Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7 PC mini- bzw maximiert Browser, Desktopsymbole, Programme selbständig (https://www.trojaner-board.de/168072-windows-7-pc-mini-bzw-maximiert-browser-desktopsymbole-programme-selbstaendig.html)

mobspot 19.06.2015 23:09
Windows 7 PC mini- bzw maximiert Browser, Desktopsymbole, Programme selbständig
 
Liste der Anhänge anzeigen (Anzahl: 1)
]

Hallo,

MeinWindows 7 PC mini- bzw maximiert Browser, Desktopsymbole, Programme selbständig. Zeitweise schliesst er diese auch.
Ausserdem gibt er in unregelmässigen Abständen seltsame Töne (wie Fehlermeldungen, bzw. Morsezeichen) von sich.
Danke schonmal

schrauber 20.06.2015 06:45
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

mobspot 20.06.2015 09:22
Hi Schrauber,

in der Tat war die GMER zu groß, deswegen gezippt. :wtf: Hier erst mal die defogger und addition anderen

Defogger:

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:01 on 19/06/2015 (chberghoff)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Addition:

[CODE]Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by chberghoff at 2015-06-19 22:04:28
Running from C:\Users\chberghoff\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2171270164-1414087093-4126627718-500 - Administrator - Disabled)
BERGHOFF (S-1-5-21-2171270164-1414087093-4126627718-1000 - Administrator - Enabled) => C:\Users\BERGHOFF
bslap2013 (S-1-5-21-2171270164-1414087093-4126627718-1004 - Administrator - Enabled) => C:\Users\bslap2013
chberghoff (S-1-5-21-2171270164-1414087093-4126627718-1005 - Administrator - Enabled) => C:\Users\chberghoff
Gast (S-1-5-21-2171270164-1414087093-4126627718-501 - Limited - Disabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-2171270164-1414087093-4126627718-1011 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
ABC-Schutz-Simulator Version 1.0 (HKLM-x32\...\{0B0ADD81-270D-44C7-8AA9-882A42F2EC22}_is1) (Version:  - rondomedia Marketing & Vertriebs GmbH)
ActiveX контрола на Windows Live Mesh за отдалечени връзки (HKLM-x32\...\{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}) (Version: 15.4.5722.2 - Microsoft Corporation)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.0.19460 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\{53F29A32-7D03-4635-A8B3-839D921F6F96}) (Version: 10.3.181.26 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 9 (HKLM-x32\...\PremElem90) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Alarm für Cobra 11 - Das Syndikat (HKLM-x32\...\Alarm für Cobra 11 - Das Syndikat_is1) (Version:  - dtp)
Alarm für Cobra 11 - Undercover (HKLM-x32\...\Alarm für Cobra 11 - Undercover_is1) (Version:  - dtp)
Any Video Converter 5.7.7 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Family Paint 3D (HKLM-x32\...\{2576B595-16E0-4E6C-AA99-AA93100DA868}) (Version: 1.0.101 - ArcSoft)
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{B1893E3F-9BDF-443F-BED0-1AAA2D9E0D68}) (Version: 2.0.149 - ArcSoft)
ArcSoft WebCam Companion 4 (HKLM-x32\...\{B77DE05C-7C84-4011-B93F-A29D0D2840F4}) (Version: 4.0.444 - ArcSoft)
ArcSoft WebCam Message Board (HKLM-x32\...\{7D44F1E8-968F-48D8-A966-2890A2CFFC6F}) (Version: 1.1.84 - ArcSoft)
Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 3.0 - Atheros)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)
Blender (HKLM\...\Blender) (Version: 2.72b - Blender Foundation)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.3.0.110 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bus- & Cable Car-Simulator (HKLM-x32\...\Bus- & Cable Car-Simulator_is1) (Version:  - astragon)
Bus-Simulator 2012 (HKLM-x32\...\Bus-Simulator 2012_is1) (Version:  - astragon)
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Cobra 11 - Highway Nights (remove only) (HKLM-x32\...\HighwayNights) (Version:  - )
Control ActiveX Windows Live Mesh pentru conexiuni la distanță (HKLM-x32\...\{260E3D78-94E6-47EC-8E29-46301572BB1E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.108 - Corel Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
devolo dLAN Cockpit (HKLM-x32\...\dlancockpit) (Version: 3.2.0.0 - devolo AG)
Die Polizei 2013 (HKLM-x32\...\Die Polizei 2013) (Version:  - Quadriga Games)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.7.65.1020 - Electronic Arts Inc.)
dLAN Cockpit (x32 Version: 3.2.28 - devolo AG) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.6 - Dolby Laboratories Inc)
Dxtory version 2.0.128 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.128 - ExKode Co. Ltd.)
Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Emergency4 (HKLM-x32\...\{9A4C534E-431F-4A17-97D4-D1682B19A054}) (Version: 1.03.001 - )
Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.5.2 - SCS Software)
Evernote v. 4.4 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.4.0.4848 - Evernote Corp.)
FIFA 13 (HKLM-x32\...\{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}) (Version: 1.8.0.0 - Electronic Arts)
FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
Flight Simulator X (HKLM-x32\...\RTMshadow_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version:  - )
Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1shadow_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version:  - )
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
FormatFactory 3.5.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.5.1.0 - Format Factory)
Freemake Video Converter Version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.1 - Ellora Assets Corporation)
Freemake YouTube To MP3 Boom (HKLM-x32\...\Freemake YouTube To MP3 Boom_is1) (Version: 1.0.3 - Ellora Assets Corporation)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GIANTS Editor 6.0.3 64-bit (HKLM-x32\...\giants_editor_6.0.3_win64_is1) (Version: 6.0.3 - GIANTS Software GmbH)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Drive (HKLM-x32\...\{CBC9F5FD-5CFA-4A33-81CD-369EAB77E3A6}) (Version: 1.22.9403.0223 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Harry Potter und die Heiligtümer des Todes(TM) - Teil 2 (HKLM-x32\...\{F0C9E8E9-C54B-48C1-9192-F5D49633AB5D}) (Version: 1.0.0.0 - Electronic Arts)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6600 - Grundlegende Software für das Gerät (HKLM\...\{F58934BD-F483-43EB-B307-CFFD88B18455}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6600 Hilfe (HKLM-x32\...\{2FA81482-5570-4CF0-9A10-D61D2F164916}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 7 Update 75 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170750}) (Version: 1.7.0.750 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
Landwirtschafts Simulator 15 (HKLM-x32\...\FarmingSimulator2015DE_is1) (Version: 1.2.0.0 - GIANTS Software)
Landwirtschafts Simulator 2013 (HKLM-x32\...\FarmingSimulator2013DE_is1) (Version: 1.0 - GIANTS Software)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.328 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.328 - LogMeIn, Inc.) Hidden
LoiLo Game Recorder (HKLM\...\{89E4163C-BD19-45A9-BCEB-980741786799}_is1) (Version: 1.1.0.0 - LoiLo inc.)
LoiLoScope 2 (HKLM-x32\...\{CAB75FFC-2377-4B95-A8FA-C9234B812A92}_is1) (Version: 2.5.3.2 - LoiLo inc)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Media Gallery (Version: 1.5.0.17250 - Your Company Name) Hidden
Media Go (HKLM-x32\...\{0F895695-33CC-4203-9C47-25EF2AC9441C}) (Version: 1.7.254 - Sony)
MergeModule_x86 (x32 Version: 9.1.00 - Sony Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.60905 - Microsoft Game Studios)
Microsoft Flight Simulator X: Acceleration (HKLM-x32\...\FlightSim_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version: 10.0.61637.0 - Microsoft Game Studios)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{3c3aafc8-d898-43ec-998f-965ffdae065a}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NextWindow DesktopTouch Driver Package (HKLM\...\{3D4ACF00-2919-4A5A-9FAA-B62C1196A5A4}) (Version: 1.1.014 - NextWindow)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.2.3 - )
Nuance PDF Converter Professional 8 (HKLM\...\{4131723B-BF21-4372-AFFD-82F31C31E50A}) (Version: 8.10.6267 - Nuance Communications, Inc.)
Nuance PDF Converter Professional 8 (HKLM-x32\...\{4131723B-BF21-4372-AFFD-82F31C31E50A}) (Version: 8.10.6267 - Nuance Communications, Inc.)
Nuance PDF Converter Professional 8 Update x64 (HKLM\...\{45AE5880-34A1-4575-92A6-11D0DC182F24}) (Version: 8.11.0000 - Nuance Communications, Inc.)
NVIDIA 3D Vision Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Video Player (HKLM-x32\...\{123F0CCE-21AA-401D-A335-3EDF9C13AA52}) (Version: 1.6.9 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (HKLM-x32\...\{B6190387-0036-4BEB-8D74-A0AFC5F14706}) (Version: 15.4.5722.2 - Microsoft Corporation)
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (HKLM-x32\...\{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}) (Version: 15.4.5722.2 - Microsoft Corporation)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
PlayMemories Home (HKLM-x32\...\{9BC57F80-FBCF-463C-B69F-09DEC3A4612B}) (Version: 4.2.00.02052 - Sony Corporation)
PlayStation(R)Network Downloader (HKLM-x32\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.05.00710 - Sony Computer Entertainment Inc.)
PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.1.8.11883 - Sony Computer Entertainment Inc.)
PMB VAIO Edition Guide (x32 Version: 1.6.00.06030 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (Version: 1.5.10.05300 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (x32 Version: 1.6.00.06010 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (x32 Version: 1.6.00.06140 - Sony Corporation) Hidden
PMB_ModeEditor (x32 Version: 9.1.00 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 9.2.00 - Sony Corporation) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
Qualcomm Atheros Direct Connect (x32 Version: 3.0 - Qualcomm Atheros) Hidden
Quick Web Access (HKLM-x32\...\splashtop) (Version: 1.4.6.10 - Sony Corporation)
Quick Web Access (x32 Version: 1.4.6.10 - Sony Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6383 - Realtek Semiconductor Corp.)
Remote Keyboard (x32 Version: 1.1.1.07060 - Sony Corporation) Hidden
Remote Play with PlayStation 3 (x32 Version: 1.1.0.15072 - Sony Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Roxio Easy Media Creator 10 LJ (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Schiff-Simulator 2008 (HKLM-x32\...\ShipSim2008) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
SL-6640-SBK BLACK WIDOW Flightstick (HKLM-x32\...\SL-6640-SBK BLACK WIDOW Flightstick) (Version:  - )
SmartSound Quicktracks for Premiere Elements 9.0 (HKLM-x32\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden
SOHLib for PlayMemories Home (x32 Version: 1.0.3.02170 - Sony Corporation) Hidden
Sony Corporation (Version: 1.0.0 - Default Company Name) Hidden
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43174 - TeamViewer)
Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.2 - Electronic Arts)
Train Simulator 2015 (HKLM-x32\...\Steam App 24010) (Version:  - RailSimulator.com)
Ultima 8 (HKLM-x32\...\{428C6B01-D292-46F9-9321-75668ED17DA2}) (Version: 1.0.0.1 - Electronic Arts)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
V3DPX86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VAIO - Media Gallery (HKLM-x32\...\{FA870BF1-44A1-4B7D-93E1-C101369AF0C1}) (Version: 1.5.0.18100 - Sony Corporation)
VAIO - PMB VAIO Edition Guide (HKLM-x32\...\InstallShield_{66081CDD-C1FE-415F-BB3A-F2622BA27461}) (Version: 1.6.00.06030 - Sony Corporation)
VAIO - PMB VAIO Edition Plug-in (HKLM-x32\...\InstallShield_{270380EB-8812-42E1-8289-53700DB840D2}) (Version: 1.6.00.06140 - Sony Corporation)
VAIO - Remote Play mit PlayStation®3 (HKLM-x32\...\{07441A52-E208-478A-92B7-5C337CA8C131}) (Version: 1.1.0.15072 - Sony Corporation)
VAIO - Remote-Tastatur  (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.1.0.07060 - Sony Corporation)
VAIO 3D Portal (HKLM-x32\...\{C14EAE86-C526-4E00-B245-CFF86233C3D2}) (Version: 1.1.0.06240 - Sony Corporation)
VAIO Care (HKLM\...\{D9FFE40D-1A85-4541-992C-5EF505F391A4}) (Version: 8.4.2.12041 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 5.0.0.07070 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.7.0.05270 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.7.0.05270 - Sony Corporation) Hidden
VAIO Easy Connect (HKLM-x32\...\{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}) (Version: 1.0.0.03050 - Sony Corporation)
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.4.0.06210 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 2.5.0.07080 - Sony Corporation)
VAIO Hero Screensaver - Fall 2011 Screensaver (HKLM-x32\...\VAIO Hero Screensaver - Fall 2011 Screensaver) (Version:  - )
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 1.1.0.06030 - Sony Corporation)
VAIO Improvement Validation (HKLM\...\{75C95C84-264F-4CC7-8A7E-346444E6C7C1}) (Version: 1.0.4.01190 - Sony Corporation)
VAIO Sample Contents (HKLM-x32\...\{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}) (Version: 1.4.2.09010 - Sony Corporation)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.8.1.08270 - Sony Corporation)
VAIO Touch Portal (HKLM-x32\...\{AE9568B1-BCBC-4F30-832F-DACE18C7110C}) (Version: 1.1.0.06160 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VAIO-Handbuch (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 1.4.0.05310 - Sony Corporation)
VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.4.0.14230 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VTPX86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Елемент керування Windows Live Mesh ActiveX для віддалених підключень (HKLM-x32\...\{6756D5CA-3E31-4308-9BF0-79DFD1AF196E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Основи Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотоколекція Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

17-06-2015 08:52:41 Windows Update
18-06-2015 10:41:58 Installiert VAIO Easy Connect
18-06-2015 10:45:45 Windows Update
18-06-2015 12:56:16 Wiederherstellungsvorgang
18-06-2015 13:24:15 Windows Update
18-06-2015 16:24:05 Removed Harry Potter und die Heiligtümer des Todes(TM) - Teil 2
18-06-2015 16:34:51 Removed Google Drive
18-06-2015 17:16:14 Wiederherstellungsvorgang
18-06-2015 17:40:31 Windows Update
18-06-2015 18:38:02 Windows Update
18-06-2015 21:45:54 Removed Google Drive

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07DD35D1-3A85-41E0-BB08-F49F78F48F03} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {08288039-28F9-4EDA-89D5-CACF8CC1F55E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {0C329D6A-1F21-45F8-BC5A-2A0A0F40CA1A} - System32\Tasks\HP AR Program Upload - cdd2c1c744044bc7babb55526f144a0dde72fff3d29e4f05929f19b224882788 => C:\Program Files\HP\HP Officejet 6600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {106AFE63-596B-4827-8D51-280B9866B715} - System32\Tasks\{AC92C842-C9D4-4882-A73B-27CEE3C06D17} => pcalua.exe -a D:\Launcher.exe -d D:\
Task: {15E588CF-23F8-42B6-A696-8392AE50F2E5} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {29779ADA-50EE-453F-8AEC-6F61A8952DD7} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {35960273-846A-4B4B-B5C9-3E15DC9F1140} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {393739AA-0DF4-4334-B979-5CD31BD59525} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2011-06-21] (Sony Corporation)
Task: {3C8BC373-3452-4E25-9BC6-CFA5BECA9D8C} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {3D6792E2-2BF9-4ABD-8FE7-C1DC9F170C74} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {3E526048-1162-4D15-8A84-9B848D9F5630} - System32\Tasks\{495E18AB-9321-4244-B0AD-85FC313F39D6} => C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe [2015-05-15] (Electronic Arts Inc.)
Task: {42DEC02D-11BB-460A-B924-C31113A1B6AE} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {433289F5-C27E-458A-8533-AE216E3F1AD9} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {46F4AD8E-189F-4678-AD29-A24E839765A6} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2011-05-31] (Sony Corporation)
Task: {522DB2B1-F7D2-4122-ADD6-CF5070BCA8DB} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => C:\Program Files\Sony\VAIO Smart Network\VSNClient
Task: {5309A6DE-AB64-4E25-AE31-D86DF6A9EB54} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {5B3A7637-9C0A-420D-BBF4-21743BADADE0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {5CE25215-B574-4ADA-8029-A40B59905EFE} - System32\Tasks\{D5D787A9-3180-4043-86AB-993B40CBE543} => pcalua.exe -a C:\Users\BERGHOFF\Desktop\SL-6640-SBK_Driver_V4.0\setup.exe -d C:\Users\BERGHOFF\Desktop\SL-6640-SBK_Driver_V4.0
Task: {620AB502-2364-4194-83EA-99ED60AE3045} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {62D55CEE-ABA6-48DD-9955-5CDCDB38BD85} - System32\Tasks\Sony Corporation\VAIO Improvement Validation\VAIO Improvement Validation => C:\Program Files\Sony\VAIO Improvement Validation\viv.exe [2011-01-20] (Sony Corporation)
Task: {63C6342B-0382-4076-AA05-446DD07DE9CF} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {665AA66B-E329-49BB-91C3-52C00C487ED0} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {69735E24-157F-4AF7-BB44-3A0C86151447} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {71D4CA68-4C34-4AB8-B6BF-40C853E8577B} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {7344638B-AD17-4DB1-A6EF-97908F5B4B4D} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {75B9B4ED-FD47-4288-801C-5FF4397F9645} - System32\Tasks\{4833DA8E-3201-4178-B312-4AED2E86ACDA} => pcalua.exe -a C:\PROGRA~2\SIXTEE~1\EMERGE~1\MODINS~1.EXE -d C:\Users\BERGHOFF\Desktop -c "C:\Users\BERGHOFF\Desktop\8_xmas2012.e4mod"
Task: {76B24EB7-A765-414B-ABB5-5839E88C732B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {87FF2AF6-E139-4CBA-A6F3-F81882146634} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {8E94A041-F617-4038-8FE3-E2345545A329} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-18] (Adobe Systems Incorporated)
Task: {8FCED912-3887-4026-AB02-A97FF2A0DA63} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {922828A1-E95A-4ACA-9FF9-738CF09D681A} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-12-03] (Sony Corporation)
Task: {96E8857E-6786-4C2B-B5E3-197441F04EFA} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {9C7EE11D-DD22-4A3D-9B89-43EAD3D9A8D6} - System32\Tasks\Microsoft Office 15 Sync Maintenance for BERGHOFF-VAIO-chberghoff BERGHOFF-VAIO => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)
Task: {9E429F91-D3C5-4DF6-B3DF-AB40782C8FF3} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation)
Task: {A2895E05-5BD7-4AB2-9697-01BCC9ABA2DD} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2011-05-31] (Sony Corporation)
Task: {A71A12FC-AFDF-469A-A5E9-D58A1654AB67} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2011-06-21] (Sony Corporation)
Task: {B361411D-2A09-4556-ABC0-91FDA907DB9B} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2011-05-31] (Sony Corporation)
Task: {BDF43F99-6354-4763-BBFB-7ED0436E9FD2} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-20] (Microsoft Corporation)
Task: {C5F3EEC4-5978-46ED-9A05-C832E40E4239} - System32\Tasks\{510C327B-E675-4D11-9321-C2C7395E6C8A} => pcalua.exe -a D:\setup.exe -d D:\
Task: {C9D2ED03-09D3-43B6-BE16-274F4D95DC9F} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-06-03] (Sony Corporation)
Task: {CBDE4841-66BC-4516-AD1F-68E0AD48C15F} - System32\Tasks\{CAB0C017-EB27-493C-A82C-ABD1A23218B3} => pcalua.exe -a C:\Users\BERGHOFF\Downloads\forge-1.7.2-10.12.2.1121-installer-win.exe -d C:\Users\BERGHOFF\Downloads
Task: {D91E7463-AB04-4FBE-8CAF-760220598A21} - System32\Tasks\{EF2D9A53-91BC-4051-83CE-3DF014D31C5D} => C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe [2015-05-15] (Electronic Arts Inc.)
Task: {E798A9E4-F123-4B77-B3AE-3C6BBF86F109} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {ECA4D344-F412-4100-84DA-9CB32E2157C8} - System32\Tasks\{CFBC2C61-7D12-4C59-A26B-1FBB924F9C56} => pcalua.exe -a C:\Users\BERGHOFF\Desktop\mineminemine\H_S_Design_EC135_X\H_S_Design_EC135_X\H&amp;S_Design_EC135_X.exe -d C:\Users\BERGHOFF\Desktop\mineminemine\H_S_Design_EC135_X\H_S_Design_EC135_X
Task: {F1199FB9-0627-45DC-AC7E-FAD00BA071A9} - System32\Tasks\{A4AE8AB5-4796-4DDA-9033-0294C66F6CFC} => pcalua.exe -a "C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\Uninstal.exe" -d "C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X"
Task: {F2EFF840-3915-49F5-BDB1-C597A0BCB486} - System32\Tasks\{558C9A84-A12F-4932-AF22-D4A2DBF49AE0} => pcalua.exe -a D:\setup.exe -d D:\
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-06 16:45 - 2014-12-13 10:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-23 12:02 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-04-08 21:53 - 2015-04-08 21:53 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2013-11-01 14:59 - 2013-11-01 14:59 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-30 18:12 - 2014-08-30 18:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kpcengine.2.3.dll
2014-12-26 00:42 - 2011-07-07 16:44 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Control Center\VESBasePS.dll
2011-02-21 13:55 - 2011-02-21 13:55 - 00135168 _____ () C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\Extension\MrsMpegParser.dll
2015-01-09 14:24 - 2015-01-09 14:24 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\5254e1c1ddeefd3d7293359b4944baca\IsdiInterop.ni.dll
2014-12-26 00:23 - 2011-01-12 18:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-06-19 14:15 - 2015-06-05 20:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll
2015-06-19 14:15 - 2015-06-05 20:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:AEC0AC81

