Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Adware, Adware, Adware... (https://www.trojaner-board.de/170377-adware-adware-adware.html)

gorbiWTF 28.08.2015 02:44
Adware, Adware, Adware...
 
Wieder mal die Profis nerven ;)

Ein PC, im selben Haushalt wie der Patient von http://www.trojaner-board.de/170273-...-prozesse.html dürfte also auch ähnliche Ursachen haben:
  • Browser Toolbars (unter anderem wird die "neue Seite" in Chrome immer auf Yahoo umgeleitet; sie ist nicht so eingestellt, aber sie leitet darauf um).
  • Sehr viel Werbung (auf Amazon ist nur noch knapp die Hälfte von Amazon sichtbar). Und so weiter...
Wieder mit AdwCleaner und Desinfec't (mit Avira und Bitdefender), Probleme beheben. Hat nichts gebracht. (Wieso mach ich das überhaupt noch? ;))

Bitte schön:

FRST.txt
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:25-08-2015 02
durchgeführt von Karner (Administrator) auf KARNER-PC (27-08-2015 21:08:10)
Gestartet von C:\Users\Karner\Desktop\2
Geladene Profile: Karner (Verfügbare Profile: Karner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKU\S-1-5-21-2586071664-3321571720-2106972508-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  Keine Datei

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://at.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bir-sw__alt__ddc_dsssyc_bd_com
HKU\S-1-5-21-2586071664-3321571720-2106972508-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://at.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bir-sw__alt__ddc_dsssyc_bd_com
URLSearchHook: HKLM-x32 -> Standard = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://at.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-sw__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://at.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-sw__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2586071664-3321571720-2106972508-1002 -> DefaultScope {70DE0622-86FD-45C4-847C-8871E5D74C87} URL = hxxp://at.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-sw__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2586071664-3321571720-2106972508-1002 -> OldSearch URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2586071664-3321571720-2106972508-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2586071664-3321571720-2106972508-1002 -> {70DE0622-86FD-45C4-847C-8871E5D74C87} URL = hxxp://at.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-sw__alt__ddc_dss_bd_com&p={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-09] (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll Keine Datei
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2012-06-14] (CANON INC.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-09] (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2011-05-13] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-11-14] (Skype Technologies S.A.)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14] (CANON INC.)
Toolbar: HKU\S-1-5-21-2586071664-3321571720-2106972508-1002 -> Kein Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  Keine Datei
Toolbar: HKU\S-1-5-21-2586071664-3321571720-2106972508-1002 -> Kein Name - {51A86BB3-6602-4C85-92A5-130EE4864F13} -  Keine Datei
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-11-14] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  Keine Datei
Hosts: 0.0.0.1        mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{E402F878-83D6-4346-B616-4923CEF8C0AC}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{E94F8658-7079-4071-AA59-FB256BF9D92F}: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Karner\AppData\Roaming\Mozilla\Firefox\Profiles\kp7rap95.default
FF NewTab: hxxp://at.search.yahoo.com/?fr=hp-ddc-bd-tab&type=bl-bfr-sw__alt__ddc_dsssyctab_bd_com
FF DefaultSearchEngine: Yahoo Search!
FF SelectedSearchEngine: Yahoo Search!
FF Homepage: hxxp://at.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bfr-sw__alt__ddc_dsssyc_bd_com
FF Keyword.URL: hxxp://at.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bfr-sw__alt__ddc_dss_bd_com&p={searchTerms}
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-07-04] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-09-25] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-07-23] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-09] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-10-09] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-09] ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-07-04] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @parallelgraphics.com/Cortona -> C:\Program Files (x86)\Common Files\ParallelGraphics\Cortona\npcortona.dll [2011-11-28] (ParallelGraphics)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-26] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-23] (Adobe Systems)
FF Extension: Roll Around - C:\Users\Karner\AppData\Roaming\Mozilla\Firefox\Profiles\kp7rap95.default\Extensions\{d7701dd1-0e12-4c3c-b44d-884eebe6a7b1}.xpi [2015-07-28]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-09-13]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-09-13]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-09-13]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-09-13]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-09-13]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR Profile: C:\Users\Karner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Karner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-27]
CHR Extension: (Google Docs) - C:\Users\Karner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-27]
CHR Extension: (Google Drive) - C:\Users\Karner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-27]
CHR Extension: (YouTube) - C:\Users\Karner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-27]
CHR Extension: (Google Search) - C:\Users\Karner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-27]
CHR Extension: (Kaspersky Protection) - C:\Users\Karner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-08-27]
CHR Extension: (Google Sheets) - C:\Users\Karner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Karner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-27]
CHR Extension: (Skype Click to Call) - C:\Users\Karner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-08-27]
CHR Extension: (DVDVideoSoft) - C:\Users\Karner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2015-08-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Karner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-27]
CHR Extension: (Gmail) - C:\Users\Karner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-27]
CHR Profile: C:\Users\Karner\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Kaspersky Protection) - C:\Users\Karner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-03-12]
CHR Extension: (We Heart It) - C:\Users\Karner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iblenkmcolcdonmlfknbpbgjebabcoae [2015-03-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Karner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Karner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-12]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx <nicht gefunden>
CHR HKU\S-1-5-21-2586071664-3321571720-2106972508-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-02-13]
CHR HKLM-x32\...\Chrome\Extension: [clbfjfbnelcflpgpklppgplejolacbej] - C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [fgfdfcbeamjnjdejakdidpniblllnbpg] - C:\Windows\SysWOW64\jmdp\pnte.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-11-14]
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\Karner\AppData\Local\Temp\YontooLayers.crx <nicht gefunden>

