, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffa504aadd0 8 bytes {JMP QWORD [RIP-0x7fbb7]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffa504aaf50 8 bytes {JMP QWORD [RIP-0x7f8be]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffa504aaf80 8 bytes {JMP QWORD [RIP-0x801cf]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffa504ab0a0 8 bytes {JMP QWORD [RIP-0x7feaf]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffa504ab150 8 bytes {JMP QWORD [RIP-0x802c3]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffa504ab810 8 bytes {JMP QWORD [RIP-0x7ff97]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffa504abb10 8 bytes {JMP QWORD [RIP-0x802cb]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffa504ac390 8 bytes {JMP QWORD [RIP-0x80cbe]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 381 000000007786137d 16 bytes {JMP 0xffffffffffffffd3}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 386 0000000077861512 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077861551 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23 0000000077861577 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 516 0000000077861784 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\system32\wow64cpu.dll!CpuThreadInit + 50 00000000778617c2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000778617e7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077861834 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 1 0000000077861841 24 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 513 0000000077861a41 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 16 0000000077862ae0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\system32\wow64cpu.dll!CpuInitializeStartupContext + 308 0000000077862c1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5376] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000077862c43 8 bytes [7C, 68, EA, 7E, 00, 00, 00, ...]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4508] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffa4df0169a 4 bytes [F0, 4D, FA, 7F]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4508] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffa4df016a2 4 bytes [F0, 4D, FA, 7F]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4508] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffa4df0181a 4 bytes [F0, 4D, FA, 7F]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4508] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffa4df01832 4 bytes [F0, 4D, FA, 7F]
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDefaultNpAcl + 772 00007ffa5042293c 8 bytes {JMP 0xffffffffffffff8c}
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!WinSqmAddToAverageDWORD + 21 00007ffa50422959 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrGetDllPath + 327 00007ffa504230f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrGetDllPath + 447 00007ffa5042316b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlRegisterForWnfMetaNotification + 76 00007ffa50423c24 8 bytes {JMP 0xfffffffffffffff6}
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlSubscribeWnfStateChangeNotification + 67 00007ffa50423c6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlSubscribeWnfStateChangeNotification + 363 00007ffa50423d97 8 bytes {JMP 0xffffffffffffffc5}
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 372 00007ffa50424450 8 bytes {JMP 0xffffffffffffffdf}
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDoesFileExists_U + 7 00007ffa5042445f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWithCompletionCallback + 147 00007ffa504244fb 8 bytes {JMP 0xffffffffffffffee}
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 283 00007ffa5042461f 8 bytes {JMP 0xfffffffffffffff3}
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetermineDosPathNameType_U + 123 00007ffa50424c8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlFlsFree + 279 00007ffa5042501b 8 bytes {JMP 0xffffffffffffff9c}
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAreBitsSet + 184 00007ffa5042517c 8 bytes {JMP 0xffffffffffffffbd}
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 203 00007ffa5042524f 8 bytes {JMP 0xffffffffffffffc3}
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 316 00007ffa504252c0 8 bytes {JMP 0xffffffffffffffbb}
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlGetFullPathName_U + 35 00007ffa5042543f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 368 00007ffa50425d0c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWakeAddressAll + 20 00007ffa50427e7c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlSetBits + 539 00007ffa50428917 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!TpCallbackMayRunLong + 652 00007ffa50429120 8 bytes {JMP 0xffffffffffffffbb}
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlTryEnterCriticalSection + 56 00007ffa50429988 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadAlternateResourceModule + 7 00007ffa5042a36b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadAlternateResourceModuleEx + 975 00007ffa5042a743 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlReleasePath + 203 00007ffa5042ac07 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlReleasePath + 439 00007ffa5042acf3 8 bytes {JMP 0xffffffffffffff9a}
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlFreeThreadActivationContextStack + 47 00007ffa5042adb7 8 bytes [10, 6A, F8, 7F, 00, 00, 00, ...]
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlFreeActivationContextStack + 211 00007ffa5042ae93 8 bytes [00, 6A, F8, 7F, 00, 00, 00, ...]