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2171270164-1414087093-4126627718-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\chberghoff\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^BERGHOFF^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Dolby Home Theater v4 => "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: ISUSPM => "C:\ProgramData\FLEXnet\Connect\11\isuspm.exe" -scheduler
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Nuance PDF Converter Professional 8-reminder => "C:\Program Files (x86)\Nuance\PDF Professional 8\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Converter Professional 8\Ereg\Ereg.ini"
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: PDF8 Registry Controller => "C:\Program Files (x86)\Nuance\PDF Professional 8\RegistryController.exe"
MSCONFIG\startupreg: PDFProHook => "C:\Program Files (x86)\Nuance\PDF Professional 8\pdfpro8hook.exe"
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun
MSCONFIG\startupreg: Pokki => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RGSC => C:\Johannes dateien\Minecraft servers\Rockstar Games Social Club\RGSCLauncher.exe /silent
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: shopperz64 => C:\Program Files\shopperz\wrex64.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7DE242AB-B457-42A7-AC51-4FAF980734F7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{33691F1D-16FA-48B7-9BFE-518DDCFCBD06}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2E9BF535-DB03-4461-9B8F-6027982543A6}] => (Allow) LPort=2869
FirewallRules: [{47F66537-DDF9-4C9D-84CC-F7F3CD52F96B}] => (Allow) LPort=1900
FirewallRules: [{1B0A1B61-D717-43DF-8E0D-3AF977F99045}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{0ADE622B-D246-4B3D-9BEB-02B4249BB267}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{428F1917-E8F2-4990-8A42-01385582D722}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{5668B4BE-7632-4D60-AC31-3043842714CB}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{991DB75E-2BBD-4E7B-8546-8727D100E575}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\PDFRouter.exe
FirewallRules: [{5291E826-2FC2-48E3-A6C7-E7D792FFD2AF}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\PDFRouter.exe
FirewallRules: [{844CCA15-6C6E-4B16-97B3-32499C71DA98}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\PdfPro8Hook.exe
FirewallRules: [{F0043B58-C912-4F28-87DC-2655A0BDAB55}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\PdfPro8Hook.exe
FirewallRules: [{EE10C615-2581-44AC-B3DC-A0B44DDA4704}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GPDFDirect.exe
FirewallRules: [{0EDA6579-C77E-432C-AD37-AD2E81210DBC}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GPDFDirect.exe
FirewallRules: [{0E2EA42B-2340-4025-82F0-86878B553C9F}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GaaihoDoc.exe
FirewallRules: [{FD53AFC2-F209-496A-801B-95D41700D1F1}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GaaihoDoc.exe
FirewallRules: [{57B4D079-6C02-4422-B6D3-A66AE56BD9A8}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\Ereg\Ereg.exe
FirewallRules: [{0F228EC9-BBDA-4E98-BE3F-F374A1C32D3F}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\Ereg\Ereg.exe
FirewallRules: [{10875D34-1CDD-4AF2-9C3A-CADD2B049B03}] => (Allow) C:\Program Files (x86)\Emergency 5\bin\x64r\emergency5.exe
FirewallRules: [{B8E0C808-CA24-41DB-82B7-8952F5E94B40}] => (Allow) C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe
FirewallRules: [{67989148-0F72-4687-BD49-10DF18C8866A}] => (Allow) C:\Program Files\Sony\VAIO Smart Network\WFDA\WiFiDirectApplication.exe
FirewallRules: [{51928F0D-8BBD-4FD4-8818-41FF59F47B62}] => (Allow) C:\Program Files\Sony\VAIO Smart Network\WFDA\WiFiDirectApplication.exe
FirewallRules: [{8DFAE2E4-4EF0-4057-B36D-55DF4586ADDC}] => (Allow) C:\Program Files\Sony\VAIO Smart Network\WFDA\WiFiDirectApplication.exe
FirewallRules: [{35BCDD7E-1F32-4904-8C6D-BAF09766227C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{59DE1444-6BFA-46F2-9544-BC0096DD45AC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{4CFBDF52-6E2E-47A9-BADA-98CC1AC1D808}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{D5165FB9-C804-4E8B-972A-2388AA5BBDF9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{C02E43BF-881B-4CCF-BE0A-12804D11032F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{555002D3-4400-4309-8207-8DE2186F29A7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F653D5D7-3053-4A9A-A965-A8BCE5DFF76E}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\FaxApplications.exe
FirewallRules: [{D1F19B1C-9E4E-4D89-A8EA-EEA7E02B028C}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\DigitalWizards.exe
FirewallRules: [{941E11C3-53D0-453A-AB25-9DD620079C6E}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\SendAFax.exe
FirewallRules: [{318907F2-29AA-4C0A-A8ED-C298D2285834}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\DeviceSetup.exe
FirewallRules: [{6B7669FD-E498-4F2A-94CD-5C033AAED008}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{0B35A4A0-24E7-4259-8E5B-3F5FD79681C6}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{2E1AF03E-6119-443A-95D0-F38F3A344ACE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E26959F8-15ED-47C7-9542-AC38FE2FA652}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BFA614AE-B666-465B-92BA-E37819B32EFC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4E142DDA-8F67-4D46-93C5-8FB8F284EF44}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{67D00922-7E87-4C47-8EAB-AAAEC1E2A454}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{5683FF52-68CB-40FD-A802-550A7052100A}] => (Allow) C:\Users\BERGHOFF\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4A511996-E1D5-4D3B-8BA1-1E023EFFA21B}] => (Allow) C:\Users\BERGHOFF\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{8FD27A5F-AE90-47DE-81E7-A55895E463A3}] => (Allow) C:\Users\BERGHOFF\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{5D2207B4-5ECD-4D8E-BDD3-8B3349C24B2E}] => (Allow) C:\Users\BERGHOFF\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{3BF6BA96-1D37-4546-8FC0-3492A5D83AA8}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\FarmingSimulator2015.exe
FirewallRules: [{09A24BD7-5E76-42FF-8A0B-77966620DEF9}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\FarmingSimulator2015.exe
FirewallRules: [{165120D5-A289-409E-86AB-646A05EDFCEE}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\x86\FarmingSimulator2015Game.exe
FirewallRules: [{F51E714C-F350-472E-B4DE-95E2A7402B9C}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\x86\FarmingSimulator2015Game.exe
FirewallRules: [{E2F4E3A6-58E4-4CD7-B35C-0CC373B8CF79}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\x64\FarmingSimulator2015Game.exe
FirewallRules: [{B86782ED-6C26-4020-BC45-62C5860E4570}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\x64\FarmingSimulator2015Game.exe
FirewallRules: [{3819D99C-9CE8-4CB4-AA29-748F5A04EB7F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{28D261F5-4D3A-42FE-8524-431B61ECB53F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5B52F934-7A9D-4609-B254-77F4A8A6424C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{66C1D307-2AD8-4A5A-B1CF-12392CEFD879}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3762FEE0-703C-420D-BDDB-6FF5FE216FBC}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{5B2A98BC-935F-4EAC-9C3A-200972F3067A}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{1F0FC5B2-DBD0-4EB2-8D53-6AA4678F8C74}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{71A5B5F8-57EC-413A-AD16-284B6C390B1A}] => (Allow) C:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{8CEB7BAC-C7B9-4E69-A968-18E29134F9DC}] => (Allow) C:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [TCP Query User{581CA112-19D1-4AF9-8AC3-D88785175B2E}C:\users\berghoff\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\berghoff\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{C874A3D7-BDC4-444E-920E-9483E37B5787}C:\users\berghoff\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\berghoff\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{E9F0DE32-5B4D-43F0-BDCA-0003637E8713}C:\program files (x86)\java\jre1.8.0_25\bin\java.exe] => (Block) C:\program files (x86)\java\jre1.8.0_25\bin\java.exe
FirewallRules: [UDP Query User{8A97058B-1361-414E-93AE-FF50F72E217C}C:\program files (x86)\java\jre1.8.0_25\bin\java.exe] => (Block) C:\program files (x86)\java\jre1.8.0_25\bin\java.exe
FirewallRules: [{4E5F2F64-2A8E-4308-A0F4-9333E760E724}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{62DC6DD2-39A4-4780-BD64-CAB418AFB5D3}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{9000C255-0A7A-47A9-A161-0F73ADA1DC92}C:\program files (x86)\landwirtschafts simulator 2015\dedicatedserver.exe] => (Block) C:\program files (x86)\landwirtschafts simulator 2015\dedicatedserver.exe
FirewallRules: [UDP Query User{1D6EE412-1275-4E57-B112-7C7DD6833AD3}C:\program files (x86)\landwirtschafts simulator 2015\dedicatedserver.exe] => (Block) C:\program files (x86)\landwirtschafts simulator 2015\dedicatedserver.exe
FirewallRules: [{66C834E4-8CE8-4529-8221-9B1DB730969B}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2013\FarmingSimulator2013.exe
FirewallRules: [{D36371E4-7D0E-41B4-83E5-4B5B4FC75308}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2013\FarmingSimulator2013.exe
FirewallRules: [{FB897B09-C4FE-4B3D-B1D3-28E42A4F9A67}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2013\x64\FarmingSimulator2013Game.exe
FirewallRules: [{DE01D244-A0C5-4630-B108-AF4009A1F44F}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2013\x64\FarmingSimulator2013Game.exe
FirewallRules: [{17B97239-572A-4EC0-A7F3-49F79B31363D}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2013\x86\FarmingSimulator2013Game.exe
FirewallRules: [{CBB69705-BFD4-4E0F-A3A5-5F907985CC55}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2013\x86\FarmingSimulator2013Game.exe
FirewallRules: [{EF05EA9F-8E06-452B-853A-4AA14B3B5E53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RailWorks\RailWorks.exe
FirewallRules: [{26B89159-AE74-4F55-ABA9-B8D0CFA55188}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RailWorks\RailWorks.exe
FirewallRules: [{7A92C041-6C6F-4F30-86C6-72D678C7A6B3}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{85FD987B-6C14-472A-8FE6-BCF450B148BA}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
FirewallRules: [{2F3F747C-C828-4C00-872E-31A3E1562672}] => (Allow) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
FirewallRules: [{E74D848A-E5C3-482B-B0AE-1B9EF72C3D52}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOShell.exe
FirewallRules: [{4E411263-58F9-4B6A-B5D6-95DD06A24B89}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
FirewallRules: [{E5675716-9640-4A29-9B87-3182C9F1208B}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
FirewallRules: [{9CF5ADEB-6F0C-450E-AA09-E5D902115AF0}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
FirewallRules: [{0C058879-D468-4E4F-B885-D3C8DA0CB444}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{6B79D335-5463-4488-B932-79010725332F}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [TCP Query User{E23C680A-7E6E-4345-A7DF-AE2CCA5F8A78}C:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe] => (Allow) C:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe
FirewallRules: [UDP Query User{41783C70-52D9-407B-A406-5ED81C0F7A2C}C:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe] => (Allow) C:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe
FirewallRules: [{3C1D1001-2193-4164-BD34-968504C36027}] => (Block) C:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe
FirewallRules: [{2F1785C9-99ED-4AB8-8171-4CEEC7373BF5}] => (Block) C:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe
FirewallRules: [{42E1BC16-8673-47DD-8208-D4E96F197149}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
FirewallRules: [{F25FA2A7-2459-40CE-A5F8-5AAF6B6A4E04}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
FirewallRules: [{E472ED3C-4DAF-4D99-8482-E2D660198E27}] => (Allow) C:\Program Files (x86)\Emergency 5\bin\x64r\emergency5.exe
FirewallRules: [{8DBD7642-6752-4FDB-8CB8-41A9E9B84AA8}] => (Allow) C:\Users\bslap2013\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{38DFFBC5-BBBE-4643-AB1B-A987A261EEAE}] => (Allow) C:\Users\bslap2013\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2AEDA4C6-C841-48CB-B4C0-B0DEAED15AC2}] => (Allow) C:\Users\bslap2013\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6B79DFD3-019D-4EA1-9A63-1E7C27C0CC0E}] => (Allow) C:\Users\bslap2013\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{845F0D45-6953-457F-A833-48619C195841}] => (Allow) C:\Program Files (x86)\Origin Games\Ultima 8\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{A2045119-8339-4100-B75E-BCF1B845B070}] => (Allow) C:\Program Files (x86)\Origin Games\Ultima 8\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{829C2715-F963-4D87-9070-D7E4A33D9347}] => (Allow) C:\Program Files (x86)\Alarm für Cobra 11 - Das Syndikat\CrashTime4Hi.exe
FirewallRules: [{46A32028-C296-4732-9508-612642CAD373}] => (Allow) C:\Program Files (x86)\Alarm für Cobra 11 - Das Syndikat\CrashTime4Hi.exe
FirewallRules: [{26F1886E-8483-4CB0-9D47-2C0250B1D0C3}] => (Allow) C:\Program Files (x86)\Alarm für Cobra 11 - Das Syndikat\CrashTime4Low.exe
FirewallRules: [{8F3DA3EB-9070-477D-A4C4-7F06A4DC4755}] => (Allow) C:\Program Files (x86)\Alarm für Cobra 11 - Das Syndikat\CrashTime4Low.exe
FirewallRules: [{6203E1AE-C73B-4CB7-85D5-77189FAED824}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{11FCE892-43C8-450E-BF28-A81BB8BD6BA6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{69A8C051-95DF-4008-BF0C-A74D086FDFA0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A3A5B3F7-D323-4C3C-9C68-8F40FF31B16C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B88697BD-945E-4183-9723-91B92D0648A9}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{DAB299D9-EBA3-48AC-9CAE-41E5EA6C90CC}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{EA45B15C-AAAB-489D-9D1D-AE109A70E1B3}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 13\Game\fifa13.exe
FirewallRules: [{B99407D4-3313-4D7F-945A-BE6F195F0A11}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 13\Game\fifa13.exe
FirewallRules: [{A04AD31A-ED11-42A8-9910-5C0538E858DC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: NetGroup Packet Filter Driver
Description: NetGroup Packet Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: npf
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/19/2015 02:56:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: VCAgent.exe, Version: 8.4.2.12030, Zeitstempel: 0x5476d099
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18869, Zeitstempel: 0x556366fd
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000000b3dd
ID des fehlerhaften Prozesses: 0x23bc
Startzeit der fehlerhaften Anwendung: 0xVCAgent.exe0
Pfad der fehlerhaften Anwendung: VCAgent.exe1
Pfad des fehlerhaften Moduls: VCAgent.exe2
Berichtskennung: VCAgent.exe3

Error: (06/19/2015 02:56:52 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: VCAgent.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.InvalidOperationException
Stapel:
  bei System.Linq.Enumerable.First[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Collections.Generic.IEnumerable`1<System.__Canon>)
  bei Solution.InferenceEngineCore.Reasoners.BaseReasoner.GetScheduleFromUserContext()
  bei Solution.InferenceEngineCore.InferenceEngine.InferenceEngine.GetPersistedSchedule()
  bei Solution.InferenceEngineBL.ModuleInit.ProvideQueryResponse(VAIOCareToolkit.PubSub.CrossPluginCommandXME)
  bei VAIOCareToolkit.App.CrossModuleCommunication`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Ask(System.__Canon, System.Action`1<VAIOCareToolkit.App.CrossModuleCallbackData[]>)
  bei Solution.SchedulerBL.ActionManager.ScheduleBuilder.Initialize(Solution.ServiceCore.Contracts.ISchedule)
  bei Solution.SchedulerBL.ActionManager.ActionManager.Initialize()
  bei Solution.SchedulerBL.ModuleInit.OnCrossPluginCommand(VAIOCareToolkit.PubSub.CrossPluginCommandXME)
  bei VAIOCareToolkit.App.CrossModuleCommunication`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Publish(System.__Canon)
  bei Solution.InferenceEngineBL.ModuleInit.InitializeWatchers()
  bei Solution.InferenceEngineBL.ModuleInit.InitializePostLoadPlugins(VAIOCareToolkit.PubSub.PluginLoadXME)
  bei VAIOCareToolkit.App.CrossModuleCommunication`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Publish(System.__Canon)
  bei VAIOCareToolkit.App.BaseBootstrapper.PluginInitialization(System.ComponentModel.Composition.Hosting.AggregateCatalog)
  bei VAIOCareToolkit.App.BaseBootstrapper.InitializePluginsInThread(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
  bei System.Threading.ThreadHelper.ThreadStart(System.Object)

Error: (06/19/2015 02:50:15 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: Fehler beim Laden des Protokollhandlers Mapi15. Fehlerbeschreibung: Die angegebene Prozedur wurde nicht gefunden.  (HRESULT : 0x8007007f).

Error: (06/19/2015 02:46:25 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/19/2015 02:46:25 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/19/2015 02:46:25 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/19/2015 02:46:25 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (06/19/2015 02:46:19 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/19/2015 02:46:18 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (06/19/2015 02:46:18 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (06/19/2015 02:51:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Upnp Server 10 erreicht.

Error: (06/19/2015 02:51:06 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "LENOVO-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4256F205-405D-4038-BF9B-05F4813BE9E7}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (06/19/2015 02:46:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/19/2015 02:46:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/19/2015 02:46:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/19/2015 02:46:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/19/2015 02:46:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/19/2015 02:46:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/19/2015 02:46:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (06/19/2015 02:46:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2


Microsoft Office:
=========================
Error: (06/19/2015 02:56:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: VCAgent.exe8.4.2.120305476d099KERNELBASE.dll6.1.7601.18869556366fde0434352000000000000b3dd23bc01d0aa8f66263389C:\Program Files\Sony\VAIO Care\VCAgent.exeC:\Windows\system32\KERNELBASE.dlla7ec5d50-1682-11e5-8d28-f0bf97ea246d

Error: (06/19/2015 02:56:52 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: VCAgent.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.InvalidOperationException
Stapel:
  bei System.Linq.Enumerable.First[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Collections.Generic.IEnumerable`1<System.__Canon>)
  bei Solution.InferenceEngineCore.Reasoners.BaseReasoner.GetScheduleFromUserContext()
  bei Solution.InferenceEngineCore.InferenceEngine.InferenceEngine.GetPersistedSchedule()
  bei Solution.InferenceEngineBL.ModuleInit.ProvideQueryResponse(VAIOCareToolkit.PubSub.CrossPluginCommandXME)
  bei VAIOCareToolkit.App.CrossModuleCommunication`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Ask(System.__Canon, System.Action`1<VAIOCareToolkit.App.CrossModuleCallbackData[]>)
  bei Solution.SchedulerBL.ActionManager.ScheduleBuilder.Initialize(Solution.ServiceCore.Contracts.ISchedule)
  bei Solution.SchedulerBL.ActionManager.ActionManager.Initialize()
  bei Solution.SchedulerBL.ModuleInit.OnCrossPluginCommand(VAIOCareToolkit.PubSub.CrossPluginCommandXME)
  bei VAIOCareToolkit.App.CrossModuleCommunication`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Publish(System.__Canon)
  bei Solution.InferenceEngineBL.ModuleInit.InitializeWatchers()
  bei Solution.InferenceEngineBL.ModuleInit.InitializePostLoadPlugins(VAIOCareToolkit.PubSub.PluginLoadXME)
  bei VAIOCareToolkit.App.CrossModuleCommunication`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Publish(System.__Canon)
  bei VAIOCareToolkit.App.BaseBootstrapper.PluginInitialization(System.ComponentModel.Composition.Hosting.AggregateCatalog)
  bei VAIOCareToolkit.App.BaseBootstrapper.InitializePluginsInThread(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
  bei System.Threading.ThreadHelper.ThreadStart(System.Object)

Error: (06/19/2015 02:50:15 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: Mapi15Die angegebene Prozedur wurde nicht gefunden.  (HRESULT : 0x8007007f)

Error: (06/19/2015 02:46:25 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/19/2015 02:46:25 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/19/2015 02:46:25 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/19/2015 02:46:25 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (06/19/2015 02:46:19 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (06/19/2015 02:46:18 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
        Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (06/19/2015 02:46:18 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 40%
Total physical RAM: 8173.23 MB
Available physical RAM: 4878.98 MB
Total Pagefile: 16344.68 MB
Available Pagefile: 12159.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Lokaler Datenträger) (Fixed) (Total:678.32 GB) (Free:255.04 GB) NTFS
Drive d: (Vdx2015) (CDROM) (Total:5.36 GB) (Free:0 GB) CDFS
Drive f: () (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 0715A171)
Partition 1: (Not Active) - (Size=20.2 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=678.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End of log ============================
--- --- ---