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-07-22] (Adobe Systems Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-08] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
S2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [619776 2015-01-15] (Lenovo)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5606672 2015-08-07] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2012-11-01] (EldoS Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-10-09] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-10-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-27 21:08 - 2015-08-27 21:08 - 00000000 ____D C:\FRST
2015-08-27 21:07 - 2015-08-27 21:07 - 00000000 _____ C:\Users\Karner\defogger_reenable
2015-08-27 21:06 - 2015-08-27 21:08 - 00000000 ____D C:\Users\Karner\Desktop\2
2015-08-27 21:06 - 2015-08-27 21:07 - 00000000 ____D C:\Users\Karner\Desktop\1
2015-08-27 21:06 - 2015-08-27 21:06 - 00000000 ____D C:\Users\Karner\Desktop\RevoUninstallerPortable
2015-08-27 21:06 - 2015-08-27 21:06 - 00000000 ____D C:\Users\Karner\Desktop\3
2015-08-27 21:05 - 2015-08-27 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2015-08-27 21:03 - 2015-08-27 21:03 - 00001051 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10 Host.lnk
2015-08-27 21:03 - 2015-08-27 21:03 - 00001039 _____ C:\Users\Public\Desktop\TeamViewer 10 Host.lnk
2015-08-27 21:03 - 2015-08-27 21:03 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-08-27 15:25 - 2015-08-27 15:25 - 00000000 ____D C:\Users\Karner\AppData\Roaming\Sun
2015-08-27 15:25 - 2015-08-27 15:25 - 00000000 ____D C:\Users\Karner\.oracle_jre_usage
2015-08-27 15:24 - 2015-08-27 15:24 - 00000000 ____D C:\ProgramData\Oracle
2015-08-27 14:53 - 2015-08-27 14:54 - 00000000 ____D C:\AdwCleaner
2015-08-22 20:06 - 2015-08-11 03:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-22 20:06 - 2015-08-11 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-22 20:06 - 2015-08-11 02:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-22 20:06 - 2015-08-11 02:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-12 19:15 - 2015-07-30 15:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 19:15 - 2015-07-30 15:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 19:13 - 2015-08-12 19:13 - 09284296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-08-12 18:40 - 2015-07-28 22:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-12 18:40 - 2015-07-28 22:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-12 18:40 - 2015-07-28 22:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-12 18:40 - 2015-07-28 22:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-12 18:40 - 2015-07-28 22:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-12 18:40 - 2015-07-28 22:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-12 18:40 - 2015-07-28 22:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-12 18:40 - 2015-07-28 21:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-12 18:40 - 2015-07-16 21:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-12 18:40 - 2015-07-16 21:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-12 18:40 - 2015-07-16 21:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-12 18:40 - 2015-07-16 21:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 18:40 - 2015-07-16 21:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-12 18:40 - 2015-07-16 21:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-12 18:40 - 2015-07-15 20:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 18:40 - 2015-07-15 20:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-12 18:40 - 2015-07-15 20:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-12 18:40 - 2015-07-15 20:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 18:40 - 2015-07-15 20:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 18:40 - 2015-07-15 20:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-12 18:40 - 2015-07-15 20:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-12 18:40 - 2015-07-15 20:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-12 18:40 - 2015-07-15 20:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-12 18:40 - 2015-07-15 20:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-12 18:40 - 2015-07-15 20:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-12 18:40 - 2015-07-15 20:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-12 18:40 - 2015-07-15 20:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-12 18:40 - 2015-07-15 20:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-12 18:40 - 2015-07-15 20:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-12 18:40 - 2015-07-15 20:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-12 18:40 - 2015-07-15 20:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-12 18:40 - 2015-07-15 20:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-12 18:40 - 2015-07-15 20:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-12 18:40 - 2015-07-15 20:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-12 18:40 - 2015-07-15 20:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-12 18:40 - 2015-07-15 20:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-12 18:40 - 2015-07-15 20:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-12 18:40 - 2015-07-15 20:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-12 18:40 - 2015-07-15 20:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-12 18:40 - 2015-07-15 20:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-12 18:40 - 2015-07-15 20:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 18:40 - 2015-07-15 20:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-12 18:40 - 2015-07-15 20:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-12 18:40 - 2015-07-15 20:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-12 18:40 - 2015-07-15 20:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-12 18:40 - 2015-07-15 20:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-12 18:40 - 2015-07-15 20:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 18:40 - 2015-07-15 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-12 18:40 - 2015-07-15 20:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-12 18:40 - 2015-07-15 20:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-12 