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlExitUserThread + 455 00007ffa5042b1f7 8 bytes [F0, 69, F8, 7F, 00, 00, 00, ...]
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrInitializeThunk + 31 00007ffa5042b21f 8 bytes [E0, 69, F8, 7F, 00, 00, 00, ...]
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 856 00007ffa5042b698 8 bytes {CALL RAX}
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlAllocateActivationContextStack + 920 00007ffa5042b6d8 8 bytes [C0, 69, F8, 7F, 00, 00, 00, ...]
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlProcessFlsData + 363 00007ffa5042b84b 8 bytes [B0, 69, F8, 7F, 00, 00, 00, ...]
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDetectHeapLeaks + 43 00007ffa5042b87f 8 bytes [A0, 69, F8, 7F, 00, 00, 00, ...]
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffa504aadd0 8 bytes {JMP QWORD [RIP-0x7fbb7]}
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffa504aaf50 8 bytes {JMP QWORD [RIP-0x7f8be]}
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffa504aaf80 8 bytes {JMP QWORD [RIP-0x801cf]}
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffa504ab0a0 8 bytes {JMP QWORD [RIP-0x7feaf]}
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffa504ab150 8 bytes {JMP QWORD [RIP-0x802c3]}
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffa504ab810 8 bytes {JMP QWORD [RIP-0x7ff97]}
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffa504abb10 8 bytes {JMP QWORD [RIP-0x802cb]}
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffa504ac390 8 bytes {JMP QWORD [RIP-0x80cbe]}
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 381 000000007786137d 16 bytes {JMP 0xffffffffffffffd3}
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 386 0000000077861512 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49 0000000077861551 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\system32\wow64cpu.dll!CpuSetStackPointer + 23 0000000077861577 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\system32\wow64cpu.dll!CpuResetToConsistentState + 516 0000000077861784 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\system32\wow64cpu.dll!CpuThreadInit + 50 00000000778617c2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23 00000000778617e7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68 0000000077861834 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 1 0000000077861841 24 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 513 0000000077861a41 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\system32\wow64cpu.dll!CpuFlushInstructionCache + 16 0000000077862ae0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\system32\wow64cpu.dll!CpuInitializeStartupContext + 308 0000000077862c1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Merfi\Desktop\Gmer-19357.exe[3380] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000077862c43 8 bytes [7C, 68, F8, 7F, 00, 00, 00, ...]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [748:756] fffff96000934b90
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [3796:3800] 000000000036fbf7
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [3796:4396] 00000000640667ce
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [3796:2084] 0000000063ff8104
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [3796:5436] 0000000063ff8104
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [3796:5440] 0000000061398bce
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [3796:1616] 0000000063ff8104
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [3796:1828] 0000000073d12472
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2872:5944] 00007ffa4df781b0
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2872:6372] 00007ffa4dff0310
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ---- addition Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2014 01
Ran by Merfi at 2014-09-23 18:15:39
Running from C:\Users\Merfi\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3013 - Acer Incorporated)
Acer Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.03.3000 - Acer Incorporated)
Acer Docs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 2.04.2005 - Acer)
Acer Games (HKCU\...\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf) (Version: 1.1.7.42206 - Pokki)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3005 - Acer Incorporated)
Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.04.3002.6 - Acer Incorporated)
Acer Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.04.3004.0 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.04.3006 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.3001 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3004 - Acer Incorporated)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
ETDWare PS/2-X64 11.6.24.203_WHQL (HKLM\...\Elantech) (Version: 11.6.24.203 - ELAN Microelectronic Corp.)