Hier nun die GMER 1. Teil

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-06-19 23:00:22
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE4O 698,64GB
Running: Gmer-19357.exe; Driver: C:\Users\CHBERG~1\AppData\Local\Temp\axtcipoc.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                        0000000075481401 2 bytes JMP 7539b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                          0000000075481419 2 bytes JMP 7539b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                        0000000075481431 2 bytes JMP 75418f29 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                        000000007548144a 2 bytes CALL 7537489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                      * 9
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                            00000000754814dd 2 bytes JMP 75418822 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                    00000000754814f5 2 bytes JMP 754189f8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                            000000007548150d 2 bytes JMP 75418718 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                    0000000075481525 2 bytes JMP 75418ae2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                          000000007548153d 2 bytes JMP 7538fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                0000000075481555 2 bytes JMP 753968ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                        000000007548156d 2 bytes JMP 75418fe3 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                          0000000075481585 2 bytes JMP 75418b42 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                              000000007548159d 2 bytes JMP 754186dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                          00000000754815b5 2 bytes JMP 7538fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                        00000000754815cd 2 bytes JMP 7539b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                    00000000754816b2 2 bytes JMP 75418ea4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3532] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                    00000000754816bd 2 bytes JMP 75418671 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                    0000000075481401 2 bytes JMP 7539b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4008] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                      0000000075481419 2 bytes JMP 7539b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                    0000000075481431 2 bytes JMP 75418f29 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                    000000007548144a 2 bytes CALL 7537489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                      * 9
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4008] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                      00000000754814dd 2 bytes JMP 75418822 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                00000000754814f5 2 bytes JMP 754189f8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                      000000007548150d 2 bytes JMP 75418718 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                0000000075481525 2 bytes JMP 75418ae2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                      000000007548153d 2 bytes JMP 7538fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4008] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                          0000000075481555 2 bytes JMP 753968ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                    000000007548156d 2 bytes JMP 75418fe3 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                      0000000075481585 2 bytes JMP 75418b42 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                        000000007548159d 2 bytes JMP 754186dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                      00000000754815b5 2 bytes JMP 7538fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                    00000000754815cd 2 bytes JMP 7539b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                00000000754816b2 2 bytes JMP 75418ea4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                00000000754816bd 2 bytes JMP 75418671 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                        0000000075481401 2 bytes JMP 7539b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[1924] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                          0000000075481419 2 bytes JMP 7539b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                        0000000075481431 2 bytes JMP 75418f29 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                        000000007548144a 2 bytes CALL 7537489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                      * 9
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[1924] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                          00000000754814dd 2 bytes JMP 75418822 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                    00000000754814f5 2 bytes JMP 754189f8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[1924] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                          000000007548150d 2 bytes JMP 75418718 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                    0000000075481525 2 bytes JMP 75418ae2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                          000000007548153d 2 bytes JMP 7538fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[1924] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                              0000000075481555 2 bytes JMP 753968ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                        000000007548156d 2 bytes JMP 75418fe3 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                          0000000075481585 2 bytes JMP 75418b42 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[1924] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                            000000007548159d 2 bytes JMP 754186dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                          00000000754815b5 2 bytes JMP 7538fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                        00000000754815cd 2 bytes JMP 7539b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                    00000000754816b2 2 bytes JMP 75418ea4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[1924] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                    00000000754816bd 2 bytes JMP 75418671 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                      0000000075481401 2 bytes JMP 7539b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[4108] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                        0000000075481419 2 bytes JMP 7539b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                      0000000075481431 2 bytes JMP 75418f29 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                      000000007548144a 2 bytes CALL 7537489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                      * 9
.text  C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[4108] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                        00000000754814dd 2 bytes JMP 75418822 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                  00000000754814f5 2 bytes JMP 754189f8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[4108] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                        000000007548150d 2 bytes JMP 75418718 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                  0000000075481525 2 bytes JMP 75418ae2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                        000000007548153d 2 bytes JMP 7538fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[4108] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                            0000000075481555 2 bytes JMP 753968ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                      000000007548156d 2 bytes JMP 75418fe3 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                        0000000075481585 2 bytes JMP 75418b42 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[4108] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                          000000007548159d 2 bytes JMP 754186dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                        00000000754815b5 2 bytes JMP 7538fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                      00000000754815cd 2 bytes JMP 7539b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                  00000000754816b2 2 bytes JMP 75418ea4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                  00000000754816bd 2 bytes JMP 75418671 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                              0000000075481401 2 bytes JMP 7539b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[4136] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                0000000075481419 2 bytes JMP 7539b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                              0000000075481431 2 bytes JMP 75418f29 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                              000000007548144a 2 bytes CALL 7537489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                      * 9
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[4136] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                  00000000754814dd 2 bytes JMP 75418822 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                          00000000754814f5 2 bytes JMP 754189f8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[4136] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                  000000007548150d 2 bytes JMP 75418718 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                          0000000075481525 2 bytes JMP 75418ae2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                000000007548153d 2 bytes JMP 7538fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[4136] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                      0000000075481555 2 bytes JMP 753968ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                              000000007548156d 2 bytes JMP 75418fe3 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                0000000075481585 2 bytes JMP 75418b42 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[4136] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                    000000007548159d 2 bytes JMP 754186dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                00000000754815b5 2 bytes JMP 7538fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                              00000000754815cd 2 bytes JMP 7539b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                          00000000754816b2 2 bytes JMP 75418ea4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                          00000000754816bd 2 bytes JMP 75418671 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                    0000000076d313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                    0000000076d31544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                            0000000076d318ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                          0000000076d31ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                              0000000076d31d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                  0000000076d31e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                0000000076d31f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                                    0000000076d32238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531                                        0000000076d32683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                0000000076d326a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                              0000000076d326c2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                              0000000076d3271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                              0000000076d32788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 4
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                      0000000076d32b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                                      0000000076d32b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                  0000000076d3306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                                  0000000076d331f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                0000000076d3388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                0000000076d338e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                    0000000076d339b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                              0000000076d33f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                            0000000076d34001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                            0000000076d34075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 3
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                                0000000076d341b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                                0000000076d341f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609                                                          0000000076d34461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                              0000000076d3464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                              0000000076d34713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                          0000000076d34807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                          0000000076d34926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                          0000000076d34a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                            0000000076d34aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                          0000000076d34ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                                    0000000076d34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                              0000000076d34fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483                                                0000000076d35193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                                0000000076d35f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198                                                0000000076d36016 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                                    0000000076d3610e 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                                    0000000076d362fc 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                                      0000000076d3633d 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                          0000000076d36354 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                                        0000000076d363ac 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                                  0000000076d36b76 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                        0000000076d7dc80 8 bytes {JMP QWORD [RIP-0x47949]}
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                      0000000076d7de00 8 bytes {JMP QWORD [RIP-0x47ab2]}
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                            0000000076d7de30 8 bytes {JMP QWORD [RIP-0x47e20]}
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                          0000000076d7df50 8 bytes {JMP QWORD [RIP-0x47c5a]}
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                              0000000076d7e000 8 bytes {JMP QWORD [RIP-0x47ef8]}
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                              0000000076d7e630 8 bytes {JMP QWORD [RIP-0x47102]}
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                            0000000076d7e880 8 bytes {JMP QWORD [RIP-0x47d10]}
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                            0000000076d7f0e0 8 bytes {JMP QWORD [RIP-0x48d3a]}
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                          00000000747b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                          00000000747b146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                      00000000747b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                    00000000747b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                    00000000747b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                              00000000747b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExW + 17                                                    0000000075481401 2 bytes JMP 7539b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\syswow64\PsApi.dll!EnumProcessModules + 17                                                      0000000075481419 2 bytes JMP 7539b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 17                                                    0000000075481431 2 bytes JMP 75418f29 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 42

mobspot 20.06.2015 09:23
GMER 2. TEil:

Code:
text  ...                                                                                                                                                                      * 9
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\syswow64\PsApi.dll!EnumDeviceDrivers + 17                                                        00000000754814dd 2 bytes JMP 75418822 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameA + 17                                                00000000754814f5 2 bytes JMP 754189f8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\syswow64\PsApi.dll!QueryWorkingSetEx + 17                                                        000000007548150d 2 bytes JMP 75418718 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameW + 17                                                0000000075481525 2 bytes JMP 75418ae2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameW + 17                                                      000000007548153d 2 bytes JMP 7538fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\syswow64\PsApi.dll!EnumProcesses + 17                                                            0000000075481555 2 bytes JMP 753968ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\syswow64\PsApi.dll!GetProcessMemoryInfo + 17                                                    000000007548156d 2 bytes JMP 75418fe3 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\syswow64\PsApi.dll!GetPerformanceInfo + 17                                                      0000000075481585 2 bytes JMP 75418b42 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\syswow64\PsApi.dll!QueryWorkingSet + 17                                                          000000007548159d 2 bytes JMP 754186dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameA + 17                                                      00000000754815b5 2 bytes JMP 7538fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExA + 17                                                    00000000754815cd 2 bytes JMP 7539b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 20                                                00000000754816b2 2 bytes JMP 75418ea4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5748] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 31                                                00000000754816bd 2 bytes JMP 75418671 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                          0000000076d313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                          0000000076d31544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                  0000000076d318ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                0000000076d31ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                    0000000076d31d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                        0000000076d31e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                      0000000076d31f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                          0000000076d32238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531                              0000000076d32683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                      0000000076d326a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                    0000000076d326c2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                    0000000076d3271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                    0000000076d32788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 4
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                            0000000076d32b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                            0000000076d32b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                        0000000076d3306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                        0000000076d331f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                      0000000076d3388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                      0000000076d338e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                          0000000076d339b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                    0000000076d33f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                  0000000076d34001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                  0000000076d34075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 3
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                      0000000076d341b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                      0000000076d341f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609                                                0000000076d34461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                    0000000076d3464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                    0000000076d34713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                0000000076d34807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                0000000076d34926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                0000000076d34a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                  0000000076d34aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                0000000076d34ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                          0000000076d34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                    0000000076d34fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483                                      0000000076d35193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                      0000000076d35f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198                                      0000000076d36016 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                          0000000076d3610e 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                          0000000076d362fc 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                            0000000076d3633d 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                0000000076d36354 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                              0000000076d363ac 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                        0000000076d36b76 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                              0000000076d7dc80 8 bytes {JMP QWORD [RIP-0x47949]}
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                            0000000076d7de00 8 bytes {JMP QWORD [RIP-0x47ab2]}
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                  0000000076d7de30 8 bytes {JMP QWORD [RIP-0x47e20]}
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                0000000076d7df50 8 bytes {JMP QWORD [RIP-0x47c5a]}
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                    0000000076d7e000 8 bytes {JMP QWORD [RIP-0x47ef8]}
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                    0000000076d7e630 8 bytes {JMP QWORD [RIP-0x47102]}
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                  0000000076d7e880 8 bytes {JMP QWORD [RIP-0x47d10]}
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                  0000000076d7f0e0 8 bytes {JMP QWORD [RIP-0x48d3a]}
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                00000000747b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                00000000747b146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                            00000000747b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                          00000000747b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                          00000000747b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe[7036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                    00000000747b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                          0000000076d313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                          0000000076d31544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                  0000000076d318ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                  0000000076d31ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                    0000000076d31d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                        0000000076d31e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                      0000000076d31f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                                          0000000076d32238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531                                                0000000076d32683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                      0000000076d326a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                    0000000076d326c2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                      0000000076d3271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                                    0000000076d32788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 4
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                            0000000076d32b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                                            0000000076d32b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                        0000000076d3306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                                        0000000076d331f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                        0000000076d3388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                        0000000076d338e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                            0000000076d339b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                    0000000076d33f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                                    0000000076d34001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                                    0000000076d34075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 3
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                                        0000000076d341b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                                        0000000076d341f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609                                                                  0000000076d34461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                                    0000000076d3464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                                    0000000076d34713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                                  0000000076d34807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                                  0000000076d34926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                                0000000076d34a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                                    0000000076d34aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                                0000000076d34ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                                            0000000076d34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                                      0000000076d34fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483                                                        0000000076d35193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                                        0000000076d35f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198                                                        0000000076d36016 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                                          0000000076d3610e 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                                          0000000076d362fc 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                                            0000000076d3633d 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                                0000000076d36354 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                                                0000000076d363ac 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                                          0000000076d36b76 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                              0000000076d7dc80 8 bytes {JMP QWORD [RIP-0x47949]}
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                            0000000076d7de00 8 bytes {JMP QWORD [RIP-0x47ab2]}
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                  0000000076d7de30 8 bytes {JMP QWORD [RIP-0x47e20]}
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                0000000076d7df50 8 bytes {JMP QWORD [RIP-0x47c5a]}
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                    0000000076d7e000 8 bytes {JMP QWORD [RIP-0x47ef8]}
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                    0000000076d7e630 8 bytes {JMP QWORD [RIP-0x47102]}
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                  0000000076d7e880 8 bytes {JMP QWORD [RIP-0x47d10]}
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                  0000000076d7f0e0 8 bytes {JMP QWORD [RIP-0x48d3a]}
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                00000000747b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                00000000747b146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                              00000000747b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                          00000000747b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                          00000000747b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                    00000000747b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                            0000000075481401 2 bytes JMP 7539b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                              0000000075481419 2 bytes JMP 7539b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                            0000000075481431 2 bytes JMP 75418f29 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                            000000007548144a 2 bytes CALL 7537489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                      * 9
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                              00000000754814dd 2 bytes JMP 75418822 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                        00000000754814f5 2 bytes JMP 754189f8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                              000000007548150d 2 bytes JMP 75418718 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                        0000000075481525 2 bytes JMP 75418ae2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                              000000007548153d 2 bytes JMP 7538fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                  0000000075481555 2 bytes JMP 753968ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                            000000007548156d 2 bytes JMP 75418fe3 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                              0000000075481585 2 bytes JMP 75418b42 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                000000007548159d 2 bytes JMP 754186dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                              00000000754815b5 2 bytes JMP 7538fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                            00000000754815cd 2 bytes JMP 7539b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                        00000000754816b2 2 bytes JMP 75418ea4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                        00000000754816bd 2 bytes JMP 75418671 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                              0000000076d313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                              0000000076d31544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                      0000000076d318ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                      0000000076d31ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                        0000000076d31d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                            0000000076d31e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                          0000000076d31f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                                              0000000076d32238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531                                                    0000000076d32683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                          0000000076d326a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                        0000000076d326c2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                          0000000076d3271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                                        0000000076d32788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 4
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                0000000076d32b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                                                0000000076d32b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                            0000000076d3306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                                            0000000076d331f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                            0000000076d3388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                            0000000076d338e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                0000000076d339b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                        0000000076d33f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                                        0000000076d34001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                                        0000000076d34075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 3
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                                            0000000076d341b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                                            0000000076d341f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609                                                                      0000000076d34461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                                        0000000076d3464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                                        0000000076d34713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                                      0000000076d34807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                                      0000000076d34926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                                    0000000076d34a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                                        0000000076d34aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                                    0000000076d34ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                                                0000000076d34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                                          0000000076d34fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483                                                            0000000076d35193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                                            0000000076d35f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198                                                            0000000076d36016 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                                              0000000076d3610e 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                                              0000000076d362fc 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                                                0000000076d3633d 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                                    0000000076d36354 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                                                    0000000076d363ac 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                                              0000000076d36b76 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                  0000000076d7dc80 8 bytes {JMP QWORD [RIP-0x47949]}
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                0000000076d7de00 8 bytes {JMP QWORD [RIP-0x47ab2]}
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                      0000000076d7de30 8 bytes {JMP QWORD [RIP-0x47e20]}
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                    0000000076d7df50 8 bytes {JMP QWORD [RIP-0x47c5a]}
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                        0000000076d7e000 8 bytes {JMP QWORD [RIP-0x47ef8]}
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                        0000000076d7e630 8 bytes {JMP QWORD [RIP-0x47102]}
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                      0000000076d7e880 8 bytes {JMP QWORD [RIP-0x47d10]}
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                      0000000076d7f0e0 8 bytes {JMP QWORD [RIP-0x48d3a]}
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                    00000000747b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                    00000000747b146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                  00000000747b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                              00000000747b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                              00000000747b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[4464] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                        00000000747b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                          0000000076d313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                          0000000076d31544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                  0000000076d318ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                  0000000076d31ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                    0000000076d31d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                        0000000076d31e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                      0000000076d31f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                          0000000076d32238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531                                0000000076d32683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                      0000000076d326a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                    0000000076d326c2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                      0000000076d3271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                    0000000076d32788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 4
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                            0000000076d32b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                            0000000076d32b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                        0000000076d3306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                        0000000076d331f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                        0000000076d3388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                        0000000076d338e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                            0000000076d339b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                    0000000076d33f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                    0000000076d34001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                    0000000076d34075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 3
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                        0000000076d341b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                        0000000076d341f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609                                                  0000000076d34461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                    0000000076d3464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                    0000000076d34713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                  0000000076d34807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                  0000000076d34926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                0000000076d34a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                    0000000076d34aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                0000000076d34ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                            0000000076d34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                      0000000076d34fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483                                        0000000076d35193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                        0000000076d35f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198                                        0000000076d36016 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                          0000000076d3610e 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                          0000000076d362fc 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                            0000000076d3633d 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                0000000076d36354 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                                0000000076d363ac 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                          0000000076d36b76 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                              0000000076d7dc80 8 bytes {JMP QWORD [RIP-0x47949]}
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                            0000000076d7de00 8 bytes {JMP QWORD [RIP-0x47ab2]}
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                  0000000076d7de30 8 bytes {JMP QWORD [RIP-0x47e20]}
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                0000000076d7df50 8 bytes {JMP QWORD [RIP-0x47c5a]}
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                    0000000076d7e000 8 bytes {JMP QWORD [RIP-0x47ef8]}
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                    0000000076d7e630 8 bytes {JMP QWORD [RIP-0x47102]}
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                  0000000076d7e880 8 bytes {JMP QWORD [RIP-0x47d10]}
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                  0000000076d7f0e0 8 bytes {JMP QWORD [RIP-0x48d3a]}
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                00000000747b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                00000000747b146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                              00000000747b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                          00000000747b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                          00000000747b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                    00000000747b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                            0000000075481401 2 bytes JMP 7539b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                              0000000075481419 2 bytes JMP 7539b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                            0000000075481431 2 bytes JMP 75418f29 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                            000000007548144a 2 bytes CALL 7537489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                      * 9
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                              00000000754814dd 2 bytes JMP 75418822 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                        00000000754814f5 2 bytes JMP 754189f8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                              000000007548150d 2 bytes JMP 75418718 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                        0000000075481525 2 bytes JMP 75418ae2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                              000000007548153d 2 bytes JMP 7538fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                  0000000075481555 2 bytes JMP 753968ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                            000000007548156d 2 bytes JMP 75418fe3 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                              0000000075481585 2 bytes JMP 75418b42 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                000000007548159d 2 bytes JMP 754186dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                              00000000754815b5 2 bytes JMP 7538fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                            00000000754815cd 2 bytes JMP 7539b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                        00000000754816b2 2 bytes JMP 75418ea4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[5680] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                        00000000754816bd 2 bytes JMP 75418671 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                        0000000076d313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                        0000000076d31544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                0000000076d318ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                0000000076d31ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                  0000000076d31d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                      0000000076d31e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                    0000000076d31f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                        0000000076d32238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531                              0000000076d32683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                    0000000076d326a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                  0000000076d326c2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                    0000000076d3271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                  0000000076d32788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 4
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                          0000000076d32b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                          0000000076d32b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                      0000000076d3306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                      0000000076d331f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                      0000000076d3388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                      0000000076d338e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                          0000000076d339b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                  0000000076d33f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                  0000000076d34001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                  0000000076d34075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 3
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                      0000000076d341b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                      0000000076d341f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609                                                0000000076d34461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                  0000000076d3464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                  0000000076d34713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                0000000076d34807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                0000000076d34926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                              0000000076d34a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                  0000000076d34aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                              0000000076d34ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                          0000000076d34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                    0000000076d34fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483                                      0000000076d35193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                      0000000076d35f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198                                      0000000076d36016 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                        0000000076d3610e 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                        0000000076d362fc 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                          0000000076d3633d 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                              0000000076d36354 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                              0000000076d363ac 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                        0000000076d36b76 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                            0000000076d7dc80 8 bytes {JMP QWORD [RIP-0x47949]}
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                          0000000076d7de00 8 bytes {JMP QWORD [RIP-0x47ab2]}
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                0000000076d7de30 8 bytes {JMP QWORD [RIP-0x47e20]}
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                              0000000076d7df50 8 bytes {JMP QWORD [RIP-0x47c5a]}
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                  0000000076d7e000 8 bytes {JMP QWORD [RIP-0x47ef8]}
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                  0000000076d7e630 8 bytes {JMP QWORD [RIP-0x47102]}
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                0000000076d7e880 8 bytes {JMP QWORD [RIP-0x47d10]}
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                0000000076d7f0e0 8 bytes {JMP QWORD [RIP-0x48d3a]}
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                              00000000747b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                              00000000747b146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                            00000000747b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                        00000000747b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                        00000000747b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe[7464] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                  00000000747b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                        0000000076d313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                        0000000076d31544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                0000000076d318ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                              0000000076d31ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                  0000000076d31d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                      0000000076d31e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                    0000000076d31f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                        0000000076d32238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531            0000000076d32683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                    0000000076d326a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                  0000000076d326c2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79  0000000076d3271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184  0000000076d32788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...

mobspot 20.06.2015 09:25
GMER 3. Teil:

Code:
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299          0000000076d32b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375          0000000076d32b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                      0000000076d3306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                      0000000076d331f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                    0000000076d3388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                    0000000076d338e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197        0000000076d339b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                  0000000076d33f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                0000000076d34001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                0000000076d34075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 3
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                    0000000076d341b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                    0000000076d341f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609                              0000000076d34461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                  0000000076d3464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                  0000000076d34713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                              0000000076d34807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                              0000000076d34926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256              0000000076d34a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                0000000076d34aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501              0000000076d34ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                        0000000076d34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                  0000000076d34fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483                    0000000076d35193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                    0000000076d35f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198                    0000000076d36016 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                        0000000076d3610e 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                        0000000076d362fc 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45          0000000076d3633d 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4              0000000076d36354 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92            0000000076d363ac 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                      0000000076d36b76 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                            0000000076d7dc80 8 bytes {JMP QWORD [RIP-0x47949]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                          0000000076d7de00 8 bytes {JMP QWORD [RIP-0x47ab2]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                0000000076d7de30 8 bytes {JMP QWORD [RIP-0x47e20]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                              0000000076d7df50 8 bytes {JMP QWORD [RIP-0x47c5a]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                  0000000076d7e000 8 bytes {JMP QWORD [RIP-0x47ef8]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                  0000000076d7e630 8 bytes {JMP QWORD [RIP-0x47102]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                0000000076d7e880 8 bytes {JMP QWORD [RIP-0x47d10]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                0000000076d7f0e0 8 bytes {JMP QWORD [RIP-0x48d3a]}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312              00000000747b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471              00000000747b146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                          00000000747b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                        00000000747b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                        00000000747b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[8480] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                  00000000747b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                        0000000076d313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                        0000000076d31544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                0000000076d318ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                              0000000076d31ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                  0000000076d31d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                      0000000076d31e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                    0000000076d31f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                        0000000076d32238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531                            0000000076d32683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                    0000000076d326a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                  0000000076d326c2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                  0000000076d3271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                  0000000076d32788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 4
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                          0000000076d32b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                          0000000076d32b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                      0000000076d3306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                      0000000076d331f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                    0000000076d3388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                    0000000076d338e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                        0000000076d339b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                  0000000076d33f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                0000000076d34001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                0000000076d34075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 3
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                    0000000076d341b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                    0000000076d341f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609                                              0000000076d34461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                  0000000076d3464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                  0000000076d34713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                              0000000076d34807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                              0000000076d34926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                              0000000076d34a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                0000000076d34aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                              0000000076d34ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                        0000000076d34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                  0000000076d34fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483                                    0000000076d35193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                    0000000076d35f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198                                    0000000076d36016 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                        0000000076d3610e 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                        0000000076d362fc 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                          0000000076d3633d 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                              0000000076d36354 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                            0000000076d363ac 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                      0000000076d36b76 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                            0000000076d7dc80 8 bytes {JMP QWORD [RIP-0x47949]}
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                          0000000076d7de00 8 bytes {JMP QWORD [RIP-0x47ab2]}
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                0000000076d7de30 8 bytes {JMP QWORD [RIP-0x47e20]}
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                              0000000076d7df50 8 bytes {JMP QWORD [RIP-0x47c5a]}
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                  0000000076d7e000 8 bytes {JMP QWORD [RIP-0x47ef8]}
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                  0000000076d7e630 8 bytes {JMP QWORD [RIP-0x47102]}
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                0000000076d7e880 8 bytes {JMP QWORD [RIP-0x47d10]}
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                0000000076d7f0e0 8 bytes {JMP QWORD [RIP-0x48d3a]}
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                              00000000747b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                              00000000747b146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                          00000000747b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                        00000000747b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                        00000000747b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe[8748] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                  00000000747b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                            0000000076d313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                            0000000076d31544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                    0000000076d318ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                    0000000076d31ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                      0000000076d31d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                          0000000076d31e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                        0000000076d31f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                            0000000076d32238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531                  0000000076d32683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                        0000000076d326a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                      0000000076d326c2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79        0000000076d3271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184      0000000076d32788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 4
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299              0000000076d32b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375              0000000076d32b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                          0000000076d3306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                          0000000076d331f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                          0000000076d3388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                          0000000076d338e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197              0000000076d339b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                      0000000076d33f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                      0000000076d34001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                      0000000076d34075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 3
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                          0000000076d341b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                          0000000076d341f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609                                    0000000076d34461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                      0000000076d3464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                      0000000076d34713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                    0000000076d34807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                    0000000076d34926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                  0000000076d34a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                      0000000076d34aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                  0000000076d34ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                              0000000076d34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                        0000000076d34fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483                          0000000076d35193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                          0000000076d35f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198                          0000000076d36016 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                            0000000076d3610e 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                            0000000076d362fc 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45              0000000076d3633d 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                  0000000076d36354 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                  0000000076d363ac 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                            0000000076d36b76 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                0000000076d7dc80 8 bytes {JMP QWORD [RIP-0x47949]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                              0000000076d7de00 8 bytes {JMP QWORD [RIP-0x47ab2]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                    0000000076d7de30 8 bytes {JMP QWORD [RIP-0x47e20]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                  0000000076d7df50 8 bytes {JMP QWORD [RIP-0x47c5a]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                      0000000076d7e000 8 bytes {JMP QWORD [RIP-0x47ef8]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                      0000000076d7e630 8 bytes {JMP QWORD [RIP-0x47102]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                    0000000076d7e880 8 bytes {JMP QWORD [RIP-0x47d10]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                    0000000076d7f0e0 8 bytes {JMP QWORD [RIP-0x48d3a]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                  00000000747b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                  00000000747b146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                00000000747b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                            00000000747b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                            00000000747b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[8804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                      00000000747b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                              0000000076d313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                              0000000076d31544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                      0000000076d318ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                      0000000076d31ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                        0000000076d31d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                            0000000076d31e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                          0000000076d31f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                                              0000000076d32238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531                                                    0000000076d32683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                          0000000076d326a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                        0000000076d326c2 8 bytes {JMP 0x10}
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                          0000000076d3271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184

mobspot 20.06.2015 09:26
Und GMER 4. und damit letzter Teil:

Code:
.text  ...                                                                                                                                                                      * 4
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                0000000076d32b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                                                0000000076d32b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                            0000000076d3306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                                            0000000076d331f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                            0000000076d3388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                            0000000076d338e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                0000000076d339b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                        0000000076d33f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                                        0000000076d34001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                                        0000000076d34075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 3
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                                            0000000076d341b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                                            0000000076d341f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609                                                                      0000000076d34461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                                        0000000076d3464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                                        0000000076d34713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                                      0000000076d34807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                                      0000000076d34926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                                    0000000076d34a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                                        0000000076d34aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                                    0000000076d34ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                                                0000000076d34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                                          0000000076d34fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483                                                            0000000076d35193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                                            0000000076d35f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198                                                            0000000076d36016 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                                              0000000076d3610e 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                                              0000000076d362fc 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                                                0000000076d3633d 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                                    0000000076d36354 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                                                    0000000076d363ac 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                                              0000000076d36b76 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                  0000000076d7dc80 8 bytes {JMP QWORD [RIP-0x47949]}
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                0000000076d7de00 8 bytes {JMP QWORD [RIP-0x47ab2]}
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                      0000000076d7de30 8 bytes {JMP QWORD [RIP-0x47e20]}
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                    0000000076d7df50 8 bytes {JMP QWORD [RIP-0x47c5a]}
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                        0000000076d7e000 8 bytes {JMP QWORD [RIP-0x47ef8]}
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                        0000000076d7e630 8 bytes {JMP QWORD [RIP-0x47102]}
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                      0000000076d7e880 8 bytes {JMP QWORD [RIP-0x47d10]}
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                      0000000076d7f0e0 8 bytes {JMP QWORD [RIP-0x48d3a]}
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                    00000000747b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                    00000000747b146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                  00000000747b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                              00000000747b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                              00000000747b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\listener.exe[1884] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                        00000000747b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                    0000000076d313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                    0000000076d31544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                            0000000076d318ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                          0000000076d31ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                              0000000076d31d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                  0000000076d31e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                0000000076d31f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                    0000000076d32238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531                        0000000076d32683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                0000000076d326a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                              0000000076d326c2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79              0000000076d3271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184              0000000076d32788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 4
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                      0000000076d32b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                      0000000076d32b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                  0000000076d3306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                  0000000076d331f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                0000000076d3388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                0000000076d338e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                    0000000076d339b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                              0000000076d33f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                            0000000076d34001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                            0000000076d34075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 3
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                0000000076d341b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                0000000076d341f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609                                          0000000076d34461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                              0000000076d3464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                              0000000076d34713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                          0000000076d34807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                          0000000076d34926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                          0000000076d34a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                            0000000076d34aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                          0000000076d34ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                    0000000076d34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                              0000000076d34fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483                                0000000076d35193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                0000000076d35f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198                                0000000076d36016 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                    0000000076d3610e 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                    0000000076d362fc 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                      0000000076d3633d 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                          0000000076d36354 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                        0000000076d363ac 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                  0000000076d36b76 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                        0000000076d7dc80 8 bytes {JMP QWORD [RIP-0x47949]}
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                      0000000076d7de00 8 bytes {JMP QWORD [RIP-0x47ab2]}
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                            0000000076d7de30 8 bytes {JMP QWORD [RIP-0x47e20]}
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                          0000000076d7df50 8 bytes {JMP QWORD [RIP-0x47c5a]}
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                              0000000076d7e000 8 bytes {JMP QWORD [RIP-0x47ef8]}
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                              0000000076d7e630 8 bytes {JMP QWORD [RIP-0x47102]}
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                            0000000076d7e880 8 bytes {JMP QWORD [RIP-0x47d10]}
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                            0000000076d7f0e0 8 bytes {JMP QWORD [RIP-0x48d3a]}
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                          00000000747b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                          00000000747b146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                      00000000747b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                    00000000747b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                    00000000747b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                              00000000747b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                    0000000075481401 2 bytes JMP 7539b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                      0000000075481419 2 bytes JMP 7539b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                    0000000075481431 2 bytes JMP 75418f29 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                    000000007548144a 2 bytes CALL 7537489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                      * 9
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                        00000000754814dd 2 bytes JMP 75418822 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                00000000754814f5 2 bytes JMP 754189f8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                        000000007548150d 2 bytes JMP 75418718 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                0000000075481525 2 bytes JMP 75418ae2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                      000000007548153d 2 bytes JMP 7538fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                            0000000075481555 2 bytes JMP 753968ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                    000000007548156d 2 bytes JMP 75418fe3 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                      0000000075481585 2 bytes JMP 75418b42 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                          000000007548159d 2 bytes JMP 754186dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                      00000000754815b5 2 bytes JMP 7538fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                    00000000754815cd 2 bytes JMP 7539b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                00000000754816b2 2 bytes JMP 75418ea4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[5636] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                00000000754816bd 2 bytes JMP 75418671 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                            0000000076d313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                            0000000076d31544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                    0000000076d318ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                    0000000076d31ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                      0000000076d31d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                          0000000076d31e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                        0000000076d31f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                            0000000076d32238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531                  0000000076d32683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                        0000000076d326a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                      0000000076d326c2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79        0000000076d3271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184      0000000076d32788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 4
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299              0000000076d32b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375              0000000076d32b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                          0000000076d3306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                          0000000076d331f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                          0000000076d3388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                          0000000076d338e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197              0000000076d339b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                      0000000076d33f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                      0000000076d34001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                      0000000076d34075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 3
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                          0000000076d341b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                          0000000076d341f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609                                    0000000076d34461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                      0000000076d3464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                      0000000076d34713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                    0000000076d34807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                    0000000076d34926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                  0000000076d34a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                      0000000076d34aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                  0000000076d34ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                              0000000076d34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                        0000000076d34fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483                          0000000076d35193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                          0000000076d35f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198                          0000000076d36016 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                            0000000076d3610e 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                            0000000076d362fc 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45              0000000076d3633d 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                  0000000076d36354 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                  0000000076d363ac 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                            0000000076d36b76 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                0000000076d7dc80 8 bytes {JMP QWORD [RIP-0x47949]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                              0000000076d7de00 8 bytes {JMP QWORD [RIP-0x47ab2]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                    0000000076d7de30 8 bytes {JMP QWORD [RIP-0x47e20]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                  0000000076d7df50 8 bytes {JMP QWORD [RIP-0x47c5a]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                      0000000076d7e000 8 bytes {JMP QWORD [RIP-0x47ef8]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                      0000000076d7e630 8 bytes {JMP QWORD [RIP-0x47102]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                    0000000076d7e880 8 bytes {JMP QWORD [RIP-0x47d10]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                    0000000076d7f0e0 8 bytes {JMP QWORD [RIP-0x48d3a]}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                  00000000747b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                  00000000747b146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                00000000747b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                            00000000747b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                            00000000747b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[9204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                      00000000747b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                              0000000076d313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                              0000000076d31544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                      0000000076d318ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                    0000000076d31ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                        0000000076d31d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                            0000000076d31e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                          0000000076d31f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                                              0000000076d32238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531                                                  0000000076d32683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                          0000000076d326a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                        0000000076d326c2 8 bytes {JMP 0x10}
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                        0000000076d3271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                                        0000000076d32788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 4
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                0000000076d32b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                                                0000000076d32b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                            0000000076d3306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                                            0000000076d331f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                          0000000076d3388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                          0000000076d338e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                              0000000076d339b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                        0000000076d33f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                                      0000000076d34001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                                      0000000076d34075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 3
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                                          0000000076d341b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                                          0000000076d341f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609                                                                    0000000076d34461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                                        0000000076d3464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                                        0000000076d34713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                                    0000000076d34807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                                    0000000076d34926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                                    0000000076d34a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                                      0000000076d34aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                                    0000000076d34ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                                              0000000076d34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                                        0000000076d34fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483                                                          0000000076d35193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                                          0000000076d35f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198                                                          0000000076d36016 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                                              0000000076d3610e 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                                              0000000076d362fc 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                                                0000000076d3633d 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                                    0000000076d36354 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                                                  0000000076d363ac 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                                            0000000076d36b76 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                  0000000076d7dc80 8 bytes {JMP QWORD [RIP-0x47949]}
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                0000000076d7de00 8 bytes {JMP QWORD [RIP-0x47ab2]}
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                      0000000076d7de30 8 bytes {JMP QWORD [RIP-0x47e20]}
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                    0000000076d7df50 8 bytes {JMP QWORD [RIP-0x47c5a]}
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                        0000000076d7e000 8 bytes {JMP QWORD [RIP-0x47ef8]}
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                        0000000076d7e630 8 bytes {JMP QWORD [RIP-0x47102]}
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                      0000000076d7e880 8 bytes {JMP QWORD [RIP-0x47d10]}
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                      0000000076d7f0e0 8 bytes {JMP QWORD [RIP-0x48d3a]}
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                    00000000747b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                    00000000747b146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                00000000747b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                              00000000747b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                              00000000747b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCService.exe[6880] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                        00000000747b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                0000000076d313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                0000000076d31544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                        0000000076d318ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                        0000000076d31ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                          0000000076d31d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                              0000000076d31e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                            0000000076d31f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                0000000076d32238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531                      0000000076d32683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                            0000000076d326a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                          0000000076d326c2 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79            0000000076d3271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184          0000000076d32788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 4
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                  0000000076d32b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                  0000000076d32b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                              0000000076d3306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                              0000000076d331f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                              0000000076d3388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                              0000000076d338e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                  0000000076d339b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                          0000000076d33f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                          0000000076d34001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                          0000000076d34075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 3
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                              0000000076d341b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                              0000000076d341f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609                                        0000000076d34461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                          0000000076d3464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                          0000000076d34713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                        0000000076d34807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                        0000000076d34926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                      0000000076d34a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                          0000000076d34aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                      0000000076d34ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                  0000000076d34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                            0000000076d34fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483                              0000000076d35193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                              0000000076d35f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198                              0000000076d36016 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                0000000076d3610e 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                0000000076d362fc 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                  0000000076d3633d 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                      0000000076d36354 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                      0000000076d363ac 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                0000000076d36b76 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                    0000000076d7dc80 8 bytes {JMP QWORD [RIP-0x47949]}
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                  0000000076d7de00 8 bytes {JMP QWORD [RIP-0x47ab2]}
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                        0000000076d7de30 8 bytes {JMP QWORD [RIP-0x47e20]}
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                      0000000076d7df50 8 bytes {JMP QWORD [RIP-0x47c5a]}
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                          0000000076d7e000 8 bytes {JMP QWORD [RIP-0x47ef8]}
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                          0000000076d7e630 8 bytes {JMP QWORD [RIP-0x47102]}
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                        0000000076d7e880 8 bytes {JMP QWORD [RIP-0x47d10]}
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                        0000000076d7f0e0 8 bytes {JMP QWORD [RIP-0x48d3a]}
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                      00000000747b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                      00000000747b146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                    00000000747b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                00000000747b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                00000000747b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[9120] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                          00000000747b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                0000000076d313ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                                                0000000076d31544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                        0000000076d318ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                                        0000000076d31ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                          0000000076d31d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                              0000000076d31e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                                            0000000076d31f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                                                0000000076d32238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 531                                                      0000000076d32683 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                            0000000076d326a0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                          0000000076d326c2 8 bytes {JMP 0x10}
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                            0000000076d3271f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                                          0000000076d32788 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 4
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                  0000000076d32b4b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                                                  0000000076d32b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                              0000000076d3306b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                                              0000000076d331f8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                              0000000076d3388e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                              0000000076d338e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                  0000000076d339b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                          0000000076d33f50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                                          0000000076d34001 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                                          0000000076d34075 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 3
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                                              0000000076d341b6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                                              0000000076d341f4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609                                                                        0000000076d34461 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                                          0000000076d3464c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                                          0000000076d34713 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                                        0000000076d34807 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                                        0000000076d34926 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                                                      * 2
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                                      0000000076d34a50 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                                          0000000076d34aa3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                                      0000000076d34ca5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                                                  0000000076d34ea0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                                            0000000076d34fa7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483                                                              0000000076d35193 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                                              0000000076d35f46 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198                                                              0000000076d36016 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                                                0000000076d3610e 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                                                0000000076d362fc 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                                                  0000000076d3633d 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                                      0000000076d36354 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                                                      0000000076d363ac 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                                                0000000076d36b76 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                    0000000076d7dc80 8 bytes {JMP QWORD [RIP-0x47949]}
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                  0000000076d7de00 8 bytes {JMP QWORD [RIP-0x47ab2]}
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                        0000000076d7de30 8 bytes {JMP QWORD [RIP-0x47e20]}
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                      0000000076d7df50 8 bytes {JMP QWORD [RIP-0x47c5a]}
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                          0000000076d7e000 8 bytes {JMP QWORD [RIP-0x47ef8]}
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                          0000000076d7e630 8 bytes {JMP QWORD [RIP-0x47102]}
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                        0000000076d7e880 8 bytes {JMP QWORD [RIP-0x47d10]}
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                        0000000076d7f0e0 8 bytes {JMP QWORD [RIP-0x48d3a]}
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                      00000000747b13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                      00000000747b146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                    00000000747b16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                00000000747b19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                00000000747b19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\chberghoff\Desktop\Gmer-19357.exe[9684] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                          00000000747b1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\642737adbe4e                                                                                             
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\642737adbe4e (not active ControlSet)                                                                         

---- EOF - GMER 2.1 ----

mobspot 20.06.2015 09:27
So zu guter letzt fehlt noch die FRST:

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by chberghoff (administrator) on BERGHOFF-VAIO on 19-06-2015 22:03:12
Running from C:\Users\chberghoff\Desktop
Loaded Profiles: chberghoff (Available Profiles: BERGHOFF & bslap2013 & chberghoff & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_18_0_0_160_ActiveX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2171270164-1414087093-4126627718-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-2171270164-1414087093-4126627718-1005\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2171270164-1414087093-4126627718-1005\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\bslap2013\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-05-04]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\bslap2013\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-24]
ShortcutTarget: Dropbox.lnk -> C:\Users\chberghoff\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:54776;https=127.0.0.1:54776
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2171270164-1414087093-4126627718-1005\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2171270164-1414087093-4126627718-1005\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://sony.msn.com
HKU\S-1-5-21-2171270164-1414087093-4126627718-1005\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2171270164-1414087093-4126627718-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2171270164-1414087093-4126627718-1005 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-26] (Kaspersky Lab ZAO)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-26] (Kaspersky Lab ZAO)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-26] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-26] (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll [2012-07-19] (Zeon Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-01-06] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-06-15] (Atheros Commnucations)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-26] (Kaspersky Lab ZAO)
BHO-x32: ZeonIEEventHelper Class -> {C7DA0384-42AA-428c-B832-88AC343DE1A8} -> C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2013-03-07] (Zeon Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-06] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-26] (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2013-03-07] (Zeon Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ [2010-01-09] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2014-12-26] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-06] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-26] ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2014-12-26] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-26] ()
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ [2015-01-23] ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-12-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-12-13] (NVIDIA Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2010-12-10] (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 8\bin\nppdf.dll [2012-07-31] (Zeon Corporation)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-26]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-26]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2014-12-26]

Chrome:
=======
CHR Profile: C:\Users\chberghoff\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\chberghoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-19]
CHR Extension: (Google Docs) - C:\Users\chberghoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-19]
CHR Extension: (Google Drive) - C:\Users\chberghoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-19]
CHR Extension: (YouTube) - C:\Users\chberghoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-19]
CHR Extension: (Google Search) - C:\Users\chberghoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-19]
CHR Extension: (Kaspersky Protection) - C:\Users\chberghoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-01-28]
CHR Extension: (Google Sheets) - C:\Users\chberghoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\chberghoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-23]
CHR Extension: (Google Wallet) - C:\Users\chberghoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-28]
CHR Extension: (Gmail) - C:\Users\chberghoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-19]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-06-15] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [91296 2011-06-15] (Atheros Commnucations) [File not signed]
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [104096 2011-07-19] (Atheros Communication Inc.) [File not signed]
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3128856 2012-02-28] (devolo AG)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-12-03] (Ellora Assets Corp.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-08] (Electronic Arts)
R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [135056 2012-10-23] (Nuance Communications, Inc.)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [487960 2015-02-05] (Sony Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
S3 PrintNotify; C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [2987520 2014-10-29] (Microsoft Corporation) [File not signed]
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2010-02-24] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2010-02-24] (Sonic Solutions)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 46a69adc; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\IndepthGeneration\IndepthGeneration.dll",serv