18:40 - 2015-07-15 20:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-12 18:40 - 2015-07-15 20:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-12 18:40 - 2015-07-15 20:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-12 18:40 - 2015-07-15 20:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 20:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 20:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 20:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 19:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-12 18:40 - 2015-07-15 19:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-12 18:40 - 2015-07-15 19:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-12 18:40 - 2015-07-15 19:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-12 18:40 - 2015-07-15 19:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-12 18:40 - 2015-07-15 19:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-12 18:40 - 2015-07-15 19:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-12 18:40 - 2015-07-15 19:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-12 18:40 - 2015-07-15 19:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-12 18:40 - 2015-07-15 19:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-12 18:40 - 2015-07-15 19:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-12 18:40 - 2015-07-15 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-12 18:40 - 2015-07-15 19:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-12 18:40 - 2015-07-15 19:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-12 18:40 - 2015-07-15 19:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-12 18:40 - 2015-07-15 19:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-12 18:40 - 2015-07-15 19:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-12 18:40 - 2015-07-15 19:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-12 18:40 - 2015-07-15 19:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-12 18:40 - 2015-07-15 19:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-12 18:40 - 2015-07-15 19:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-12 18:40 - 2015-07-15 19:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-12 18:40 - 2015-07-15 19:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-12 18:40 - 2015-07-15 19:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-12 18:40 - 2015-07-15 19:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-12 18:40 - 2015-07-15 19:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 19:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 18:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-12 18:40 - 2015-07-15 18:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-12 18:40 - 2015-07-15 18:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-12 18:40 - 2015-07-15 18:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-12 18:40 - 2015-07-15 18:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-12 18:40 - 2015-07-15 18:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 18:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 18:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 18:40 - 2015-07-15 18:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-12 18:40 - 2015-07-11 15:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-08-12 18:39 - 2015-07-15 05:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 18:38 - 2015-07-21 02:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-12 18:38 - 2015-07-21 02:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-12 18:38 - 2015-07-16 22:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-12 18:38 - 2015-07-16 22:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-12 18:38 - 2015-07-16 22:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 18:38 - 2015-07-16 22:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 18:38 - 2015-07-16 22:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-12 18:38 - 2015-07-16 22:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-12 18:38 - 2015-07-16 22:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-12 18:38 - 2015-07-16 22:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-12 18:38 - 2015-07-16 22:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 18:38 - 2015-07-16 22:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-12 18:38 - 2015-07-16 22:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-12 18:38 - 2015-07-16 22:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 18:38 - 2015-07-16 22:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-12 18:38 - 2015-07-16 22:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-12 18:38 - 2015-07-16 22:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-12 18:38 - 2015-07-16 22:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-12 18:38 - 2015-07-16 22:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-12 18:38 - 2015-07-16 22:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-12 18:38 - 2015-07-16 21:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-12 18:38 - 2015-07-16 21:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-12 18:38 - 2015-07-16 21:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-12 18:38 - 2015-07-16 21:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-12 18:38 - 2015-07-16 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-12 18:38 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-12 18:38 - 2015-07-16 21:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-12 18:38 - 2015-07-16 21:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-12 18:38 - 2015-07-16 21:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-12 18:38 - 2015-07-16 21:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-12 18:38 - 2015-07-16 21:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-12 18:38 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-12 18:38 - 2015-07-16 21:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-12 18:38 - 2015-07-16 21:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-12 18:38 - 2015-07-16 21:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-12 18:38 - 2015-07-16 21:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 18:38 - 2015-07-16 21:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-12 