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - FreeCodecPack)
Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.3.8.820 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.44.820 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.44.820 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.43.806 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.43.806 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - FreeCodecPack)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 4620 series - Grundlegende Software für das Gerät (HKLM\...\{B16F9E6E-1388-472C-98C3-F32D397EF85D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 4620 series Hilfe (HKLM-x32\...\{72EDA2AC-2908-4BB3-97E5-4F9DDEBF9731}) (Version: 6.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.0.0.1083 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4649.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1165.0612 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nero BackItUp (x32 Version: 12.5.5000 - Nero AG) Hidden
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Nero BackItUp Help (CHM) (x32 Version: 12.0.10000 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.15600 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.20200 - Nero AG) Hidden
Nero Launcher (x32 Version: 12.2.7000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.3001 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.39 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.28140 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Studie zur Verbesserung von HP Officejet 4620 series Produkten (HKLM\...\{ABBC6F00-E9C9-4B1E-B046-8FFD7BA3A456}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1451651083-1881121127-1403879726-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Merfi\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
28-08-2014 15:28:35 Windows Update
06-09-2014 13:30:23 Geplanter Prüfpunkt
10-09-2014 15:42:48 Windows Update
16-09-2014 16:33:11 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0410DEBC-C01C-4DF9-9BA7-8AD5BC86A0BC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-07] (Google Inc.)
Task: {04AAB0FB-0019-4896-8386-0021AAE9DF10} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0CA05717-F38A-4EFF-B615-DBA345EFF8E7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-09-10] (Microsoft Corporation)
Task: {13A4F2CA-E8E0-460F-94D2-6B7034DD2AC5} - System32\Tasks\Dolby Selector => C:\Dolby PCEE4\pcee4.exe [2012-09-01] (Dolby Laboratories Inc.)
Task: {165DFCA5-5E8C-47A4-A404-831095A5B35A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-12] (Microsoft Corporation)
Task: {1DE0CA86-2FC0-42EE-B3E5-675AE49C6571} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {21E328BB-06EE-41E3-A34F-256EF0A122E3} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {2559CBD2-D54B-411A-84C9-E2A689E2115A} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3A97016C-F650-4759-8EC1-C936ED18EA17} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [2014-05-02] (Acer Incorporated)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {48600BE3-03F0-4C5B-BE5D-F1EE335357A2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-07] (Google Inc.)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {5EC4B06D-0C8D-4D81-A5D6-6D7B28B91AB1} - System32\Tasks\HPCustParticipation HP Officejet 4620 series => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7BB1EC61-3140-48A7-9245-3DD56ECC42BA} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8F2B5D50-FC49-4F37-99F2-E4CA803398A2} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {900016EE-4919-4454-9356-B1C46C91A8E1} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-06-18] (Acer Incorporate)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B9492FED-CEE8-46E3-92D2-4F6948E7E5BE} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {BA15C236-609C-43C4-93EE-BBC435202610} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-16] (Acer Incorporated)
Task: {CAE76D55-675A-4ED0-844C-64E7FEE6BA9A} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1451651083-1881121127-1403879726-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {CEDE232B-9B47-4CDD-B1FE-E53298E287F6} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D4F1838F-B2D1-4B45-AEF2-FB800DF0E0ED} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E0016269-49ED-4B59-9C2E-237CEE23361A} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-09-05 02:36 - 2013-09-05 02:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-04-28 13:00 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-01-25 10:09 - 2013-01-25 10:09 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-25 10:05 - 2013-01-25 10:05 - 00084992 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-01-25 10:12 - 2013-01-25 10:12 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-12-12 19:31 - 2013-01-23 09:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKCU\...\StartupApproved\Run: => "AcerCloud"