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2014-12-26] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [819896 2015-03-18] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2014-12-26] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2012-01-31] (CACE Technologies)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 NWVoltron; C:\Windows\System32\DRIVERS\NWVoltron.sys [28440 2011-05-03] ()
R3 NWWakeFilterV; C:\Windows\System32\DRIVERS\NWWakeFilterV.sys [16152 2011-05-03] (n/a)
R2 risdsnpe; C:\Windows\System32\DRIVERS\risdsnxc64.sys [98816 2011-06-02] (REDC)
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-04-12] ()
S3 NPF; system32\drivers\NPF.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-19 22:03 - 2015-06-19 22:03 - 00030300 _____ C:\Users\chberghoff\Desktop\FRST.txt
2015-06-19 22:02 - 2015-06-19 22:03 - 00000000 ____D C:\FRST
2015-06-19 22:02 - 2015-06-19 22:02 - 02109952 _____ (Farbar) C:\Users\chberghoff\Desktop\FRST64.exe
2015-06-19 22:01 - 2015-06-19 22:01 - 00000482 _____ C:\Users\chberghoff\Desktop\defogger_disable.log
2015-06-19 22:00 - 2015-06-19 22:00 - 00050477 _____ C:\Users\chberghoff\Desktop\Defogger (1).exe
2015-06-19 21:58 - 2015-06-19 21:58 - 00050477 _____ C:\Users\chberghoff\Downloads\Defogger.exe
2015-06-19 21:58 - 2015-06-19 21:58 - 00000482 _____ C:\Users\chberghoff\Downloads\defogger_disable.log
2015-06-19 21:58 - 2015-06-19 21:58 - 00000000 _____ C:\Users\chberghoff\defogger_reenable
2015-06-19 14:43 - 2015-06-19 14:45 - 00000168 _____ C:\Windows\setupact.log
2015-06-19 14:43 - 2015-06-19 14:43 - 00000000 _____ C:\Windows\setuperr.log
2015-06-19 14:42 - 2015-06-19 14:43 - 00497544 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-19 14:42 - 2015-06-19 14:42 - 00000320 _____ C:\Windows\PFRO.log
2015-06-19 14:15 - 2015-06-19 14:15 - 00002308 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-19 14:15 - 2015-06-19 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-19 00:28 - 2015-06-19 19:55 - 00005176 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for BERGHOFF-VAIO-chberghoff BERGHOFF-VAIO
2015-06-18 18:29 - 2015-06-18 18:29 - 00000000 ____D C:\Users\chberghoff\AppData\Roaming\ProductData
2015-06-18 18:29 - 2015-06-18 18:29 - 00000000 ____D C:\Users\chberghoff\AppData\Roaming\IObit
2015-06-18 18:29 - 2015-06-18 18:29 - 00000000 ____D C:\ProgramData\IObit
2015-06-18 18:29 - 2015-06-18 18:29 - 00000000 ____D C:\Program Files (x86)\IObit
2015-06-18 18:19 - 2015-06-19 21:18 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-18 18:19 - 2015-06-18 18:19 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-18 18:19 - 2015-06-18 18:19 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-18 18:19 - 2015-06-18 18:19 - 00000000 ____D C:\Windows\system32\Macromed
2015-06-18 16:51 - 2015-06-18 16:51 - 00129768 _____ C:\Users\chberghoff\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-18 16:34 - 2015-06-18 16:34 - 00000000 ____D C:\Users\chberghoff\Documents\My Games
2015-06-18 14:44 - 2015-06-18 17:27 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-06-18 14:44 - 2015-06-18 17:27 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-06-18 14:43 - 2015-06-18 17:27 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-06-17 16:56 - 2015-06-17 16:57 - 00000000 ____D C:\Users\BERGHOFF\AppData\Roaming\MAGIX
2015-06-17 16:56 - 2015-06-17 16:56 - 00000000 ____D C:\Users\BERGHOFF\Documents\Video deluxe 2015
2015-06-17 16:56 - 2015-06-17 16:56 - 00000000 ____D C:\Users\BERGHOFF\Documents\MAGIX
2015-06-17 16:43 - 2015-06-18 13:04 - 00000000 ____D C:\Users\chberghoff\AppData\Roaming\ArcSoft
2015-06-17 16:43 - 2015-06-17 16:43 - 00000000 ____D C:\Users\chberghoff\AppData\Local\ArcSoft
2015-06-17 16:30 - 2015-06-17 16:30 - 00000000 ____D C:\Users\chberghoff\AppData\Roaming\MAGIX
2015-06-17 16:13 - 2015-06-17 16:13 - 00000000 ____D C:\Program Files\MAGIX
2015-06-17 16:02 - 2015-06-18 13:04 - 00000000 ____D C:\Users\chberghoff\Documents\MAGIX
2015-06-17 16:02 - 2015-06-17 16:30 - 00000000 ____D C:\ProgramData\MAGIX
2015-06-17 16:02 - 2015-06-17 16:02 - 00000000 ____D C:\Program Files (x86)\MAGIX
2015-06-14 16:20 - 2015-06-14 16:20 - 00000000 ____D C:\Users\BERGHOFF\AppData\Roaming\HpUpdate
2015-06-14 10:15 - 2015-06-14 10:15 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2015-06-14 10:15 - 2015-06-14 10:15 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2015-06-13 18:09 - 2015-06-13 18:09 - 01831637 _____ C:\Users\BERGHOFF\Downloads\MapBuyableObject.zip
2015-06-13 18:09 - 2015-06-13 18:09 - 00062272 _____ C:\Users\BERGHOFF\Downloads\multiFruit LS15 V3_0 ENTPACKEN PLEASE UNPACK.rar
2015-06-13 18:09 - 2015-06-13 18:09 - 00062272 _____ C:\Users\BERGHOFF\Downloads\multiFruit LS15 V3_0 ENTPACKEN PLEASE UNPACK (1).rar
2015-06-13 18:08 - 2015-06-13 18:08 - 00025598 _____ C:\Users\BERGHOFF\Downloads\AnimationMapTrigger (1).zip
2015-06-13 18:04 - 2015-06-13 18:04 - 28224420 _____ C:\Users\BERGHOFF\Downloads\Ford6x6_ar_truck.zip
2015-06-13 18:02 - 2015-06-13 18:08 - 19702821 _____ C:\Users\BERGHOFF\Downloads\RTW01.zip
2015-06-12 21:08 - 2015-06-12 21:08 - 00000000 ____D C:\Users\BERGHOFF\AppData\Local\TempTaskUpdateDetection5CF17E6F-42CF-4172-A194-5B9AB822F503
2015-06-11 16:16 - 2015-06-11 16:16 - 02314240 _____ C:\Users\BERGHOFF\Downloads\MinecraftInstaller.msi
2015-06-10 09:29 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-10 09:29 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-10 09:29 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-10 09:29 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-10 09:29 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-10 09:29 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 09:29 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-10 09:29 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-10 09:29 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 09:29 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 09:29 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 09:29 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 09:29 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 09:29 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 09:29 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 09:29 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 09:29 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 09:29 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 09:28 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 09:28 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 09:28 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 09:28 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 09:28 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 09:28 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 09:28 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 09:28 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 09:28 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 09:28 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 09:28 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 09:28 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 09:28 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 09:28 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 09:28 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 09:28 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 09:28 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 09:28 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 09:28 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 09:28 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 09:28 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 09:28 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 09:28 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 09:28 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 09:28 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 09:28 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 09:28 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 09:28 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 09:28 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 09:28 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 09:28 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 09:28 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 09:28 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 09:28 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 09:28 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 09:28 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 09:28 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 09:28 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 09:28 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 09:28 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 09:28 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-10 09:27 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 09:27 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 09:27 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 09:27 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 09:27 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 09:27 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 09:27 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 09:27 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 09:27 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 09:27 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 09:27 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 09:27 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 09:27 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 09:27 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 09:27 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 09:27 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 09:27 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 09:27 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 09:27 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 09:27 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 09:27 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 09:27 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 09:27 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 09:27 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 09:27 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 09:27 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 09:27 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 09:27 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 09:27 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 09:27 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 09:27 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 09:27 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 09:27 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 09:27 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 09:27 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 09:27 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 09:27 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 09:27 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 09:27 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 09:27 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 09:27 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 09:27 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 09:27 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 09:27 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 09:27 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 09:27 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 09:27 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 09:27 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 09:27 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 09:27 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 09:27 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 09:27 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 09:27 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 09:27 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 09:27 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 09:27 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 09:27 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 09:27 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 09:27 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 09:27 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-09 15:48 - 2015-06-09 15:48 - 09527501 _____ ( ) C:\Users\BERGHOFF\Downloads\ShipSim2008Addon_WatertaxiSuperPack_Setup.exe
2015-06-09 15:48 - 2015-06-09 15:48 - 06851493 _____ ( ) C:\Users\BERGHOFF\Downloads\ShipSim2008Addon_OceanStarSuperPack_Setup.exe
2015-06-09 15:48 - 2015-06-09 15:48 - 03116062 _____ ( ) C:\Users\BERGHOFF\Downloads\ShipSim2008Addon_JumboJavelinSuperPackII_Setup.exe
2015-06-09 14:35 - 2015-06-09 15:49 - 00000000 ____D C:\Users\BERGHOFF\Documents\ShipSim2008 UserData
2015-06-09 14:35 - 2015-06-09 14:35 - 00001220 _____ C:\Users\Public\Desktop\Schiff-Simulator 2008 Mission Editor.lnk
2015-06-09 14:35 - 2015-06-09 14:35 - 00001210 _____ C:\Users\Public\Desktop\Schiff-Simulator 2008.lnk
2015-06-09 14:35 - 2015-06-09 14:35 - 00000000 ____D C:\Users\BERGHOFF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Schiff-Simulator 2008
2015-06-09 14:35 - 2015-06-09 14:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Schiff-Simulator 2008
2015-06-09 14:30 - 2015-06-09 14:30 - 00000000 ____D C:\Program Files (x86)\Vstep
2015-06-09 14:19 - 2000-08-19 20:29 - 00268048 _____ (MetaCreations Corporation) C:\Windows\SysWOW64\dxtmeta2.dll
2015-06-09 13:30 - 2015-06-09 13:30 - 00000000 ____D C:\Users\BERGHOFF\AppData\Roaming\OpenOffice
2015-06-08 20:33 - 2015-06-12 23:31 - 00000000 ____D C:\Users\BERGHOFF\Documents\FIFA 13
2015-06-08 20:18 - 2015-06-08 20:18 - 00001307 _____ C:\Users\Public\Desktop\FIFA 13.lnk
2015-06-08 19:16 - 2015-06-18 17:27 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2015-05-21 13:33 - 2015-05-21 13:33 - 00000329 _____ C:\Users\chberghoff\Desktop\HP Druckerdiagnosetools.url
2015-05-21 13:29 - 2015-05-21 13:29 - 00002052 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2015-05-21 13:29 - 2015-05-21 13:29 - 00000000 ____D C:\ProgramData\Visan
2015-05-21 13:29 - 2015-05-21 13:29 - 00000000 ____D C:\ProgramData\HP Photo Creations
2015-05-21 13:29 - 2015-05-21 13:29 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2015-05-21 13:15 - 2015-06-07 15:35 - 00000000 ____D C:\Users\chberghoff\AppData\Roaming\HpUpdate
2015-05-21 13:15 - 2015-05-21 13:15 - 00002065 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2015-05-21 13:15 - 2015-05-21 13:15 - 00000000 ____D C:\Windows\Hewlett-Packard
2015-05-21 13:03 - 2015-05-21 13:04 - 07170552 _____ C:\Users\chberghoff\Downloads\HPPSdr (1).exe
2015-05-21 13:02 - 2015-05-21 13:03 - 07170552 _____ C:\Users\chberghoff\Downloads\HPPSdr.exe
2015-05-21 13:01 - 2015-05-21 13:01 - 00000000 ____D C:\Users\chberghoff\AppData\Local\HP
2015-05-20 20:57 - 2015-05-20 20:57 - 04519860 _____ C:\Users\BERGHOFF\Desktop\bell_uh-1d_thr_30.zip
2015-05-20 20:49 - 2015-05-20 20:58 - 04519860 _____ C:\Users\BERGHOFF\Downloads\bell_uh-1d_thr_30 (1).zip
2015-05-20 20:47 - 2015-05-20 20:57 - 04519860 _____ C:\Users\BERGHOFF\Downloads\bell_uh-1d_thr_30.zip
2015-05-20 19:38 - 2015-05-20 19:39 - 07146435 _____ C:\Users\BERGHOFF\Downloads\Bell_UH1D_SAR71.zip
2015-05-20 19:22 - 2015-05-20 19:22 - 11009890 _____ C:\Users\BERGHOFF\Downloads\Bell_UH-1D_SAR-71.zip
2015-05-20 19:19 - 2015-05-20 19:19 - 02437138 _____ C:\Users\BERGHOFF\Downloads\fd4ed55476505b37fe3e520222082cc5-as_hueyx_sar71.zip
2015-05-20 19:15 - 2015-05-20 19:22 - 00000000 ____D C:\Users\BERGHOFF\Desktop\bell_uh-1d_sar_hamburg
2015-05-20 19:15 - 2013-10-30 00:09 - 00000959 _____ C:\Users\BERGHOFF\Desktop\flyawaysimulation.txt
2015-05-20 19:14 - 2015-05-20 19:14 - 04953404 _____ C:\Users\BERGHOFF\Desktop\bell_uh-1d_sar_hamburg.zip
2015-05-20 19:13 - 2015-05-20 19:25 - 05730380 _____ C:\Users\BERGHOFF\Downloads\bell_uh-1d_german_luftrettung.zip
2015-05-20 19:13 - 2015-05-20 19:24 - 04459039 _____ C:\Users\BERGHOFF\Downloads\bell_uh-1d_ltg_61.zip
2015-05-20 19:09 - 2015-05-20 19:14 - 04953404 _____ C:\Users\BERGHOFF\Downloads\bell_uh-1d_sar_hamburg.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-19 21:58 - 2015-01-13 19:52 - 00000000 ____D C:\Users\chberghoff
2015-06-19 21:55 - 2015-05-03 13:16 - 00000000 ____D C:\Users\chberghoff\Documents\Outlook-Dateien
2015-06-19 21:50 - 2014-12-26 17:17 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-06-19 21:31 - 2015-01-28 09:20 - 00000000 ____D C:\Users\chberghoff\AppData\Local\LogMeIn Hamachi
2015-06-19 20:48 - 2015-03-04 00:00 - 00000000 ____D C:\Users\chberghoff\AppData\Local\Battle.net
2015-06-19 17:38 - 2015-05-10 21:56 - 01467749 _____ C:\Windows\WindowsUpdate.log
2015-06-19 14:58 - 2009-07-14 06:45 - 00020992 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-19 14:58 - 2009-07-14 06:45 - 00020992 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-19 14:46 - 2015-01-02 15:42 - 00002810 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-06-19 14:43 - 2014-12-26 00:30 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-19 14:43 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-19 14:35 - 2015-01-17 15:10 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-19 14:35 - 2014-12-26 19:09 - 00000000 ____D C:\Users\BERGHOFF\AppData\Local\LogMeIn Hamachi
2015-06-19 14:35 - 2014-12-26 09:19 - 00000000 ____D C:\Users\BERGHOFF\AppData\Local\CrashDumps
2015-06-19 14:15 - 2014-12-26 09:24 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-19 14:09 - 2014-12-26 02:08 - 00000000 ____D C:\Windows\pss
2015-06-19 14:05 - 2015-01-24 01:27 - 00000000 ___RD C:\Users\BERGHOFF\Dropbox
2015-06-19 14:05 - 2015-01-24 01:23 - 00000000 ____D C:\Users\BERGHOFF\AppData\Roaming\Dropbox
2015-06-19 13:51 - 2014-12-26 18:42 - 00000000 __SHD C:\Users\BERGHOFF\AppData\Local\EmieUserList
2015-06-19 13:51 - 2014-12-26 18:42 - 00000000 __SHD C:\Users\BERGHOFF\AppData\Local\EmieSiteList
2015-06-19 13:51 - 2014-12-26 18:42 - 00000000 __SHD C:\Users\BERGHOFF\AppData\Local\EmieBrowserModeList
2015-06-19 09:26 - 2015-01-14 15:30 - 00000000 ____D C:\Users\chberghoff\AppData\Local\CrashDumps
2015-06-19 09:18 - 2015-02-17 12:16 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-19 00:32 - 2014-12-26 17:51 - 00000000 ____D C:\ProgramData\TEMP
2015-06-18 18:41 - 2014-12-26 00:08 - 00699416 _____ C:\Windows\system32\perfh007.dat
2015-06-18 18:41 - 2014-12-26 00:08 - 00149556 _____ C:\Windows\system32\perfc007.dat
2015-06-18 18:41 - 2011-02-11 01:03 - 01593956 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-06-18 18:41 - 2009-07-14 07:13 - 01593956 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-18 18:29 - 2015-01-26 12:22 - 00000000 ____D C:\Users\chberghoff\AppData\Roaming\Apple Computer
2015-06-18 18:19 - 2015-01-13 19:54 - 00000000 ____D C:\Users\chberghoff\AppData\Local\Adobe
2015-06-18 18:19 - 2014-12-26 00:46 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-18 17:28 - 2015-05-05 08:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-06-18 17:28 - 2015-04-26 15:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2
2015-06-18 17:28 - 2015-04-21 20:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emergency 5
2015-06-18 17:28 - 2015-04-18 16:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bus-Simulator 2012
2015-06-18 17:28 - 2015-04-04 10:14 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-18 17:28 - 2015-04-03 18:37 - 00000000 ____D C:\Program Files (x86)\Quadriga Games
2015-06-18 17:28 - 2015-03-08 16:00 - 00000000 ____D C:\Users\Gast
2015-06-18 17:28 - 2015-03-06 18:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2013
2015-06-18 17:28 - 2015-03-04 00:00 - 00000000 ____D C:\Users\chberghoff\AppData\Roaming\Battle.net
2015-06-18 17:28 - 2015-01-15 18:48 - 00000000 ____D C:\Users\BERGHOFF\AppData\Roaming\Audacity
2015-06-18 17:28 - 2015-01-13 19:54 - 00000000 ____D C:\Users\chberghoff\AppData\Local\Google
2015-06-18 17:28 - 2014-12-27 13:51 - 00000000 ____D C:\Users\bslap2013
2015-06-18 17:28 - 2014-12-26 09:22 - 00000000 ____D C:\Program Files (x86)\Origin Games
2015-06-18 17:28 - 2014-12-26 02:12 - 00000000 ____D C:\Update
2015-06-18 17:28 - 2014-12-26 02:07 - 00000000 ____D C:\Users\BERGHOFF
2015-06-18 17:28 - 2014-12-26 01:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-06-18 17:28 - 2014-12-26 00:30 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-06-18 17:28 - 2014-12-26 00:29 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-06-18 17:28 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-06-18 17:27 - 2015-04-26 15:48 - 00000000 ____D C:\Program Files (x86)\Euro Truck Simulator 2
2015-06-18 17:27 - 2015-04-21 19:37 - 00000000 ____D C:\Program Files (x86)\Emergency 5
2015-06-18 17:27 - 2015-03-06 18:49 - 00000000 ____D C:\Program Files (x86)\Landwirtschafts Simulator 2013
2015-06-18 17:27 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2015-06-18 17:26 - 2015-01-13 19:54 - 00000000 ____D C:\Users\chberghoff\AppData\Local\NVIDIA
2015-06-18 17:26 - 2014-12-26 00:30 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-18 17:26 - 2014-12-26 00:10 - 00000000 ____D C:\ProgramData\Sony Corporation
2015-06-18 17:26 - 2014-12-26 00:10 - 00000000 ____D C:\Program Files\Sony
2015-06-18 13:04 - 2011-05-27 23:57 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-06-18 10:38 - 2015-02-12 18:37 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-18 10:35 - 2015-01-13 19:55 - 00000000 ____D C:\Users\chberghoff\AppData\Local\NVIDIA Corporation
2015-06-14 21:18 - 2015-01-28 09:30 - 00000000 __SHD C:\Users\chberghoff\AppData\Local\EmieUserList
2015-06-14 21:18 - 2015-01-28 09:30 - 00000000 __SHD C:\Users\chberghoff\AppData\Local\EmieSiteList
2015-06-14 21:18 - 2015-01-28 09:30 - 00000000 __SHD C:\Users\chberghoff\AppData\Local\EmieBrowserModeList
2015-06-14 16:27 - 2015-04-18 15:47 - 00000000 ____D C:\Users\BERGHOFF\AppData\Roaming\TeamViewer
2015-06-14 10:15 - 2015-05-05 08:15 - 00002099 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-06-14 10:15 - 2015-05-05 08:15 - 00002097 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-06-14 10:15 - 2015-05-05 08:15 - 00002087 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-06-12 21:47 - 2015-04-18 15:47 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-06-12 20:55 - 2014-12-26 09:17 - 00000000 ____D C:\ProgramData\Origin
2015-06-11 17:07 - 2014-12-26 02:15 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 17:02 - 2015-01-23 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-06-11 16:19 - 2014-12-26 19:14 - 00000000 ____D C:\Users\BERGHOFF\AppData\Roaming\.minecraft
2015-06-11 10:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-10 16:09 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-10 16:01 - 2015-04-15 21:02 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-10 16:01 - 2015-04-15 21:02 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-10 16:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-10 15:25 - 2015-01-06 15:37 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 15:12 - 2015-01-06 15:37 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-10 15:10 - 2009-07-14 04:34 - 00000510 _____ C:\Windows\win.ini
2015-06-09 14:18 - 2015-02-24 19:13 - 00000000 ____D C:\Users\BERGHOFF\Desktop\Microsoft 2013
2015-06-09 13:32 - 2014-12-26 18:10 - 00000000 ____D C:\Users\BERGHOFF\Documents\Outlook-Dateien
2015-06-09 10:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\spool
2015-06-09 00:19 - 2015-03-03 19:06 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-06-08 19:24 - 2014-12-26 09:21 - 00000000 ____D C:\Users\BERGHOFF\AppData\Roaming\Origin
2015-06-08 19:15 - 2014-12-26 09:16 - 00000000 ____D C:\Program Files (x86)\Origin
2015-06-08 19:14 - 2015-01-21 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LoiLo Game Recorder
2015-06-07 17:50 - 2015-04-18 15:47 - 00001028 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-06-07 13:32 - 2014-12-29 18:36 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-21 20:45 - 2015-03-08 15:57 - 00000680 __RSH C:\Users\chberghoff\ntuser.pol
2015-05-21 20:19 - 2015-03-03 19:06 - 00000000 ____D C:\Users\BERGHOFF\AppData\Local\Battle.net
2015-05-21 20:03 - 2015-05-13 21:17 - 00004096 _____ C:\Users\Public\Documents\000017B4.LCS
2015-05-21 19:30 - 2015-03-08 15:57 - 00000680 __RSH C:\Users\BERGHOFF\ntuser.pol
2015-05-21 13:47 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-05-21 13:29 - 2015-01-13 13:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-05-21 13:15 - 2015-01-13 13:27 - 00000000 ____D C:\Program Files (x86)\HP
2015-05-21 13:05 - 2015-01-13 19:54 - 00000000 ____D C:\Users\chberghoff\AppData\Roaming\Adobe
2015-05-21 13:04 - 2015-01-13 13:27 - 00000000 ____D C:\ProgramData\HP
2015-05-20 20:20 - 2015-04-26 11:09 - 00000000 ____D C:\Program Files (x86)\Cobra 11 - Highway Nights
2015-05-20 18:18 - 2015-04-04 10:14 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-20 16:56 - 2015-01-23 12:02 - 00000000 ____D C:\Program Files\Microsoft Office 15

==================== Files in the root of some directories =======

2015-02-14 19:01 - 2015-05-19 08:48 - 0000020 _____ () C:\Users\chberghoff\AppData\Roaming\appdataFr3.bin
2015-05-04 17:50 - 2015-05-04 17:50 - 0002084 _____ () C:\Users\chberghoff\AppData\Local\recently-used.xbel
2015-01-13 13:26 - 2015-01-13 13:26 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\BERGHOFF\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr6dhuf.dll
C:\Users\bslap2013\AppData\Local\Temp\26ab279a-78d6-4b09-ac46-6c757141b174zp12.5-setup-833138993.exe
C:\Users\bslap2013\AppData\Local\Temp\50c98a99-02dc-4042-a176-e755f912a138zp12.5-setup-1249534298.exe
C:\Users\bslap2013\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppzmnlc.dll
C:\Users\bslap2013\AppData\Local\Temp\GoogleSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-16 16:01