18:38 - 2015-07-16 21:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 18:38 - 2015-07-16 21:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-12 18:38 - 2015-07-16 21:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 18:38 - 2015-07-16 21:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-12 18:38 - 2015-07-16 21:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-12 18:38 - 2015-07-16 21:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-12 18:38 - 2015-07-16 21:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-12 18:38 - 2015-07-16 21:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-12 18:38 - 2015-07-16 21:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-12 18:38 - 2015-07-16 21:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 18:38 - 2015-07-16 21:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-12 18:38 - 2015-07-16 21:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-12 18:38 - 2015-07-16 21:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-12 18:38 - 2015-07-16 21:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-12 18:38 - 2015-07-16 21:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 18:38 - 2015-07-16 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-12 18:38 - 2015-07-16 20:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-12 18:38 - 2015-07-16 20:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-12 18:38 - 2015-07-16 20:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-12 18:37 - 2015-07-30 20:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 18:37 - 2015-07-30 20:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 18:37 - 2015-07-30 20:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 18:37 - 2015-07-30 20:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-12 18:37 - 2015-07-30 20:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 18:37 - 2015-07-30 20:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-12 18:37 - 2015-07-30 20:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-12 18:37 - 2015-07-30 19:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-12 18:37 - 2015-07-30 19:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-12 18:37 - 2015-07-30 19:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-12 18:37 - 2015-07-30 19:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-12 18:37 - 2015-07-30 19:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-12 18:37 - 2015-07-30 19:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-12 18:37 - 2015-07-30 18:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 18:37 - 2015-07-30 18:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 18:37 - 2015-07-30 18:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-12 18:37 - 2015-07-20 20:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-12 18:37 - 2015-07-20 20:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-12 18:37 - 2015-07-20 20:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-12 18:37 - 2015-07-20 20:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-12 18:37 - 2015-07-20 20:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-12 18:37 - 2015-07-20 20:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-12 18:37 - 2015-07-20 20:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-12 18:37 - 2015-07-20 20:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-12 18:37 - 2015-07-20 20:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-12 18:37 - 2015-07-20 20:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-12 18:37 - 2015-07-20 20:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-12 18:37 - 2015-07-20 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-12 18:37 - 2015-07-20 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-12 18:37 - 2015-07-20 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-12 18:37 - 2015-07-20 19:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-12 18:37 - 2015-07-20 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-12 18:37 - 2015-07-15 05:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 18:37 - 2015-07-15 05:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 18:37 - 2015-07-15 05:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-12 18:37 - 2015-07-15 05:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-12 18:37 - 2015-07-15 04:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-12 18:37 - 2015-07-15 04:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-12 18:37 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-12 18:37 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-12 18:37 - 2015-07-10 19:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 18:37 - 2015-07-10 19:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-12 18:37 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 18:37 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 18:37 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-12 18:37 - 2015-07-01 22:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 18:37 - 2015-07-01 22:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 18:37 - 2015-07-01 22:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-12 18:37 - 2015-07-01 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-12 18:37 - 2015-05-09 20:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-10 11:24 - 2015-08-10 11:24 - 00000000 ____D C:\ProgramData\Nikon
2015-08-09 15:01 - 2015-08-16 14:16 - 00000000 ____D C:\Users\Karner\Desktop\Fotografie
2015-08-09 14:19 - 2015-08-09 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Message Center 2
2015-08-09 14:17 - 2015-08-09 14:17 - 00000268 ___RH C:\Users\Karner\AppData\Roaming\Installer Plugin
2015-08-09 14:17 - 2015-08-09 14:17 - 00000268 ___RH C:\ProgramData\Iterate Items
2015-08-09 14:17 - 2015-08-09 14:17 - 00000020 ____H C:\ProgramData\PKP_DLes.DAT
2015-08-09 14:17 - 2015-08-09 14:17 - 00000000 ____D C:\ProgramData\Track Settings
2015-08-09 14:16 - 2015-08-09 14:19 - 00000000 ____D C:\Program Files (x86)\Nikon
2015-08-09 14:16 - 2015-08-09 14:18 - 00000000 ____D C:\Program Files\Common Files\Nikon
2015-08-09 14:16 - 2015-08-09 14:17 - 00000000 ____D C:\ProgramData\Ultima_T15
2015-08-09 14:16 - 2015-08-09 14:17 - 00000000 ____D C:\ProgramData\EnterNHelp