==================== Faulty Device Manager Devices =============
Name: Bluetooth USB Module
Description: Bluetooth USB Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/23/2014 05:32:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SkyDrive.exe, Version: 17.3.1165.612, Zeitstempel: 0x539a47b7
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17055, Zeitstempel: 0x532943a3
Ausnahmecode: 0x80000003
Fehleroffset: 0x000b3425
ID des fehlerhaften Prozesses: 0x81c
Startzeit der fehlerhaften Anwendung: 0xSkyDrive.exe0
Pfad der fehlerhaften Anwendung: SkyDrive.exe1
Pfad des fehlerhaften Moduls: SkyDrive.exe2
Berichtskennung: SkyDrive.exe3
Vollständiger Name des fehlerhaften Pakets: SkyDrive.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SkyDrive.exe5
Error: (09/22/2014 05:26:00 PM) (Source: MsiInstaller) (EventID: 1024) (User: Merfis-PC)
Description: Produkt: Adobe Reader XI (11.0.08) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011009}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (09/22/2014 05:13:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SkyDrive.exe, Version: 17.3.1165.612, Zeitstempel: 0x539a47b7
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17055, Zeitstempel: 0x532943a3
Ausnahmecode: 0x80000003
Fehleroffset: 0x000b3425
ID des fehlerhaften Prozesses: 0x1a4c
Startzeit der fehlerhaften Anwendung: 0xSkyDrive.exe0
Pfad der fehlerhaften Anwendung: SkyDrive.exe1
Pfad des fehlerhaften Moduls: SkyDrive.exe2
Berichtskennung: SkyDrive.exe3
Vollständiger Name des fehlerhaften Pakets: SkyDrive.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SkyDrive.exe5
Error: (09/22/2014 05:13:17 PM) (Source: MsiInstaller) (EventID: 1024) (User: Merfis-PC)
Description: Produkt: Adobe Reader XI (11.0.08) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011009}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (09/22/2014 01:00:00 AM) (Source: ESENT) (EventID: 454) (User: )
Description: svchost (1584) SRUJet: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -1216 auf.
Error: (09/22/2014 01:00:00 AM) (Source: ESENT) (EventID: 494) (User: )
Description: svchost (1584) SRUJet: Bei der Datenbankwiederherstellung ist ein Fehler aufgetreten (Fehler -1216), da Verweise auf Datenbank "C:\WINDOWS\system32\SRU\SRUDB.dat" festgestellt wurden, die nicht mehr vorhanden ist. Die Datenbank wurde nicht sauber heruntergefahren, bevor sie entfernt (oder möglicherweise verschoben oder umbenannt) wurde. Das Datenbankmodul lässt den Abschluss der Wiederherstellung für diese Instanz erst dann zu, wenn die fehlende Datenbank wieder verfügbar gemacht wird. Wenn die Datenbank tatsächlich nicht mehr verfügbar oder nicht mehr erforderlich ist, finden Sie Informationen zum Beheben dieses Fehlers in der Microsoft Knowledge Base oder unter dem Link "Weitere Informationen" am Ende dieser Meldung.
Error: (09/22/2014 00:09:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SkyDrive.exe, Version: 17.3.1165.612, Zeitstempel: 0x539a47b7
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17055, Zeitstempel: 0x532943a3
Ausnahmecode: 0x80000003
Fehleroffset: 0x000b3425
ID des fehlerhaften Prozesses: 0xea4
Startzeit der fehlerhaften Anwendung: 0xSkyDrive.exe0
Pfad der fehlerhaften Anwendung: SkyDrive.exe1
Pfad des fehlerhaften Moduls: SkyDrive.exe2
Berichtskennung: SkyDrive.exe3
Vollständiger Name des fehlerhaften Pakets: SkyDrive.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SkyDrive.exe5
Error: (09/22/2014 00:05:12 AM) (Source: MsiInstaller) (EventID: 1024) (User: Merfis-PC)
Description: Produkt: Adobe Reader XI (11.0.08) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011009}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (09/22/2014 00:01:41 AM) (Source: MsiInstaller) (EventID: 1024) (User: Merfis-PC)
Description: Produkt: Adobe Reader XI (11.0.08) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011009}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (09/22/2014 00:00:00 AM) (Source: ESENT) (EventID: 470) (User: )
Description: svchost (1524) SRUJet: Datenbank C:\WINDOWS\system32\SRU\SRUDB.dat wurde teilweise angehängt. Anhängungsstufe: 3. Fehler: -1019.