==================== End of log ============================
Hoffe jetzt passt alles
Danke

schrauber 21.06.2015 07:42
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

mobspot 21.06.2015 11:52
Code:
ComboFix 15-06-18.01 - chberghoff 21.06.2015  12:19:19.1.8 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8173.5825 [GMT 2:00]
ausgeführt von:: c:\users\chberghoff\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\BERGHOFF\AppData\Roaming\8d6122003d99411cb70e613a324b9fac2
c:\windows\msdownld.tmp
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
-------\Legacy_NPF
-------\Service_acedrv11
-------\Service_NPF
.
.
(((((((((((((((((((((((  Dateien erstellt von 2015-05-21 bis 2015-06-21  ))))))))))))))))))))))))))))))
.
.
2015-06-21 10:33 . 2015-06-21 10:33        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-06-21 10:33 . 2015-06-21 10:33        --------        d-----w-        c:\users\bslap2013\AppData\Local\temp
2015-06-19 20:02 . 2015-06-19 20:05        --------        d-----w-        C:\FRST
2015-06-18 18:41 . 2015-06-18 18:41        75888        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{CCD4253D-54DC-486E-9245-8F252523B2A7}\offreg.7972.dll
2015-06-18 16:29 . 2015-06-18 16:29        --------        d-----w-        c:\users\chberghoff\AppData\Roaming\ProductData
2015-06-18 16:29 . 2015-06-18 16:29        --------        d-----w-        c:\programdata\IObit
2015-06-18 16:29 . 2015-06-18 16:29        --------        d-----w-        c:\users\chberghoff\AppData\Roaming\IObit
2015-06-18 16:29 . 2015-06-18 16:29        --------        d-----w-        c:\program files (x86)\IObit
2015-06-18 16:19 . 2015-06-18 16:19        778416        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-18 16:19 . 2015-06-18 16:19        --------        d-----w-        c:\windows\system32\Macromed
2015-06-18 15:41 . 2015-05-03 03:16        12214312        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{CCD4253D-54DC-486E-9245-8F252523B2A7}\mpengine.dll
2015-06-18 12:44 . 2015-06-18 15:27        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2015-06-18 12:43 . 2015-06-18 15:27        --------        d-----w-        c:\program files (x86)\Spybot - Search & Destroy 2
2015-06-17 14:56 . 2015-06-17 14:57        --------        d-----w-        c:\users\BERGHOFF\AppData\Roaming\MAGIX
2015-06-17 14:43 . 2015-06-17 14:43        --------        d-----w-        c:\users\chberghoff\AppData\Local\ArcSoft
2015-06-17 14:43 . 2015-06-18 11:04        --------        d-----w-        c:\users\chberghoff\AppData\Roaming\ArcSoft
2015-06-17 14:30 . 2015-06-17 14:30        --------        d-----w-        c:\users\chberghoff\AppData\Roaming\MAGIX
2015-06-17 14:13 . 2015-06-17 14:13        --------        d-----w-        c:\program files\MAGIX
2015-06-17 14:02 . 2015-06-17 14:30        --------        d-----w-        c:\programdata\MAGIX
2015-06-17 14:02 . 2015-06-17 14:02        --------        d-----w-        c:\program files (x86)\Common Files\MAGIX Services
2015-06-17 14:02 . 2015-06-17 14:02        --------        d-----w-        c:\program files (x86)\MAGIX
2015-06-14 14:20 . 2015-06-14 14:20        --------        d-----w-        c:\users\BERGHOFF\AppData\Roaming\HpUpdate
2015-06-14 08:15 . 2015-06-14 08:15        --------        d-----w-        c:\users\Default\AppData\Local\Google
2015-06-12 19:08 . 2015-06-12 19:08        --------        d-----w-        c:\users\BERGHOFF\AppData\Local\TempTaskUpdateDetection5CF17E6F-42CF-4172-A194-5B9AB822F503
2015-06-10 07:28 . 2015-05-25 18:19        1255424        ----a-w-        c:\windows\system32\diagtrack.dll
2015-06-10 07:27 . 2015-05-23 03:15        47616        ----a-w-        c:\windows\SysWow64\ieetwproxystub.dll
2015-06-09 12:30 . 2015-06-09 12:30        --------        d-----w-        c:\program files (x86)\Vstep
2015-06-09 12:19 . 2000-08-19 18:29        268048        ----a-w-        c:\windows\SysWow64\dxtmeta2.dll
2015-06-09 11:30 . 2015-06-09 11:30        --------        d-----w-        c:\users\BERGHOFF\AppData\Roaming\OpenOffice
2015-06-08 17:16 . 2015-06-18 15:27        --------        d-----w-        c:\program files (x86)\Electronic Arts
2015-05-22 17:16 . 2015-05-22 17:16        18652352        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-18 16:19 . 2014-12-25 22:46        142512        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-10 13:12 . 2015-01-06 13:37        140135120        ----a-w-        c:\windows\system32\MRT.exe
2015-05-25 18:01 . 2015-06-10 07:28        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2015-05-19 06:48 . 2015-02-14 17:01        20        ----a-w-        c:\users\chberghoff\AppData\Roaming\appdataFr3.bin
2015-05-16 09:48 . 2015-02-14 13:05        20        ----a-w-        c:\users\BERGHOFF\AppData\Roaming\appdataFr3.bin
2015-05-10 18:29 . 2015-03-02 15:52        129752        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-03 12:01 . 2015-04-24 16:44        20        ----a-w-        c:\users\bslap2013\AppData\Roaming\appdataFr3.bin
2015-05-01 13:17 . 2015-05-13 10:36        124112        ----a-w-        c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-13 10:36        102608        ----a-w-        c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-28 12:15 . 2011-06-10 23:15        829264        ----a-w-        c:\windows\system32\msvcr100.dll
2015-04-28 12:15 . 2011-06-10 23:15        829264        ----a-w-        c:\windows\system32\msvcr100(23).dll
2015-04-28 12:15 . 2011-06-10 23:15        608080        ----a-w-        c:\windows\system32\msvcp100.dll
2015-04-28 12:15 . 2011-06-10 23:15        608080        ----a-w-        c:\windows\system32\msvcp100(22).dll
2015-04-28 10:03 . 2015-04-28 10:03        773968        ----a-w-        c:\windows\SysWow64\msvcr100.dll
2015-04-28 10:03 . 2015-04-28 10:03        421200        ----a-w-        c:\windows\SysWow64\msvcp100.dll
2015-04-20 03:17 . 2015-05-13 06:53        1647104        ----a-w-        c:\windows\system32\DWrite.dll
2015-04-20 03:17 . 2015-05-13 06:53        1179136        ----a-w-        c:\windows\system32\FntCache.dll
2015-04-20 02:56 . 2015-05-13 06:53        1250816        ----a-w-        c:\windows\SysWow64\DWrite.dll
2015-04-18 03:10 . 2015-05-13 06:56        460800        ----a-w-        c:\windows\system32\certcli.dll
2015-04-18 02:56 . 2015-05-13 06:56        342016        ----a-w-        c:\windows\SysWow64\certcli.dll
2015-04-14 01:38 . 2015-04-14 01:38        1217192        ----a-w-        c:\windows\SysWow64\FM20.DLL
2015-04-13 03:28 . 2015-05-13 06:55        328704        ----a-w-        c:\windows\system32\services.exe
2015-04-12 14:56 . 2015-04-12 14:59        13792        ----a-w-        c:\windows\system32\drivers\semav6thermal64ro.sys
2015-04-08 03:29 . 2015-05-13 06:53        275456        ----a-w-        c:\windows\system32\InkEd.dll
2015-04-08 03:29 . 2015-05-13 06:53        24576        ----a-w-        c:\windows\system32\jnwmon.dll
2015-04-08 03:14 . 2015-05-13 06:53        216064        ----a-w-        c:\windows\SysWow64\InkEd.dll
2015-03-30 13:25 . 2015-01-28 07:15        33856        ---ha-w-        c:\windows\system32\hamachi.sys
2015-03-25 03:24 . 2015-04-15 12:54        98304        ----a-w-        c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 12:54        37376        ----a-w-        c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 12:54        35328        ----a-w-        c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 12:54        3298816        ----a-w-        c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 12:54        2553856        ----a-w-        c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 12:54        191488        ----a-w-        c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 12:54        696320        ----a-w-        c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 12:54        60416        ----a-w-        c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 12:54        12288        ----a-w-        c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 12:54        36864        ----a-w-        c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 12:54        135168        ----a-w-        c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 12:54        92672        ----a-w-        c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 12:54        566784        ----a-w-        c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 12:54        29696        ----a-w-        c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 12:54        173056        ----a-w-        c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 12:54        33792        ----a-w-        c:\windows\SysWow64\wuapp.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-04-23 8204056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 46a69adc;IndepthGeneration;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [x]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostServiceSony;McAfee Security Scan Component Host Service for Sony;c:\program files (x86)\Sony\MSS\3.8.130\McCHSvc.exe;c:\program files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 PrintNotify;Druckererweiterungen und -benachrichtigungen;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 USER_ESRV_SVC;User Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe [x]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 cm_km_w;Kaspersky Lab Crypto Module (FDE PDK);c:\windows\system32\DRIVERS\cm_km_w.sys;c:\windows\SYSNATIVE\DRIVERS\cm_km_w.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 Klwtp;Klwtp;c:\windows\system32\DRIVERS\klwtp.sys;c:\windows\SYSNATIVE\DRIVERS\klwtp.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 AVP15.0.1;Kaspersky Anti-Virus Service 15.0.1;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 DevoloNetworkService;devolo Network Service;c:\program files (x86)\devolo\dlan\devolonetsvc.exe;c:\program files (x86)\devolo\dlan\devolonetsvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ESRV_SVC;Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1 [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys;c:\windows\SYSNATIVE\DRIVERS\kldisk.sys [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys;c:\windows\sysWOW64\drivers\npf_devolo.sys [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe;c:\program files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys;c:\windows\SYSNATIVE\DRIVERS\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsnxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdsnxc64.sys [x]
S2 SampleCollector;Intel(R) System Behavior Tracker Collector Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
S2 SOHDms;Sony Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 NWVoltron;NextWindow Voltron Touch Screen;c:\windows\system32\DRIVERS\NWVoltron.sys;c:\windows\SYSNATIVE\DRIVERS\NWVoltron.sys [x]
S3 NWWakeFilterV;NextWindow Remote Wake Blocker (V);c:\windows\system32\DRIVERS\NWWakeFilterV.sys;c:\windows\SYSNATIVE\DRIVERS\NWWakeFilterV.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 semav6thermal64ro;semav6thermal64ro;c:\windows\system32\drivers\semav6thermal64ro.sys;c:\windows\SYSNATIVE\drivers\semav6thermal64ro.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\vuagent.exe;c:\program files\Sony\VAIO Update\vuagent.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-06-19 12:15        986440        ----a-w-        c:\program files (x86)\Google\Chrome\Application\43.0.2357.124\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-18 16:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-04-14 14:30        2334936        ----a-w-        c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-04-14 14:30        2334936        ----a-w-        c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-04-14 14:30        2334936        ----a-w-        c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-05-19 13:22        774984        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-05-19 13:22        774984        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-05-19 13:22        774984        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-05-19 13:22        774984        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-05-19 13:22        774984        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mDefault_Search_URL = www.google.com
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
uInternet Settings,ProxyOverride = <local>
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Mit Nuance PDF Converter 8 öffnen - c:\program files (x86)\Nuance\PDF Professional 8\cnvres_ger.dll /100
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {{09A10376-994C-4BBF-9121-F50CF7BA237E} - {F2A56BFE-7911-451A-BC74-A9C3C2E95126} - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=10000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_160_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_160_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_160_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_160_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_160.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_160.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_160.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_160.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\program files (x86)\Sony\VAIO Control Center\VESMgr.exe
c:\program files\Microsoft Office 15\Root\Office15\MsoSync.exe
c:\program files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
c:\program files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
c:\windows\SysWOW64\DllHost.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
c:\program files (x86)\TeamViewer\TeamViewer.exe
c:\program files (x86)\TeamViewer\tv_w32.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Sony\VAIO Care\listener.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-06-21  12:50:37 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-06-21 10:50
.
Vor Suchlauf: 26 Verzeichnis(se), 407.761.010.688 Bytes frei
Nach Suchlauf: 32 Verzeichnis(se), 406.896.439.296 Bytes frei
.
- - End Of File - - 76632A0607726F5217828B423BF9B85A

schrauber 22.06.2015 06:31
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

mobspot 22.06.2015 09:46
Hi Schrauber,
vielen Dank nochmal, Du bist echt fix :).

Hier die Logfiles
mbam.txt
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 22.06.2015
Suchlauf-Zeit: 08:28:00
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.06.21.04
Rootkit Datenbank: v2015.06.15.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: chberghoff

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 596415
Verstrichene Zeit: 1 Std, 27 Min, 42 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Deaktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 4
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, In Quarantäne, [b99f0cb1a4e69a9c9ea8672b887d34cc],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, In Quarantäne, [ba9e56672e5c290d2e18bfd3c144a35d],
PUP.Optional.PCSpeedUp.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PCSUUCDRV, In Quarantäne, [b0a8209da2e89c9ab4ceafe427de1ce4],
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-21-2171270164-1414087093-4126627718-1005\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, In Quarantäne, [0157902dfd8d072fd576850fa85d7987],

Registrierungswerte: 2
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In Quarantäne, [b99f0cb1a4e69a9c9ea8672b887d34cc]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In Quarantäne, [ba9e56672e5c290d2e18bfd3c144a35d]

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 1
PUP.Optional.Shopperz.A, C:\shoplog, In Quarantäne, [3127556894f641f51b8b46b1fa099070],

Dateien: 1
PUP.Optional.Shopperz.A, C:\shoplog\installLog.txt, In Quarantäne, [3127556894f641f51b8b46b1fa099070],

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
Code:
# AdwCleaner v4.207 - Bericht erstellt 22/06/2015 um 10:16:56
# Aktualisiert 21/06/2015 von Xplode
# Datenbank : 2015-06-21.2 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : chberghoff - BERGHOFF-VAIO
# Gestarted von : C:\Users\chberghoff\Desktop\AdwCleaner_4.207.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : 46a69adc

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Public\Documents\Save
Ordner Gelöscht : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\BERGHOFF\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Ordner Gelöscht : C:\Users\bslap2013\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Ordner Gelöscht : C:\Users\chberghoff\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\1f282331-60b8-3cee-5319-8e3ceb16c7bc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Schlüssel Gelöscht : HKCU\Software\OCS
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:54776;hxxps=127.0.0.1:54776
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Google Chrome v43.0.2357.124


*************************

AdwCleaner[R0].txt - [9117 Bytes] - [07/03/2015 17:38:06]
AdwCleaner[R1].txt - [921 Bytes] - [07/03/2015 18:00:53]
AdwCleaner[R2].txt - [2805 Bytes] - [22/06/2015 10:15:19]
AdwCleaner[S0].txt - [8127 Bytes] - [07/03/2015 17:40:46]
AdwCleaner[S1].txt - [2445 Bytes] - [22/06/2015 10:16:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2504  Bytes] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 7.0.7 (06.21.2015:2)
OS: Windows 7 Home Premium x64
Ran by chberghoff on 22.06.2015 at 10:27:00,52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Users\chberghoff\AppData\Roaming\appdataFr3.bin