2015-08-09 14:16 - 2015-08-09 14:16 - 00002053 _____ C:\Users\Public\Desktop\ViewNX 2.lnk
2015-08-09 14:16 - 2015-08-09 14:16 - 00000268 ___RH C:\Users\Karner\AppData\Roaming\Instrument Library
2015-08-09 14:16 - 2015-08-09 14:16 - 00000268 ___RH C:\Users\Karner\AppData\Roaming\InkjetPrinter
2015-08-09 14:16 - 2015-08-09 14:16 - 00000268 ___RH C:\ProgramData\Jazz
2015-08-09 14:16 - 2015-08-09 14:16 - 00000268 ___RH C:\ProgramData\Internet Services
2015-08-09 14:16 - 2015-08-09 14:16 - 00000020 ____H C:\ProgramData\PKP_DLev.DAT
2015-08-09 14:16 - 2015-08-09 14:16 - 00000020 ____H C:\ProgramData\PKP_DLet.DAT
2015-08-09 14:16 - 2015-08-09 14:16 - 00000000 ____D C:\ProgramData\Tuner
2015-08-09 14:16 - 2015-08-09 14:16 - 00000000 ____D C:\ProgramData\SystemConfiguration
2015-08-09 14:16 - 2015-08-09 14:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ViewNX 2
2015-08-09 14:16 - 2015-08-09 14:16 - 00000000 ____D C:\Program Files\Nikon
2015-08-09 14:16 - 2015-08-09 14:15 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ATL71.DLL
2015-08-09 14:15 - 2015-08-09 14:18 - 00000000 ____D C:\Users\Karner\AppData\Local\Downloaded Installations
2015-08-09 14:13 - 2015-08-09 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon
2015-07-29 13:15 - 2015-07-29 13:15 - 00000000 ____D C:\Users\Karner\AppData\Local\Macromedia
2015-07-29 13:14 - 2015-07-29 13:14 - 00007605 _____ C:\Users\Karner\AppData\Local\Resmon.ResmonCfg
2015-07-28 11:46 - 2015-07-28 11:52 - 00000000 ____D C:\Users\Karner\AppData\Local\Mozilla
2015-07-28 11:46 - 2015-07-28 11:46 - 00001167 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-28 11:46 - 2015-07-28 11:46 - 00000000 ____D C:\ProgramData\Mozilla
2015-07-28 11:46 - 2015-07-28 11:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-28 11:45 - 2015-07-28 11:45 - 00242928 _____ C:\Users\Karner\Downloads\Firefox Setup Stub 39.0.exe
2015-07-28 08:57 - 2015-07-28 08:57 - 00001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-27 21:07 - 2011-09-30 19:26 - 00000000 ____D C:\Users\Karner
2015-08-27 21:06 - 2011-09-30 19:15 - 01242098 _____ C:\Windows\WindowsUpdate.log
2015-08-27 21:05 - 2011-10-01 18:20 - 01595644 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-08-27 21:05 - 2011-02-10 21:25 - 00699884 _____ C:\Windows\system32\perfh007.dat
2015-08-27 21:05 - 2011-02-10 21:25 - 00149766 _____ C:\Windows\system32\perfc007.dat
2015-08-27 21:04 - 2009-07-14 07:13 - 01595644 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-27 21:00 - 2011-06-28 01:28 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-27 20:58 - 2009-07-14 06:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-27 20:58 - 2009-07-14 06:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-27 20:49 - 2011-09-30 19:23 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-08-27 20:48 - 2011-09-30 19:19 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-27 20:48 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-27 20:48 - 2009-07-14 06:51 - 00248600 _____ C:\Windows\setupact.log
2015-08-27 15:30 - 2011-09-30 19:19 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-27 15:13 - 2013-02-25 16:59 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-27 15:05 - 2015-03-12 18:12 - 00002401 _____ C:\Users\Karner\Desktop\Kira - Chrome.lnk
2015-08-27 14:59 - 2015-07-09 17:01 - 00000000 ___RD C:\Users\Karner\Creative Cloud Files
2015-08-27 14:59 - 2015-07-09 16:58 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-08-27 14:59 - 2011-10-01 15:36 - 00000000 ____D C:\Users\Karner\AppData\Local\Adobe
2015-08-27 14:54 - 2012-06-17 10:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-27 14:54 - 2011-09-30 20:35 - 00000000 ____D C:\ProgramData\ICQ
2015-08-26 19:37 - 2011-10-01 18:20 - 00000000 ____D C:\Users\Karner\AppData\Roaming\SoftGrid Client
2015-08-26 14:39 - 2013-09-20 16:34 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-08-26 10:46 - 2015-07-26 14:09 - 00000000 ____D C:\Users\Karner\Desktop\Images
2015-08-26 10:13 - 2015-01-14 14:40 - 00000000 ____D C:\Users\Karner\Desktop\VWA
2015-08-26 08:30 - 2012-12-01 19:45 - 00000000 ____D C:\ProgramData\Norton
2015-08-26 08:30 - 2010-11-21 05:47 - 01643772 _____ C:\Windows\PFRO.log
2015-08-25 15:07 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-08-25 15:04 - 2012-04-17 18:12 - 00000000 ___RD C:\Users\Karner\Desktop\Schule,andere
2015-08-24 12:12 - 2015-03-11 16:56 - 00000000 ____D C:\Users\Karner\Documents\FlashIntegro
2015-08-14 10:27 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-08-14 08:41 - 2009-07-14 06:45 - 00396616 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-14 08:39 - 2014-12-12 17:24 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-14 08:39 - 2014-06-11 19:29 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 19:16 - 2011-10-11 14:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 19:15 - 2012-05-19 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 19:14 - 2012-05-19 19:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 19:14 - 2012-05-19 19:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-12 19:13 - 2013-02-25 16:59 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-12 19:13 - 2013-02-25 16:59 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-12 19:13 - 2011-06-28 01:24 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-12 19:06 - 2014-09-14 10:04 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 18:55 - 2011-02-10 22:56 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-11 10:22 - 2011-09-30 19:27 - 00098856 _____ C:\Users\Karner\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-09 14:19 - 2011-03-15 00:29 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-09 14:02 - 2015-03-12 17:48 - 00000000 ____D C:\Users\Karner\AppData\Local\Lenovo
2015-08-06 11:50 - 2011-02-10 20:44 - 00000000 ____D C:\Windows\Panther
2015-08-06 11:44 - 2015-07-10 19:28 - 00000000 ___HD C:\$Windows.~BT
2015-07-31 20:02 - 2015-04-04 17:37 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-28 22:23 - 2015-04-04 17:37 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-28 11:46 - 2011-09-30 20:35 - 00000000 ____D C:\Users\Karner\AppData\Roaming\Mozilla
2015-07-28 08:57 - 2011-02-10 22:48 - 00000000 ____D C:\Program Files (x86)\Adobe