System errors:
=============
Error: (09/22/2014 10:32:59 PM) (Source: DCOM) (EventID: 10010) (User: Merfis-PC)
Description: {5911B092-7EEA-4D99-BEDB-BF82390F266A}
Error: (09/22/2014 08:23:37 PM) (Source: DCOM) (EventID: 10010) (User: Merfis-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (09/22/2014 07:04:23 PM) (Source: DCOM) (EventID: 10010) (User: Merfis-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (09/22/2014 07:03:53 PM) (Source: DCOM) (EventID: 10010) (User: Merfis-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (09/22/2014 00:00:16 AM) (Source: DCOM) (EventID: 10001) (User: Merfis-PC)
Description: "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe" -Embedding5{88F5E7B2-09B9-471E-895A-25247585905C}Nicht verfügbarNicht verfügbar
Error: (09/21/2014 11:59:16 PM) (Source: DCOM) (EventID: 10001) (User: Merfis-PC)
Description: "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe" -Embedding5{88F5E7B2-09B9-471E-895A-25247585905C}Nicht verfügbarNicht verfügbar
Error: (09/21/2014 00:19:52 PM) (Source: DCOM) (EventID: 10010) (User: Merfis-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (09/21/2014 00:19:22 PM) (Source: DCOM) (EventID: 10010) (User: Merfis-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (09/20/2014 02:30:16 PM) (Source: DCOM) (EventID: 10010) (User: Merfis-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (09/20/2014 02:29:46 PM) (Source: DCOM) (EventID: 10010) (User: Merfis-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Microsoft Office Sessions:
=========================
Error: (09/23/2014 05:32:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SkyDrive.exe17.3.1165.612539a47b7KERNELBASE.dll6.3.9600.17055532943a380000003000b342581c01cfd74389f92fa1C:\Users\Merfi\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dllc856a494-4336-11e4-be90-0c54a549b590
Error: (09/22/2014 05:26:00 PM) (Source: MsiInstaller) (EventID: 1024) (User: Merfis-PC)
Description: Adobe Reader XI (11.0.08) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)
Error: (09/22/2014 05:13:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SkyDrive.exe17.3.1165.612539a47b7KERNELBASE.dll6.3.9600.17055532943a380000003000b34251a4c01cfd677d4350c63C:\Users\Merfi\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll134fd6db-426b-11e4-be8b-0c54a549b590
Error: (09/22/2014 05:13:17 PM) (Source: MsiInstaller) (EventID: 1024) (User: Merfis-PC)
Description: Adobe Reader XI (11.0.08) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)
Error: (09/22/2014 01:00:00 AM) (Source: ESENT) (EventID: 454) (User: )
Description: svchost1584SRUJet: -1216
Error: (09/22/2014 01:00:00 AM) (Source: ESENT) (EventID: 494) (User: )
Description: svchost1584SRUJet: -1216C:\WINDOWS\system32\SRU\SRUDB.dat
Error: (09/22/2014 00:09:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SkyDrive.exe17.3.1165.612539a47b7KERNELBASE.dll6.3.9600.17055532943a380000003000b3425ea401cfd5e8bb80f2c3C:\Users\Merfi\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dllfa9fa57b-41db-11e4-be8b-0c54a549b590
Error: (09/22/2014 00:05:12 AM) (Source: MsiInstaller) (EventID: 1024) (User: Merfis-PC)
Description: Adobe Reader XI (11.0.08) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)
Error: (09/22/2014 00:01:41 AM) (Source: MsiInstaller) (EventID: 1024) (User: Merfis-PC)
Description: Adobe Reader XI (11.0.08) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)
Error: (09/22/2014 00:00:00 AM) (Source: ESENT) (EventID: 470) (User: )
Description: svchost1524SRUJet: C:\WINDOWS\system32\SRU\SRUDB.dat3-1019
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4702MQ CPU @ 2.20GHz
Percentage of memory in use: 6%
Total physical RAM: 24456.27 MB
Available physical RAM: 22805.52 MB
Total Pagefile: 49032.27 MB
Available Pagefile: 47200.49 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:118.19 GB) (Free:60.6 GB) NTFS
Drive d: (DATA) (Fixed) (Total:680.63 GB) (Free:656.45 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: A5462595)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 698.6 GB) (Disk ID: A546257A)
Partition: GPT Partition Type.
==================== End Of Log ============================ |