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\esellerate
Successfully deleted: [Folder] C:\Users\chberghoff\AppData\Roaming\productdata
Successfully deleted: [Folder] C:\users\public\documents\baidu



~~~ Chrome


[C:\Users\chberghoff\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\chberghoff\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\chberghoff\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\chberghoff\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.06.2015 at 10:30:53,13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by chberghoff (administrator) on BERGHOFF-VAIO on 22-06-2015 10:33:36
Running from C:\Users\chberghoff\Desktop
Loaded Profiles: chberghoff (Available Profiles: BERGHOFF & bslap2013 & chberghoff & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2171270164-1414087093-4126627718-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-2171270164-1414087093-4126627718-1005\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2171270164-1414087093-4126627718-1005\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\bslap2013\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-05-04]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\bslap2013\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-24]
ShortcutTarget: Dropbox.lnk -> C:\Users\chberghoff\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2171270164-1414087093-4126627718-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2171270164-1414087093-4126627718-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2171270164-1414087093-4126627718-1005\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2171270164-1414087093-4126627718-1005\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-26] (Kaspersky Lab ZAO)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-26] (Kaspersky Lab ZAO)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-26] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-26] (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll [2012-07-19] (Zeon Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-01-06] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-06-15] (Atheros Commnucations)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-26] (Kaspersky Lab ZAO)
BHO-x32: ZeonIEEventHelper Class -> {C7DA0384-42AA-428c-B832-88AC343DE1A8} -> C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2013-03-07] (Zeon Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-06] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-26] (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2013-03-07] (Zeon Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ [2010-01-09] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2014-12-26] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-06] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-26] ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2014-12-26] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-26] ()
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ [2015-01-23] ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-12-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-12-13] (NVIDIA Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2010-12-10] (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 8\bin\nppdf.dll [2012-07-31] (Zeon Corporation)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-26]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-26]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2014-12-26]

Chrome:
=======
CHR Profile: C:\Users\chberghoff\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\chberghoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-19]
CHR Extension: (YouTube) - C:\Users\chberghoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-19]
CHR Extension: (Google Search) - C:\Users\chberghoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-19]
CHR Extension: (Kaspersky Protection) - C:\Users\chberghoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-01-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\chberghoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-23]
CHR Extension: (Google Wallet) - C:\Users\chberghoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-28]
CHR Extension: (Gmail) - C:\Users\chberghoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-19]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-06-15] (Atheros) [File not signed]
S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [91296 2011-06-15] (Atheros Commnucations) [File not signed]
S2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [104096 2011-07-19] (Atheros Communication Inc.) [File not signed]
S2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3128856 2012-02-28] (devolo AG)
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-12-03] (Ellora Assets Corp.) [File not signed]
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-08] (Electronic Arts)
S2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [135056 2012-10-23] (Nuance Communications, Inc.)
S2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [487960 2015-02-05] (Sony Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
S3 PrintNotify; C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [2987520 2014-10-29] (Microsoft Corporation) [File not signed]
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2010-02-24] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2010-02-24] (Sonic Solutions)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
S3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2014-12-26] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [819896 2015-03-18] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2014-12-26] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2012-01-31] (CACE Technologies)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 NWVoltron; C:\Windows\System32\DRIVERS\NWVoltron.sys [28440 2011-05-03] ()
R3 NWWakeFilterV; C:\Windows\System32\DRIVERS\NWWakeFilterV.sys [16152 2011-05-03] (n/a)
R2 risdsnpe; C:\Windows\System32\DRIVERS\risdsnxc64.sys [98816 2011-06-02] (REDC)
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-04-12] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-22 10:33 - 2015-06-22 10:34 - 00025213 _____ C:\Users\chberghoff\Desktop\FRST.txt
2015-06-22 10:30 - 2015-06-22 10:30 - 00001499 _____ C:\Users\chberghoff\Desktop\JRT.txt
2015-06-22 10:27 - 2015-06-22 10:27 - 00000207 _____ C:\Windows\tweaking.com-regbackup-BERGHOFF-VAIO-Windows-7-Home-Premium-(64-bit).dat
2015-06-22 10:27 - 2015-06-22 10:27 - 00000000 ____D C:\RegBackup
2015-06-22 10:26 - 2015-06-22 10:26 - 02950454 _____ (Thisisu) C:\Users\chberghoff\Desktop\JRT.exe
2015-06-22 10:25 - 2015-06-22 10:26 - 02950454 _____ (Thisisu) C:\Users\chberghoff\Downloads\JRT.exe
2015-06-22 10:23 - 2015-06-22 10:23 - 00002592 _____ C:\Users\chberghoff\Desktop\AdwCleaner[S1].txt
2015-06-22 10:12 - 2015-06-22 10:12 - 00002222 _____ C:\Users\chberghoff\Desktop\mbam.txt
2015-06-22 09:18 - 2015-06-22 09:18 - 02244096 _____ C:\Users\chberghoff\Desktop\AdwCleaner_4.207.exe
2015-06-22 08:26 - 2015-06-22 08:26 - 00001163 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-22 08:25 - 2015-06-22 08:25 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\chberghoff\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-21 12:50 - 2015-06-21 12:50 - 00036390 _____ C:\ComboFix.txt
2015-06-21 12:38 - 2015-06-22 10:20 - 00001360 _____ C:\Windows\PFRO.log
2015-06-21 12:15 - 2015-06-21 12:50 - 00000000 ____D C:\Qoobox
2015-06-21 12:15 - 2015-06-21 12:50 - 00000000 ____D C:\ComboFix
2015-06-21 12:15 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-21 12:15 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-21 12:15 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-21 12:15 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-21 12:15 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-21 12:15 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-21 12:15 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-21 12:15 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-21 12:14 - 2015-06-21 12:48 - 00000000 ____D C:\Windows\erdnt
2015-06-21 12:13 - 2015-06-21 12:13 - 05628633 ____R (Swearware) C:\Users\chberghoff\Desktop\ComboFix.exe
2015-06-21 09:11 - 2015-06-21 09:11 - 00129768 _____ C:\Users\chberghoff\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-21 09:06 - 2015-06-21 09:07 - 00497544 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-20 21:59 - 2015-06-20 21:59 - 00020266 _____ C:\Users\BERGHOFF\Downloads\ManualIgnition.zip
2015-06-20 19:36 - 2015-06-20 19:41 - 14482424 _____ C:\Users\BERGHOFF\Downloads\placeableCarWash_V1_1.zip
2015-06-20 18:58 - 2015-06-22 10:21 - 00001344 _____ C:\Windows\setupact.log
2015-06-20 18:58 - 2015-06-20 18:58 - 00000000 _____ C:\Windows\setuperr.log
2015-06-20 18:40 - 2015-06-20 18:40 - 00129768 _____ C:\Users\BERGHOFF\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-19 23:23 - 2015-06-20 12:58 - 00000000 ____D C:\Windows\Minidump
2015-06-19 22:07 - 2015-06-19 22:07 - 00380416 _____ C:\Users\chberghoff\Downloads\Gmer-19357.exe
2015-06-19 22:07 - 2015-06-19 22:07 - 00380416 _____ C:\Users\chberghoff\Desktop\Gmer-19357.exe
2015-06-19 22:02 - 2015-06-22 10:33 - 00000000 ____D C:\FRST
2015-06-19 22:02 - 2015-06-19 22:02 - 02109952 _____ (Farbar) C:\Users\chberghoff\Desktop\FRST64.exe
2015-06-19 22:00 - 2015-06-19 22:00 - 00050477 _____ C:\Users\chberghoff\Desktop\Defogger (1).exe
2015-06-19 21:58 - 2015-06-19 21:58 - 00050477 _____ C:\Users\chberghoff\Downloads\Defogger.exe
2015-06-19 21:58 - 2015-06-19 21:58 - 00000482 _____ C:\Users\chberghoff\Downloads\defogger_disable.log
2015-06-19 21:58 - 2015-06-19 21:58 - 00000000 _____ C:\Users\chberghoff\defogger_reenable
2015-06-19 14:15 - 2015-06-19 14:15 - 00002308 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-19 14:15 - 2015-06-19 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-19 00:28 - 2015-06-22 10:24 - 00005176 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for BERGHOFF-VAIO-chberghoff BERGHOFF-VAIO
2015-06-18 18:29 - 2015-06-18 18:29 - 00000000 ____D C:\Users\chberghoff\AppData\Roaming\IObit
2015-06-18 18:29 - 2015-06-18 18:29 - 00000000 ____D C:\ProgramData\IObit
2015-06-18 18:29 - 2015-06-18 18:29 - 00000000 ____D C:\Program Files (x86)\IObit
2015-06-18 18:19 - 2015-06-22 10:18 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-18 18:19 - 2015-06-18 18:19 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-18 18:19 - 2015-06-18 18:19 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-18 18:19 - 2015-06-18 18:19 - 00000000 ____D C:\Windows\system32\Macromed
2015-06-18 16:34 - 2015-06-18 16:34 - 00000000 ____D C:\Users\chberghoff\Documents\My Games
2015-06-18 14:44 - 2015-06-18 17:27 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-06-18 14:44 - 2015-06-18 17:27 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-06-18 14:43 - 2015-06-18 17:27 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-06-17 16:56 - 2015-06-17 16:57 - 00000000 ____D C:\Users\BERGHOFF\AppData\Roaming\MAGIX
2015-06-17 16:56 - 2015-06-17 16:56 - 00000000 ____D C:\Users\BERGHOFF\Documents\Video deluxe 2015
2015-06-17 16:56 - 2015-06-17 16:56 - 00000000 ____D C:\Users\BERGHOFF\Documents\MAGIX
2015-06-17 16:43 - 2015-06-18 13:04 - 00000000 ____D C:\Users\chberghoff\AppData\Roaming\ArcSoft
2015-06-17 16:43 - 2015-06-17 16:43 - 00000000 ____D C:\Users\chberghoff\AppData\Local\ArcSoft
2015-06-17 16:30 - 2015-06-17 16:30 - 00000000 ____D C:\Users\chberghoff\AppData\Roaming\MAGIX
2015-06-17 16:13 - 2015-06-17 16:13 - 00000000 ____D C:\Program Files\MAGIX
2015-06-17 16:02 - 2015-06-18 13:04 - 00000000 ____D C:\Users\chberghoff\Documents\MAGIX
2015-06-17 16:02 - 2015-06-17 16:30 - 00000000 ____D C:\ProgramData\MAGIX
2015-06-17 16:02 - 2015-06-17 16:02 - 00000000 ____D C:\Program Files (x86)\MAGIX
2015-06-14 16:20 - 2015-06-14 16:20 - 00000000 ____D C:\Users\BERGHOFF\AppData\Roaming\HpUpdate
2015-06-14 10:15 - 2015-06-14 10:15 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2015-06-14 10:15 - 2015-06-14 10:15 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2015-06-12 21:08 - 2015-06-12 21:08 - 00000000 ____D C:\Users\BERGHOFF\AppData\Local\TempTaskUpdateDetection5CF17E6F-42CF-4172-A194-5B9AB822F503
2015-06-10 09:29 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-10 09:29 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-10 09:29 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-10 09:29 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-10 09:29 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-10 09:29 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 09:29 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-10 09:29 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-10 09:29 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 09:29 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 09:29 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 09:29 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 09:29 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 09:29 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 09:29 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 09:29 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 09:29 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 09:29 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 09:28 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 09:28 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 09:28 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 09:28 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 09:28 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 09:28 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 09:28 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 09:28 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 09:28 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 09:28 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 09:28 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 09:28 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 09:28 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 09:28 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 09:28 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 09:28 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 09:28 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 09:28 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 09:28 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 09:28 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 09:28 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 09:28 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 09:28 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 09:28 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 09:28 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 09:28 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 09:28 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 09:28 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 09:28 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 09:28 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 09:28 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 09:28 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 09:28 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 09:28 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 09:28 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 09:28 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 09:28 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 09:28 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 09:28 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 09:28 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 09:28 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-10 09:27 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 09:27 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 09:27 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 09:27 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 09:27 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 09:27 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 09:27 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 09:27 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 09:27 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 09:27 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 09:27 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 09:27 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 09:27 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 09:27 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 09:27 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 09:27 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 09:27 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 09:27 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 09:27 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 09:27 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 09:27 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 09:27 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 09:27 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 09:27 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 09:27 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 09:27 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 09:27 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 09:27 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 09:27 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 09:27 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 09:27 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 09:27 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 09:27 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 09:27 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 09:27 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 09:27 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 09:27 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 09:27 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 09:27 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 09:27 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 09:27 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 09:27 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 09:27 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 09:27 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 09:27 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 09:27 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 09:27 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 09:27 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 09:27 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 09:27 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 09:27 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 09:27 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 09:27 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 09:27 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 09:27 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 09:27 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 09:27 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 09:27 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 09:27 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 09:27 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-09 14:35 - 2015-06-09 15:49 - 00000000 ____D C:\Users\BERGHOFF\Documents\ShipSim2008 UserData
2015-06-09 14:35 - 2015-06-09 14:35 - 00001220 _____ C:\Users\Public\Desktop\Schiff-Simulator 2008 Mission Editor.lnk
2015-06-09 14:35 - 2015-06-09 14:35 - 00001210 _____ C:\Users\Public\Desktop\Schiff-Simulator 2008.lnk
2015-06-09 14:35 - 2015-06-09 14:35 - 00000000 ____D C:\Users\BERGHOFF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Schiff-Simulator 2008
2015-06-09 14:35 - 2015-06-09 14:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Schiff-Simulator 2008
2015-06-09 14:30 - 2015-06-09 14:30 - 00000000 ____D C:\Program Files (x86)\Vstep
2015-06-09 14:19 - 2000-08-19 20:29 - 00268048 _____ (MetaCreations Corporation) C:\Windows\SysWOW64\dxtmeta2.dll
2015-06-09 13:30 - 2015-06-09 13:30 - 00000000 ____D C:\Users\BERGHOFF\AppData\Roaming\OpenOffice
2015-06-08 20:33 - 2015-06-21 16:07 - 00000000 ____D C:\Users\BERGHOFF\Documents\FIFA 13
2015-06-08 20:18 - 2015-06-08 20:18 - 00001307 _____ C:\Users\Public\Desktop\FIFA 13.lnk
2015-06-08 19:16 - 2015-06-18 17:27 - 00000000 ____D C:\Program Files (x86)\Electronic Arts

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-22 10:28 - 2015-05-10 21:56 - 01570153 _____ C:\Windows\WindowsUpdate.log
2015-06-22 10:27 - 2009-07-14 06:45 - 00020992 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-22 10:27 - 2009-07-14 06:45 - 00020992 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-22 10:22 - 2014-12-26 17:17 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-06-22 10:21 - 2015-01-28 09:20 - 00000000 ____D C:\Users\chberghoff\AppData\Local\LogMeIn Hamachi
2015-06-22 10:21 - 2014-12-26 00:30 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-22 10:21 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-22 10:16 - 2015-03-07 17:38 - 00000000 ____D C:\AdwCleaner
2015-06-22 10:08 - 2015-03-02 17:52 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-22 10:06 - 2014-12-26 01:44 - 00000000 ____D C:\Windows\no
2015-06-22 08:26 - 2015-03-02 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-22 08:26 - 2015-03-02 17:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-22 08:26 - 2015-01-14 15:30 - 00000000 ____D C:\Users\chberghoff\AppData\Local\CrashDumps
2015-06-22 08:20 - 2015-05-03 13:16 - 00000000 ____D C:\Users\chberghoff\Documents\Outlook-Dateien
2015-06-21 22:05 - 2015-03-04 00:00 - 00000000 ____D C:\Users\chberghoff\AppData\Local\Battle.net
2015-06-21 16:16 - 2014-12-26 09:17 - 00000000 ____D C:\ProgramData\Origin
2015-06-21 13:57 - 2014-12-26 00:08 - 00703092 _____ C:\Windows\system32\perfh007.dat
2015-06-21 13:57 - 2014-12-26 00:08 - 00150676 _____ C:\Windows\system32\perfc007.dat
2015-06-21 13:57 - 2011-02-11 01:03 - 01648846 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-06-21 12:50 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-06-21 12:42 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-06-21 12:41 - 2015-04-18 15:47 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-06-21 12:35 - 2009-07-14 04:34 - 23330816 _____ C:\Windows\system32\config\SYSTEM.bak
2015-06-21 12:35 - 2009-07-14 04:34 - 114032640 _____ C:\Windows\system32\config\SOFTWARE.bak
2015-06-21 12:35 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2015-06-21 12:35 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2015-06-21 12:35 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2015-06-21 12:34 - 2009-07-14 04:34 - 44302336 _____ C:\Windows\system32\config\components.bak
2015-06-21 10:54 - 2015-03-03 19:06 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-06-21 09:11 - 2015-01-02 15:42 - 00002810 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-06-20 23:15 - 2014-12-29 18:08 - 00000000 ____D C:\Users\BERGHOFF\AppData\Roaming\TS3Client
2015-06-20 23:01 - 2015-03-13 18:10 - 00004096 _____ C:\Users\Public\Documents\0000322A.LCS
2015-06-20 23:00 - 2014-12-26 09:19 - 00000000 ____D C:\Users\BERGHOFF\AppData\Local\CrashDumps
2015-06-20 18:38 - 2014-12-27 15:26 - 00000000 ____D C:\Users\BERGHOFF\AppData\Roaming\Notepad++
2015-06-20 18:36 - 2014-12-26 19:09 - 00000000 ____D C:\Users\BERGHOFF\AppData\Local\LogMeIn Hamachi
2015-06-20 18:21 - 2015-02-12 09:25 - 00002270 _____ C:\Users\BERGHOFF\Desktop\Google Chrome.lnk
2015-06-19 23:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-19 21:58 - 2015-01-13 19:52 - 00000000 ____D C:\Users\chberghoff
2015-06-19 14:35 - 2015-01-17 15:10 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-19 14:15 - 2014-12-26 09:24 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-19 14:09 - 2014-12-26 02:08 - 00000000 ____D C:\Windows\pss
2015-06-19 14:05 - 2015-01-24 01:27 - 00000000 ___RD C:\Users\BERGHOFF\Dropbox
2015-06-19 14:05 - 2015-01-24 01:23 - 00000000 ____D C:\Users\BERGHOFF\AppData\Roaming\Dropbox
2015-06-19 13:51 - 2014-12-26 18:42 - 00000000 __SHD C:\Users\BERGHOFF\AppData\Local\EmieUserList
2015-06-19 13:51 - 2014-12-26 18:42 - 00000000 __SHD C:\Users\BERGHOFF\AppData\Local\EmieSiteList
2015-06-19 13:51 - 2014-12-26 18:42 - 00000000 __SHD C:\Users\BERGHOFF\AppData\Local\EmieBrowserModeList
2015-06-19 09:18 - 2015-02-17 12:16 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-19 00:32 - 2014-12-26 17:51 - 00000000 ____D C:\ProgramData\TEMP
2015-06-18 18:41 - 2009-07-14 07:13 - 01593956 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-18 18:29 - 2015-01-26 12:22 - 00000000 ____D C:\Users\chberghoff\AppData\Roaming\Apple Computer
2015-06-18 18:19 - 2015-01-13 19:54 - 00000000 ____D C:\Users\chberghoff\AppData\Local\Adobe
2015-06-18 18:19 - 2014-12-26 00:46 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-18 17:28 - 2015-05-05 08:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-06-18 17:28 - 2015-04-26 15:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2
2015-06-18 17:28 - 2015-04-21 20:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emergency 5
2015-06-18 17:28 - 2015-04-18 16:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bus-Simulator 2012
2015-06-18 17:28 - 2015-04-04 10:14 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-18 17:28 - 2015-04-03 18:37 - 00000000 ____D C:\Program Files (x86)\Quadriga Games
2015-06-18 17:28 - 2015-03-08 16:00 - 00000000 ____D C:\Users\Gast
2015-06-18 17:28 - 2015-03-06 18:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2013
2015-06-18 17:28 - 2015-03-04 00:00 - 00000000 ____D C:\Users\chberghoff\AppData\Roaming\Battle.net
2015-06-18 17:28 - 2015-01-15 18:48 - 00000000 ____D C:\Users\BERGHOFF\AppData\Roaming\Audacity
2015-06-18 17:28 - 2015-01-13 19:54 - 00000000 ____D C:\Users\chberghoff\AppData\Local\Google
2015-06-18 17:28 - 2014-12-27 13:51 - 00000000 ____D C:\Users\bslap2013
2015-06-18 17:28 - 2014-12-26 09:22 - 00000000 ____D C:\Program Files (x86)\Origin Games
2015-06-18 17:28 - 2014-12-26 02:12 - 00000000 ____D C:\Update
2015-06-18 17:28 - 2014-12-26 02:07 - 00000000 ____D C:\Users\BERGHOFF
2015-06-18 17:28 - 2014-12-26 01:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-06-18 17:28 - 2014-12-26 00:30 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-06-18 17:28 - 2014-12-26 00:29 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-06-18 17:28 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-06-18 17:27 - 2015-04-26 15:48 - 00000000 ____D C:\Program Files (x86)\Euro Truck Simulator 2
2015-06-18 17:27 - 2015-04-21 19:37 - 00000000 ____D C:\Program Files (x86)\Emergency 5
2015-06-18 17:27 - 2015-03-06 18:49 - 00000000 ____D C:\Program Files (x86)\Landwirtschafts Simulator 2013
2015-06-18 17:27 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2015-06-18 17:26 - 2015-01-13 19:54 - 00000000 ____D C:\Users\chberghoff\AppData\Local\NVIDIA
2015-06-18 17:26 - 2014-12-26 00:30 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-18 17:26 - 2014-12-26 00:10 - 00000000 ____D C:\ProgramData\Sony Corporation
2015-06-18 17:26 - 2014-12-26 00:10 - 00000000 ____D C:\Program Files\Sony
2015-06-18 13:04 - 2011-05-27 23:57 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-06-18 10:38 - 2015-02-12 18:37 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-18 10:35 - 2015-01-13 19:55 - 00000000 ____D C:\Users\chberghoff\AppData\Local\NVIDIA Corporation
2015-06-14 21:18 - 2015-01-28 09:30 - 00000000 __SHD C:\Users\chberghoff\AppData\Local\EmieUserList
2015-06-14 21:18 - 2015-01-28 09:30 - 00000000 __SHD C:\Users\chberghoff\AppData\Local\EmieSiteList
2015-06-14 21:18 - 2015-01-28 09:30 - 00000000 __SHD C:\Users\chberghoff\AppData\Local\EmieBrowserModeList
2015-06-14 16:27 - 2015-04-18 15:47 - 00000000 ____D C:\Users\BERGHOFF\AppData\Roaming\TeamViewer
2015-06-14 10:15 - 2015-05-05 08:15 - 00002099 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-06-14 10:15 - 2015-05-05 08:15 - 00002097 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-06-14 10:15 - 2015-05-05 08:15 - 00002087 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-06-11 17:07 - 2014-12-26 02:15 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 17:02 - 2015-01-23 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-06-11 16:19 - 2014-12-26 19:14 - 00000000 ____D C:\Users\BERGHOFF\AppData\Roaming\.minecraft
2015-06-11 10:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-10 16:09 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-10 16:01 - 2015-04-15 21:02 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-10 16:01 - 2015-04-15 21:02 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-10 16:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-10 15:25 - 2015-01-06 15:37 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 15:12 - 2015-01-06 15:37 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-10 15:10 - 2009-07-14 04:34 - 00000510 _____ C:\Windows\win.ini
2015-06-09 14:18 - 2015-02-24 19:13 - 00000000 ____D C:\Users\BERGHOFF\Desktop\Microsoft 2013
2015-06-09 13:32 - 2014-12-26 18:10 - 00000000 ____D C:\Users\BERGHOFF\Documents\Outlook-Dateien
2015-06-09 10:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\spool
2015-06-08 19:24 - 2014-12-26 09:21 - 00000000 ____D C:\Users\BERGHOFF\AppData\Roaming\Origin
2015-06-08 19:15 - 2014-12-26 09:16 - 00000000 ____D C:\Program Files (x86)\Origin
2015-06-08 19:14 - 2015-01-21 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LoiLo Game Recorder
2015-06-07 17:50 - 2015-04-18 15:47 - 00001028 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-06-07 15:35 - 2015-05-21 13:15 - 00000000 ____D C:\Users\chberghoff\AppData\Roaming\HpUpdate
2015-06-07 13:32 - 2014-12-29 18:36 - 00000000 ___RD C:\Program Files (x86)\Skype

==================== Files in the root of some directories =======

2015-05-04 17:50 - 2015-05-04 17:50 - 0002084 _____ () C:\Users\chberghoff\AppData\Local\recently-used.xbel
2015-01-13 13:26 - 2015-01-13 13:26 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\chberghoff\AppData\Local\Temp\Quarantine.exe
C:\Users\chberghoff\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-16 16:01

==================== End of log ============================

schrauber 23.06.2015 05:44

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

mobspot 24.06.2015 06:14
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=6c1de2cce53dbe4881f407f8919c3e6d
# end=init
# utc_time=2015-06-23 05:48:29
# local_time=2015-06-23 07:48:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24455
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=6c1de2cce53dbe4881f407f8919c3e6d
# end=updated
# utc_time=2015-06-23 05:52:49
# local_time=2015-06-23 07:52:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=6c1de2cce53dbe4881f407f8919c3e6d
# end=restart
# utc_time=2015-06-23 10:54:53
# local_time=2015-06-23 12:54:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1299 16777213 100 100 48284 62628523 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 160124 186686743 0 0
# scanned=393264
# found=1
# cleaned=0
# scan_time=18124
sh=85C8A3D6611730C56F27FD116862B4622535047F ft=1 fh=b15c51751d1b574b vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\chberghoff\Downloads\OpenOffice - CHIP-Installer.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=6c1de2cce53dbe4881f407f8919c3e6d
# end=init
# utc_time=2015-06-23 10:55:28
# local_time=2015-06-23 12:55:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24458
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=6c1de2cce53dbe4881f407f8919c3e6d
# end=updated
# utc_time=2015-06-23 10:56:54
# local_time=2015-06-23 12:56:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=6c1de2cce53dbe4881f407f8919c3e6d
# engine=24458
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-23 01:59:26
# local_time=2015-06-23 03:59:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1299 16777213 100 100 59357 62639596 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 171197 186697816 0 0
# scanned=508965
# found=1
# cleaned=0
# scan_time=10952
sh=85C8A3D6611730C56F27FD116862B4622535047F ft=1 fh=b15c51751d1b574b vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\chberghoff\Downloads\OpenOffice - CHIP-Installer.exe"
Code:
Results of screen317's Security Check version 1.002 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 25 
 Java version 32-bit out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Google Chrome (43.0.2357.124)
 Google Chrome (43.0.2357.130)
````````Process Check: objlist.exe by Laurent```````` 
 Sony VAIOCA~1 Iolo IOLOTO~1.EXE
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by chberghoff (administrator) on BERGHOFF-VAIO on 23-06-2015 17:00:10
Running from C:\Users\chberghoff\Desktop
Loaded Profiles: chberghoff (Available Profiles: BERGHOFF & bslap2013 & chberghoff & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
(iolo technologies, LLC) C:\Program Files\Sony\VAIO Care\Iolo\ioloTools.exe
() C:\Users\chberghoff\Desktop\SecurityCheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2171270164-1414087093-4126627718-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-2171270164-1414087093-4126627718-1005\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2171270164-1414087093-4126627718-1005\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\bslap2013\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-05-04]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\bslap2013\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-24]
ShortcutTarget: Dropbox.lnk -> C:\Users\chberghoff\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2171270164-1414087093-4126627718-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:54776;https=127.0.0.1:54776
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2171270164-1414087093-4126627718-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2171270164-1414087093-4126627718-1005\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2171270164-1414087093-4126627718-1005\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-26] (Kaspersky Lab ZAO)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-26] (Kaspersky Lab ZAO)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-26] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-26] (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll [2012-07-19] (Zeon Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-01-06] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-06-15] (Atheros Commnucations)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-26] (Kaspersky Lab ZAO)
BHO-x32: ZeonIEEventHelper Class -> {C7DA0384-42AA-428c-B832-88AC343DE1A8} -> C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2013-03-07] (Zeon Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-06] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-26] (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2013-03-07] (Zeon Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ [2010-01-09] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2014-12-26] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-06] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-26] ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2014-12-26] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-26] ()
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ [2015-01-23] ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-12-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-12-13] (NVIDIA Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2010-12-10] (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 8\bin\nppdf.dll [2012-07-31] (Zeon Corporation)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-26]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-26]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2014-12-26]