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-08-09 14:16 - 2015-08-09 14:16 - 0000268 ___RH () C:\Users\Karner\AppData\Roaming\InkjetPrinter
2015-08-09 14:17 - 2015-08-09 14:17 - 0000268 ___RH () C:\Users\Karner\AppData\Roaming\Installer Plugin
2015-08-09 14:16 - 2015-08-09 14:16 - 0000268 ___RH () C:\Users\Karner\AppData\Roaming\Instrument Library
2013-01-26 14:49 - 2013-01-26 14:49 - 0002674 _____ () C:\Users\Karner\AppData\Local\recently-used.xbel
2015-07-29 13:14 - 2015-07-29 13:14 - 0007605 _____ () C:\Users\Karner\AppData\Local\Resmon.ResmonCfg
2012-02-15 20:23 - 2012-02-15 20:23 - 0017408 _____ () C:\Users\Karner\AppData\Local\WebpageIcons.db
2015-08-09 14:16 - 2015-08-09 14:16 - 0000268 ___RH () C:\ProgramData\Internet Services
2015-08-09 14:17 - 2015-08-09 14:17 - 0000268 ___RH () C:\ProgramData\Iterate Items
2015-08-09 14:16 - 2015-08-09 14:16 - 0000268 ___RH () C:\ProgramData\Jazz
2015-08-09 14:17 - 2015-08-09 14:17 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2015-08-09 14:16 - 2015-08-09 14:16 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2015-08-09 14:16 - 2015-08-09 14:16 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Free YouTube to MP3 Converter\DVDVideoSoft.AVConverter.dll
C:\Users\Free YouTube to MP3 Converter\DVDVideoSoft.DVSVideoDownloader.dll
C:\Users\Free YouTube to MP3 Converter\DVDVideoSoft.iTunes.dll
C:\Users\Free YouTube to MP3 Converter\DVDVideoSoft.MediaTagsEditor.dll
C:\Users\Free YouTube to MP3 Converter\DVDVideoSoft.PresetEditor.dll
C:\Users\Free YouTube to MP3 Converter\DVDVideoSoft.Resources.dll
C:\Users\Free YouTube to MP3 Converter\DVDVideoSoft.RockIdHelper.dll
C:\Users\Free YouTube to MP3 Converter\DVDVideoSoft.TaskbarManager.dll
C:\Users\Free YouTube to MP3 Converter\DVDVideoSoft.VideoFileToIPOD.dll
C:\Users\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
C:\Users\Free YouTube to MP3 Converter\taglib-sharp.dll
C:\Users\Free YouTube to MP3 Converter\unins000.dat
C:\Users\Free YouTube to MP3 Converter\unins000.exe


Einige Dateien in TEMP:
====================
C:\Users\Karner\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Karner\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Karner\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Karner\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Karner\AppData\Local\Temp\sqlite3.dll
C:\Users\Karner\AppData\Local\Temp\tempmessage.bfg
C:\Users\Karner\AppData\Local\Temp\vlc-2.1.5-win64.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-08-22 15:44

==================== Ende von FRST.txt ============================
Addition.txt
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:25-08-2015 02
durchgeführt von Karner (2015-08-27 21:09:07)
Gestartet von C:\Users\Karner\Desktop\2
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2586071664-3321571720-2106972508-500 - Administrator - Disabled)
Gast (S-1-5-21-2586071664-3321571720-2106972508-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2586071664-3321571720-2106972508-1004 - Limited - Enabled)
Karner (S-1-5-21-2586071664-3321571720-2106972508-1002 - Administrator - Enabled) => C:\Users\Karner

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

A1 Internet Software (HKLM-x32\...\A1 Internet Software) (Version: 8.1.0.55 - A1 Telekom Austria AG)
A1 Internet Software (x32 Version: 8.1.0.55 - A1 Telekom Austria AG) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.2.0.129 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe InDesign CC 2015 (HKLM-x32\...\{DBFD0312-6E55-1014-8952-E78D43BC0147}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
aonUpdate (HKLM-x32\...\aonUpdate) (Version: 1.4.0.42 - A1 Telekom Austria AG)
aonUpdate (x32 Version: 1.4.0.42 - A1 Telekom Austria AG) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.10707 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{B72CAB06-4420-F4D1-AFBB-AF9093D3D237}) (Version: 3.0.833.0 - ATI Technologies, Inc.)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MG2200 series Benutzerregistrierung (HKLM-x32\...\Canon MG2200 series Benutzerregistrierung) (Version:  - Canon Inc.‎)
Canon MG2200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2200_series) (Version: 1.00 - Canon Inc.)
Canon MG2200 series On-screen Manual (HKLM-x32\...\Canon MG2200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
Cortona3D Viewer (HKLM\...\{DEACDFFA-D424-416F-B849-FA282F55B2CE}) (Version: 7.0.188 - ParallelGraphics)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
FOTO AT Fotowelt (HKLM-x32\...\FOTO AT Fotowelt) (Version: 5.1.7 - CEWE Stiftung u Co. KGaA)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GeoGebra (HKLM-x32\...\GeoGebra) (Version: 4.0.15.0 - International GeoGebra Institute)
GeoGebra 4.2 (HKLM-x32\...\GeoGebra 4.2) (Version: 4.2.58.0 - International GeoGebra Institute)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Governor of Poker 2 (HKLM-x32\...\BFG-Governor of Poker 2) (Version:  - )
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2608 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.2608 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger kísérő (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mathematics (64-Bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Research AutoCollage 2008 version 1.1 (HKLM-x32\...\{423D8FBE-EC52-40FD-B2A0-8C9C8F973FD7}) (Version: 1.01.2008 - Microsoft Research)
Microsoft Research Cliplets (HKLM\...\{A8979BFC-D2B0-4D40-8F4F-B321F3063513}) (Version: 1.0.2 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mobiles Internet für unterwegs (HKLM-x32\...\Mobiles Internet für unterwegs) (Version: 1.8.0.12 - A1 Telekom Austria AG)
Mobiles Internet für unterwegs (x32 Version: 1.8.0.12 - A1 Telekom Austria AG) Hidden
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
MP4 To MP3 Converter V3.0 (HKLM-x32\...\MP4 To MP3 Converter_is1) (Version:  - hxxp://www.MP4ToMP3Converter.net)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Mystery Case Files: Die Druiden von Dire Grove Sammleredition (HKLM-x32\...\BFG-Mystery Case Files - Die Druiden von Dire Grove Sammleredition) (Version:  - )
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.3.0 - Nikon)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.2 - Nikon)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pomocnik Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.19.0 - Lenovo Group Limited)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.7.8773 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Spremljevalec Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
TeamViewer 10 Host (HKLM-x32\...\TeamViewer) (Version: 10.0.45862 - TeamViewer)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.73 - TuneUp Software) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.3.0 - Nikon)
Virtual Villagers: Eine neue Heimat (HKLM-x32\...\BFG-Virtual Villagers) (Version:  - )
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
VSDC Free Video Editor Version 3.0.0.342 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 3.0.0.342 - Flash-Integro LLC)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2586071664-3321571720-2106972508-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Wiederherstellungspunkte =========================

25-08-2015 15:07:46 TuneUp Utilities 2014 wird entfernt
25-08-2015 15:21:43 TuneUp Utilities 2014 (de-DE) wird entfernt
26-08-2015 08:44:57 Windows Update
27-08-2015 15:08:37 Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi wird entfernt
27-08-2015 15:14:00 Revo Uninstaller's restore point - Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
27-08-2015 15:15:54 Revo Uninstaller's restore point - Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
27-08-2015 15:17:28 Revo Uninstaller's restore point - JavaFX 2.1.0
27-08-2015 15:17:41 JavaFX 2.1.0 wird entfernt
27-08-2015 15:21:08 Revo Uninstaller's restore point - Java(TM) 6 Update 26
27-08-2015 15:21:21 Removed Java(TM) 6 Update 26
27-08-2015 20:54:58 Removed PlayReady PC Runtime amd64
27-08-2015 20:59:21 Removed Java 8 Update 60
27-08-2015 21:01:59 Windows Update

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2015-07-27 10:32 - 00000854 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.1        mssplus.mcafee.com