Chrome:
=======
CHR Profile: C:\Users\chberghoff\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\chberghoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-19]
CHR Extension: (YouTube) - C:\Users\chberghoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-19]
CHR Extension: (Google Search) - C:\Users\chberghoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-19]
CHR Extension: (Kaspersky Protection) - C:\Users\chberghoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-01-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\chberghoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-23]
CHR Extension: (Google Wallet) - C:\Users\chberghoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-28]
CHR Extension: (Gmail) - C:\Users\chberghoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-19]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-06-15] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [91296 2011-06-15] (Atheros Commnucations) [File not signed]
S2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [104096 2011-07-19] (Atheros Communication Inc.) [File not signed]
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3128856 2012-02-28] (devolo AG)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-12-03] (Ellora Assets Corp.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-08] (Electronic Arts)
R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [135056 2012-10-23] (Nuance Communications, Inc.)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [487960 2015-02-05] (Sony Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
S3 PrintNotify; C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [2987520 2014-10-29] (Microsoft Corporation) [File not signed]
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2010-02-24] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2010-02-24] (Sonic Solutions)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2014-12-26] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [819896 2015-03-18] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2014-12-26] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2012-01-31] (CACE Technologies)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 NWVoltron; C:\Windows\System32\DRIVERS\NWVoltron.sys [28440 2011-05-03] ()
R3 NWWakeFilterV; C:\Windows\System32\DRIVERS\NWWakeFilterV.sys [16152 2011-05-03] (n/a)
R2 risdsnpe; C:\Windows\System32\DRIVERS\risdsnxc64.sys [98816 2011-06-02] (REDC)
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-04-12] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-23 17:00 - 2015-06-23 17:00 - 00029381 _____ C:\Users\chberghoff\Desktop\FRST.txt
2015-06-23 16:45 - 2015-06-23 16:54 - 00000000 ____D C:\Users\chberghoff\AppData\Roaming\Notepad++
2015-06-23 16:40 - 2015-06-23 16:40 - 00852639 _____ C:\Users\chberghoff\Desktop\SecurityCheck.exe
2015-06-23 07:50 - 2015-06-23 07:50 - 00006172 _____ C:\Windows\system32\PerfStringBackup.TMP
2015-06-23 07:47 - 2015-06-23 07:47 - 02870984 _____ (ESET) C:\Users\chberghoff\Desktop\esetsmartinstaller_deu.exe
2015-06-22 10:30 - 2015-06-22 10:30 - 00001499 _____ C:\Users\chberghoff\Desktop\JRT.txt
2015-06-22 10:27 - 2015-06-22 10:27 - 00000207 _____ C:\Windows\tweaking.com-regbackup-BERGHOFF-VAIO-Windows-7-Home-Premium-(64-bit).dat
2015-06-22 10:27 - 2015-06-22 10:27 - 00000000 ____D C:\RegBackup
2015-06-22 10:26 - 2015-06-22 10:26 - 02950454 _____ (Thisisu) C:\Users\chberghoff\Desktop\JRT.exe
2015-06-22 10:25 - 2015-06-22 10:26 - 02950454 _____ (Thisisu) C:\Users\chberghoff\Downloads\JRT.exe
2015-06-22 10:23 - 2015-06-22 10:23 - 00002592 _____ C:\Users\chberghoff\Desktop\AdwCleaner[S1].txt
2015-06-22 10:12 - 2015-06-22 10:12 - 00002222 _____ C:\Users\chberghoff\Desktop\mbam.txt
2015-06-22 09:18 - 2015-06-22 09:18 - 02244096 _____ C:\Users\chberghoff\Desktop\AdwCleaner_4.207.exe
2015-06-22 08:26 - 2015-06-22 08:26 - 00001163 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-22 08:25 - 2015-06-22 08:25 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\chberghoff\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-21 12:50 - 2015-06-21 12:50 - 00036390 _____ C:\ComboFix.txt
2015-06-21 12:38 - 2015-06-22 10:20 - 00001360 _____ C:\Windows\PFRO.log
2015-06-21 12:15 - 2015-06-21 12:50 - 00000000 ____D C:\Qoobox
2015-06-21 12:15 - 2015-06-21 12:50 - 00000000 ____D C:\ComboFix
2015-06-21 12:15 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-21 12:15 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-21 12:15 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-21 12:15 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-21 12:15 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-21 12:15 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-21 12:15 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-21 12:15 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-21 12:14 - 2015-06-21 12:48 - 00000000 ____D C:\Windows\erdnt
2015-06-21 12:13 - 2015-06-21 12:13 - 05628633 ____R (Swearware) C:\Users\chberghoff\Desktop\ComboFix.exe
2015-06-21 09:11 - 2015-06-21 09:11 - 00129768 _____ C:\Users\chberghoff\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-21 09:06 - 2015-06-21 09:07 - 00497544 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-20 21:59 - 2015-06-20 21:59 - 00020266 _____ C:\Users\BERGHOFF\Downloads\ManualIgnition.zip
2015-06-20 19:36 - 2015-06-20 19:41 - 14482424 _____ C:\Users\BERGHOFF\Downloads\placeableCarWash_V1_1.zip
2015-06-20 18:58 - 2015-06-22 23:30 - 00001680 _____ C:\Windows\setupact.log
2015-06-20 18:58 - 2015-06-20 18:58 - 00000000 _____ C:\Windows\setuperr.log
2015-06-20 18:40 - 2015-06-20 18:40 - 00129768 _____ C:\Users\BERGHOFF\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-19 23:23 - 2015-06-20 12:58 - 00000000 ____D C:\Windows\Minidump
2015-06-19 22:07 - 2015-06-19 22:07 - 00380416 _____ C:\Users\chberghoff\Downloads\Gmer-19357.exe
2015-06-19 22:07 - 2015-06-19 22:07 - 00380416 _____ C:\Users\chberghoff\Desktop\Gmer-19357.exe
2015-06-19 22:02 - 2015-06-23 17:00 - 00000000 ____D C:\FRST
2015-06-19 22:02 - 2015-06-19 22:02 - 02109952 _____ (Farbar) C:\Users\chberghoff\Desktop\FRST64.exe
2015-06-19 22:00 - 2015-06-19 22:00 - 00050477 _____ C:\Users\chberghoff\Desktop\Defogger (1).exe
2015-06-19 21:58 - 2015-06-19 21:58 - 00050477 _____ C:\Users\chberghoff\Downloads\Defogger.exe
2015-06-19 21:58 - 2015-06-19 21:58 - 00000482 _____ C:\Users\chberghoff\Downloads\defogger_disable.log
2015-06-19 21:58 - 2015-06-19 21:58 - 00000000 _____ C:\Users\chberghoff\defogger_reenable
2015-06-19 14:15 - 2015-06-22 23:41 - 00002232 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-19 14:15 - 2015-06-19 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-19 00:28 - 2015-06-22 23:57 - 00005174 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for BERGHOFF-VAIO-chberghoff BERGHOFF-VAIO
2015-06-18 18:29 - 2015-06-18 18:29 - 00000000 ____D C:\Users\chberghoff\AppData\Roaming\IObit
2015-06-18 18:29 - 2015-06-18 18:29 - 00000000 ____D C:\ProgramData\IObit
2015-06-18 18:29 - 2015-06-18 18:29 - 00000000 ____D C:\Program Files (x86)\IObit
2015-06-18 18:19 - 2015-06-23 16:18 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-18 18:19 - 2015-06-18 18:19 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-18 18:19 - 2015-06-18 18:19 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-18 18:19 - 2015-06-18 18:19 - 00000000 ____D C:\Windows\system32\Macromed
2015-06-18 16:34 - 2015-06-18 16:34 - 00000000 ____D C:\Users\chberghoff\Documents\My Games
2015-06-18 14:44 - 2015-06-18 17:27 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-06-18 14:44 - 2015-06-18 17:27 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-06-18 14:43 - 2015-06-18 17:27 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-06-17 16:56 - 2015-06-17 16:57 - 00000000 ____D C:\Users\BERGHOFF\AppData\Roaming\MAGIX
2015-06-17 16:56 - 2015-06-17 16:56 - 00000000 ____D C:\Users\BERGHOFF\Documents\Video deluxe 2015
2015-06-17 16:56 - 2015-06-17 16:56 - 00000000 ____D C:\Users\BERGHOFF\Documents\MAGIX
2015-06-17 16:43 - 2015-06-18 13:04 - 00000000 ____D C:\Users\chberghoff\AppData\Roaming\ArcSoft
2015-06-17 16:43 - 2015-06-17 16:43 - 00000000 ____D C:\Users\chberghoff\AppData\Local\ArcSoft
2015-06-17 16:30 - 2015-06-17 16:30 - 00000000 ____D C:\Users\chberghoff\AppData\Roaming\MAGIX
2015-06-17 16:13 - 2015-06-17 16:13 - 00000000 ____D C:\Program Files\MAGIX
2015-06-17 16:02 - 2015-06-18 13:04 - 00000000 ____D C:\Users\chberghoff\Documents\MAGIX
2015-06-17 16:02 - 2015-06-17 16:30 - 00000000 ____D C:\ProgramData\MAGIX
2015-06-17 16:02 - 2015-06-17 16:02 - 00000000 ____D C:\Program Files (x86)\MAGIX
2015-06-14 16:20 - 2015-06-14 16:20 - 00000000 ____D C:\Users\BERGHOFF\AppData\Roaming\HpUpdate
2015-06-14 10:15 - 2015-06-14 10:15 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2015-06-14 10:15 - 2015-06-14 10:15 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2015-06-12 21:08 - 2015-06-12 21:08 - 00000000 ____D C:\Users\BERGHOFF\AppData\Local\TempTaskUpdateDetection5CF17E6F-42CF-4172-A194-5B9AB822F503
2015-06-10 09:29 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-10 09:29 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-10 09:29 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-10 09:29 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-10 09:29 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-10 09:29 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 09:29 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-10 09:29 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-10 09:29 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 09:29 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 09:29 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 09:29 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 09:29 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 09:29 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 09:29 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 09:29 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 09:29 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 09:29 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 09:28 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 09:28 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 09:28 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 09:28 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 09:28 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 09:28 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 09:28 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 09:28 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 09:28 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 09:28 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 09:28 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 09:28 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 09:28 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 09:28 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 09:28 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 09:28 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 09:28 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 09:28 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 09:28 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 09:28 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 09:28 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 09:28 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 09:28 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 09:28 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 09:28 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 09:28 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 09:28 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 09:28 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 09:28 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 09:28 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 09:28 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 09:28 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 09:28 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 09:28 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 09:28 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 09:28 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 09:28 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 09:28 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 09:28 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 09:28 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 09:28 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 09:28 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 09:28 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 09:28 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-10 09:27 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 09:27 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 09:27 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 09:27 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 09:27 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 09:27 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 09:27 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 09:27 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 09:27 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 09:27 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 09:27 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 09:27 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 09:27 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 09:27 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 09:27 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 09:27 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 09:27 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 09:27 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 09:27 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 09:27 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 09:27 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 09:27 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 09:27 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 09:27 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 09:27 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 09:27 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 09:27 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 09:27 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 09:27 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 09:27 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 09:27 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 09:27 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 09:27 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 09:27 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 09:27 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 09:27 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 09:27 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 09:27 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 09:27 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 09:27 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 09:27 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 09:27 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 09:27 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 09:27 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 09:27 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 09:27 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 09:27 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 09:27 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 09:27 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 09:27 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 09:27 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 09:27 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 09:27 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 09:27 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 09:27 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 09:27 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 09:27 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 09:27 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 09:27 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 09:27 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-09 14:35 - 2015-06-09 15:49 - 00000000 ____D C:\Users\BERGHOFF\Documents\ShipSim2008 UserData
2015-06-09 14:35 - 2015-06-09 14:35 - 00001220 _____ C:\Users\Public\Desktop\Schiff-Simulator 2008 Mission Editor.lnk
2015-06-09 14:35 - 2015-06-09 14:35 - 00001210 _____ C:\Users\Public\Desktop\Schiff-Simulator 2008.lnk
2015-06-09 14:35 - 2015-06-09 14:35 - 00000000 ____D C:\Users\BERGHOFF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Schiff-Simulator 2008
2015-06-09 14:35 - 2015-06-09 14:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Schiff-Simulator 2008
2015-06-09 14:30 - 2015-06-09 14:30 - 00000000 ____D C:\Program Files (x86)\Vstep
2015-06-09 14:19 - 2000-08-19 20:29 - 00268048 _____ (MetaCreations Corporation) C:\Windows\SysWOW64\dxtmeta2.dll
2015-06-09 13:30 - 2015-06-09 13:30 - 00000000 ____D C:\Users\BERGHOFF\AppData\Roaming\OpenOffice
2015-06-08 20:33 - 2015-06-21 16:07 - 00000000 ____D C:\Users\BERGHOFF\Documents\FIFA 13
2015-06-08 20:18 - 2015-06-08 20:18 - 00001307 _____ C:\Users\Public\Desktop\FIFA 13.lnk
2015-06-08 19:16 - 2015-06-18 17:27 - 00000000 ____D C:\Program Files (x86)\Electronic Arts

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-23 12:56 - 2015-03-04 00:00 - 00000000 ____D C:\Users\chberghoff\AppData\Local\Battle.net
2015-06-23 07:50 - 2014-12-26 00:08 - 00717634 _____ C:\Windows\system32\perfh007.dat
2015-06-23 07:50 - 2014-12-26 00:08 - 00155194 _____ C:\Windows\system32\perfc007.dat
2015-06-23 05:56 - 2014-12-26 17:17 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-06-23 05:05 - 2015-05-10 21:56 - 01595363 _____ C:\Windows\WindowsUpdate.log
2015-06-23 04:28 - 2009-07-14 06:45 - 00020992 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-23 04:28 - 2009-07-14 06:45 - 00020992 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-23 02:00 - 2015-05-03 13:16 - 00000000 ____D C:\Users\chberghoff\Documents\Outlook-Dateien
2015-06-22 23:30 - 2014-12-26 00:30 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-22 23:30 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-22 15:03 - 2015-05-03 13:17 - 00000000 ____D C:\Users\chberghoff\AppData\Roaming\TeamViewer
2015-06-22 10:56 - 2015-01-28 09:20 - 00000000 ____D C:\Users\chberghoff\AppData\Local\LogMeIn Hamachi
2015-06-22 10:16 - 2015-03-07 17:38 - 00000000 ____D C:\AdwCleaner
2015-06-22 10:08 - 2015-03-02 17:52 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-22 10:06 - 2014-12-26 01:44 - 00000000 ____D C:\Windows\no
2015-06-22 08:26 - 2015-03-02 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-22 08:26 - 2015-03-02 17:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-22 08:26 - 2015-01-14 15:30 - 00000000 ____D C:\Users\chberghoff\AppData\Local\CrashDumps
2015-06-21 16:16 - 2014-12-26 09:17 - 00000000 ____D C:\ProgramData\Origin
2015-06-21 13:57 - 2011-02-11 01:03 - 01648846 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-06-21 12:50 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-06-21 12:42 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-06-21 12:41 - 2015-04-18 15:47 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-06-21 12:35 - 2009-07-14 04:34 - 23330816 _____ C:\Windows\system32\config\SYSTEM.bak
2015-06-21 12:35 - 2009-07-14 04:34 - 114032640 _____ C:\Windows\system32\config\SOFTWARE.bak
2015-06-21 12:35 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2015-06-21 12:35 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2015-06-21 12:35 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2015-06-21 12:34 - 2009-07-14 04:34 - 44302336 _____ C:\Windows\system32\config\components.bak
2015-06-21 10:54 - 2015-03-03 19:06 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-06-21 09:11 - 2015-01-02 15:42 - 00002810 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-06-20 23:15 - 2014-12-29 18:08 - 00000000 ____D C:\Users\BERGHOFF\AppData\Roaming\TS3Client
2015-06-20 23:01 - 2015-03-13 18:10 - 00004096 _____ C:\Users\Public\Documents\0000322A.LCS
2015-06-20 23:00 - 2014-12-26 09:19 - 00000000 ____D C:\Users\BERGHOFF\AppData\Local\CrashDumps
2015-06-20 18:38 - 2014-12-27 15:26 - 00000000 ____D C:\Users\BERGHOFF\AppData\Roaming\Notepad++
2015-06-20 18:36 - 2014-12-26 19:09 - 00000000 ____D C:\Users\BERGHOFF\AppData\Local\LogMeIn Hamachi
2015-06-20 18:21 - 2015-02-12 09:25 - 00002270 _____ C:\Users\BERGHOFF\Desktop\Google Chrome.lnk
2015-06-19 23:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-19 21:58 - 2015-01-13 19:52 - 00000000 ____D C:\Users\chberghoff
2015-06-19 14:35 - 2015-01-17 15:10 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-19 14:15 - 2014-12-26 09:24 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-19 14:09 - 2014-12-26 02:08 - 00000000 ____D C:\Windows\pss
2015-06-19 14:05 - 2015-01-24 01:27 - 00000000 ___RD C:\Users\BERGHOFF\Dropbox
2015-06-19 14:05 - 2015-01-24 01:23 - 00000000 ____D C:\Users\BERGHOFF\AppData\Roaming\Dropbox
2015-06-19 13:51 - 2014-12-26 18:42 - 00000000 __SHD C:\Users\BERGHOFF\AppData\Local\EmieUserList
2015-06-19 13:51 - 2014-12-26 18:42 - 00000000 __SHD C:\Users\BERGHOFF\AppData\Local\EmieSiteList
2015-06-19 13:51 - 2014-12-26 18:42 - 00000000 __SHD C:\Users\BERGHOFF\AppData\Local\EmieBrowserModeList
2015-06-19 09:18 - 2015-02-17 12:16 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-19 00:32 - 2014-12-26 17:51 - 00000000 ____D C:\ProgramData\TEMP
2015-06-18 18:41 - 2009-07-14 07:13 - 01593956 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-18 18:29 - 2015-01-26 12:22 - 00000000 ____D C:\Users\chberghoff\AppData\Roaming\Apple Computer
2015-06-18 18:19 - 2015-01-13 19:54 - 00000000 ____D C:\Users\chberghoff\AppData\Local\Adobe
2015-06-18 18:19 - 2014-12-26 00:46 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-18 17:28 - 2015-05-05 08:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-06-18 17:28 - 2015-04-26 15:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2
2015-06-18 17:28 - 2015-04-21 20:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emergency 5
2015-06-18 17:28 - 2015-04-18 16:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bus-Simulator 2012
2015-06-18 17:28 - 2015-04-04 10:14 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-18 17:28 - 2015-04-03 18:37 - 00000000 ____D C:\Program Files (x86)\Quadriga Games
2015-06-18 17:28 - 2015-03-08 16:00 - 00000000 ____D C:\Users\Gast
2015-06-18 17:28 - 2015-03-06 18:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2013
2015-06-18 17:28 - 2015-03-04 00:00 - 00000000 ____D C:\Users\chberghoff\AppData\Roaming\Battle.net
2015-06-18 17:28 - 2015-01-15 18:48 - 00000000 ____D C:\Users\BERGHOFF\AppData\Roaming\Audacity
2015-06-18 17:28 - 2015-01-13 19:54 - 00000000 ____D C:\Users\chberghoff\AppData\Local\Google
2015-06-18 17:28 - 2014-12-27 13:51 - 00000000 ____D C:\Users\bslap2013
2015-06-18 17:28 - 2014-12-26 09:22 - 00000000 ____D C:\Program Files (x86)\Origin Games
2015-06-18 17:28 - 2014-12-26 02:12 - 00000000 ____D C:\Update
2015-06-18 17:28 - 2014-12-26 02:07 - 00000000 ____D C:\Users\BERGHOFF
2015-06-18 17:28 - 2014-12-26 01:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-06-18 17:28 - 2014-12-26 00:30 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-06-18 17:28 - 2014-12-26 00:29 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-06-18 17:28 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-06-18 17:27 - 2015-04-26 15:48 - 00000000 ____D C:\Program Files (x86)\Euro Truck Simulator 2
2015-06-18 17:27 - 2015-04-21 19:37 - 00000000 ____D C:\Program Files (x86)\Emergency 5
2015-06-18 17:27 - 2015-03-06 18:49 - 00000000 ____D C:\Program Files (x86)\Landwirtschafts Simulator 2013
2015-06-18 17:27 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2015-06-18 17:26 - 2015-01-13 19:54 - 00000000 ____D C:\Users\chberghoff\AppData\Local\NVIDIA
2015-06-18 17:26 - 2014-12-26 00:30 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-18 17:26 - 2014-12-26 00:10 - 00000000 ____D C:\ProgramData\Sony Corporation
2015-06-18 17:26 - 2014-12-26 00:10 - 00000000 ____D C:\Program Files\Sony
2015-06-18 13:04 - 2011-05-27 23:57 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-06-18 10:38 - 2015-02-12 18:37 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-18 10:35 - 2015-01-13 19:55 - 00000000 ____D C:\Users\chberghoff\AppData\Local\NVIDIA Corporation
2015-06-14 21:18 - 2015-01-28 09:30 - 00000000 __SHD C:\Users\chberghoff\AppData\Local\EmieUserList
2015-06-14 21:18 - 2015-01-28 09:30 - 00000000 __SHD C:\Users\chberghoff\AppData\Local\EmieSiteList
2015-06-14 21:18 - 2015-01-28 09:30 - 00000000 __SHD C:\Users\chberghoff\AppData\Local\EmieBrowserModeList
2015-06-14 16:27 - 2015-04-18 15:47 - 00000000 ____D C:\Users\BERGHOFF\AppData\Roaming\TeamViewer
2015-06-14 10:15 - 2015-05-05 08:15 - 00002099 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-06-14 10:15 - 2015-05-05 08:15 - 00002097 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-06-14 10:15 - 2015-05-05 08:15 - 00002087 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-06-11 17:07 - 2014-12-26 02:15 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 17:02 - 2015-01-23 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-06-11 16:19 - 2014-12-26 19:14 - 00000000 ____D C:\Users\BERGHOFF\AppData\Roaming\.minecraft
2015-06-11 10:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-10 16:09 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-10 16:01 - 2015-04-15 21:02 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-10 16:01 - 2015-04-15 21:02 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-10 16:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-10 15:25 - 2015-01-06 15:37 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 15:12 - 2015-01-06 15:37 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-10 15:10 - 2009-07-14 04:34 - 00000510 _____ C:\Windows\win.ini
2015-06-09 14:18 - 2015-02-24 19:13 - 00000000 ____D C:\Users\BERGHOFF\Desktop\Microsoft 2013
2015-06-09 13:32 - 2014-12-26 18:10 - 00000000 ____D C:\Users\BERGHOFF\Documents\Outlook-Dateien
2015-06-09 10:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\spool
2015-06-08 19:24 - 2014-12-26 09:21 - 00000000 ____D C:\Users\BERGHOFF\AppData\Roaming\Origin
2015-06-08 19:15 - 2014-12-26 09:16 - 00000000 ____D C:\Program Files (x86)\Origin
2015-06-08 19:14 - 2015-01-21 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LoiLo Game Recorder
2015-06-07 17:50 - 2015-04-18 15:47 - 00001028 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-06-07 15:35 - 2015-05-21 13:15 - 00000000 ____D C:\Users\chberghoff\AppData\Roaming\HpUpdate
2015-06-07 13:32 - 2014-12-29 18:36 - 00000000 ___RD C:\Program Files (x86)\Skype

==================== Files in the root of some directories =======

2015-05-04 17:50 - 2015-05-04 17:50 - 0002084 _____ () C:\Users\chberghoff\AppData\Local\recently-used.xbel
2015-01-13 13:26 - 2015-01-13 13:26 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\chberghoff\AppData\Local\Temp\npp.6.7.8.2.Installer.exe
C:\Users\chberghoff\AppData\Local\Temp\Quarantine.exe
C:\Users\chberghoff\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-23 16:28

==================== End of log ============================
Vielen Dank und Grüße

Leider bestehen die Probleme immer noch

schrauber 24.06.2015 11:39
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Users\chberghoff\Downloads\OpenOffice - CHIP-Installer.exe
RemoveProxy:
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


mobspot 24.06.2015 18:33
Code:
Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by chberghoff at 2015-06-24 12:53:49 Run:1
Running from C:\Users\chberghoff\Desktop
Loaded Profiles: chberghoff (Available Profiles: BERGHOFF & bslap2013 & chberghoff & Gast)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Users\chberghoff\Downloads\OpenOffice - CHIP-Installer.exe
RemoveProxy:
Emptytemp:
*****************

C:\Users\chberghoff\Downloads\OpenOffice - CHIP-Installer.exe => moved successfully.

========= RemoveProxy: =========

"HKU\S-1-5-21-2171270164-1414087093-4126627718-1005\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2171270164-1414087093-4126627718-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2171270164-1414087093-4126627718-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

EmptyTemp: => 781.8 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 12:54:22 ====
Liebe Grüße
mobspot

:dankeschoen:
Hi Schrauber,

das mit diesen komischen Tönen konnte ich selbst bereinigen. Ursache war wahrscheinlich ein Treiberfehler meines bescheuerten Touchbildschirms (evtl. von einem Update von Vaio). Jedenfalls ist dieser nervige Ton schonmal weg.

Das selbständige mini- und maximieren scheint jetzt auch weg zu sein.

Vielen Dank auf jeden Fall für Deine Hilfe, denn wirklich sauber war das System ja auch nicht gerade.:pfeiff:

Nun noch eine Frage, welches von diesen Schutz-Programmen sollte ich benutzen um mir nicht wieder solchen Mist auf meinen PC zu laden.

Viele Grüße

mobspot

natürlich gibts auch noch ne Spende von uns


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:39 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131