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {1609E842-A5BE-4960-9F5E-843BC9A1F580} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {1A9EF9AF-F4CC-46EB-82BF-50227B44ACAE} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {2BDBE9E0-A5B4-4B4E-ABEA-527743163C1D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {383B5567-F661-4EA4-BEF9-D3E95E4ECBB5} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo)
Task: {56EA7449-7D4A-410E-A7A5-DEE713D3312A} - System32\Tasks\{4EACD032-EBCF-4509-A080-3CD613F8C8E0} => pcalua.exe -a c:\Users\Karner\Downloads\shaiya_de_downloader.exe
Task: {5C06A338-9F2C-4B3E-AA04-2DCC79CDE2A3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {6BE8CA64-4381-4B93-8362-0A591F6C03F1} - System32\Tasks\{DDBCAFE6-6D10-4C84-B9A9-7CDB6DAC61C3} => pcalua.exe -a C:\Users\Karner\Desktop\TryOut\setup.exe -d C:\Users\Karner\Desktop -c "C:\Users\Karner\Desktop\281539_206042282781051_198537120198234_642346_144989_n.jpg"
Task: {9DF812D5-6317-4395-B469-8C549E0C61A1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A1336EED-F396-4EF9-A1D1-EDC86620C78D} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline
Task: {B2CBA02D-E7EF-4348-BE7A-66F0F3E82848} - System32\Tasks\RunOW => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe
Task: {E0912186-C4A7-4A4F-90B0-6422A717527D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-07-22 01:02 - 2015-07-22 01:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2011-07-08 08:36 - 2011-07-08 08:36 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-09-20 16:34 - 2012-03-28 14:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2011-07-08 08:36 - 2011-07-08 08:36 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-07-08 08:44 - 2011-07-08 08:44 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\Temp:086912D5
AlternateDataStreams: C:\ProgramData\Temp:163CAB5A
AlternateDataStreams: C:\ProgramData\Temp:1CB3187E
AlternateDataStreams: C:\ProgramData\Temp:27D1368B
AlternateDataStreams: C:\ProgramData\Temp:2B82C0BB
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:33384BC0
AlternateDataStreams: C:\ProgramData\Temp:3790BACD
AlternateDataStreams: C:\ProgramData\Temp:3A6BC948
AlternateDataStreams: C:\ProgramData\Temp:3CA557DB
AlternateDataStreams: C:\ProgramData\Temp:43301D1D
AlternateDataStreams: C:\ProgramData\Temp:566B9179
AlternateDataStreams: C:\ProgramData\Temp:5EF72D85
AlternateDataStreams: C:\ProgramData\Temp:89A5891E
AlternateDataStreams: C:\ProgramData\Temp:91486201
AlternateDataStreams: C:\ProgramData\Temp:938EC881
AlternateDataStreams: C:\ProgramData\Temp:A561576B
AlternateDataStreams: C:\ProgramData\Temp:D0757AAB
AlternateDataStreams: C:\ProgramData\Temp:D1713795
AlternateDataStreams: C:\ProgramData\Temp:D3A8AA31
AlternateDataStreams: C:\ProgramData\Temp:FBFC061F

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-2586071664-3321571720-2106972508-1002\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-2586071664-3321571720-2106972508-1002\...\aeriagames.com -> hxxp://aeriagames.com


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2586071664-3321571720-2106972508-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Karner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{A5D02DFB-D2D3-476D-B3BF-42996628F632}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{83A7B532-4A8C-4918-B91B-56FFB8586E94}] => (Allow) LPort=2869
FirewallRules: [{B9F3473E-66B5-4C14-B1AF-84E4F888E2EF}] => (Allow) LPort=1900
FirewallRules: [{16207F27-E370-4AFD-A963-EEA943D13737}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{F8BA434F-3751-4264-BB64-81A691281D5C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{2DC526C4-A5AF-4998-A59A-CD7E70B39317}] => (Allow) C:\Program Files (x86)\A1\A1 Breitband\A1Breitband.exe
FirewallRules: [{9B97B44C-4094-4634-8945-D189DEC05EA9}] => (Allow) C:\Program Files (x86)\A1\A1 Breitband\A1Breitband.exe
FirewallRules: [{EC1E9A93-6B8E-4B39-8A22-F9EF58E19C75}] => (Allow) C:\Program Files (x86)\A1\A1 Breitband\A1Breitband.exe
FirewallRules: [{2A9F599D-F10F-41E7-B6B2-C3C2C4DB5B5D}] => (Allow) C:\Program Files (x86)\A1\A1 Breitband\A1Breitband.exe
FirewallRules: [{CECAA0B5-F28E-4FC7-8FA1-EF3E4963FD22}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{DCBF11F3-2B96-4A9F-A36B-AB2E3FD348A4}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{DFF84851-BF74-4FFD-88BA-37846D0FA951}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1EABB8D3-E288-4D40-A388-17A87F646575}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5B22ACE9-0554-4BA0-952D-C6F074A52593}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E0AB7384-46DF-40D8-9FEA-33828E15EE8C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3D61958A-6806-45BD-8661-2830FB603F99}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{D79CD844-8900-4322-B113-1329E9476A20}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{9FB53FEA-0909-4197-BE04-12364167A589}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{B6E16D75-9FFB-4D91-814F-D91393DE270D}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{1B1A99A8-C98E-49D0-832D-EFCF69846906}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{9E300DE4-E52A-4750-90B9-4ABA298643E8}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{2496ACE9-D96F-4CD9-914B-5EF621D1EE33}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E2690114-DC7F-4E2A-BC63-97F7F9F5CE91}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7E1A8CF9-D19F-483F-8156-024F8F707E15}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7E7FD4D2-0091-41E5-BB46-1C5961E5B4DE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{60654B69-5104-4CA4-92C7-0B0430C46FCD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8C649620-A8B0-478B-86A8-4C8EAD54EFAD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{75150682-5EB9-41EF-94BF-6F8B82E31CB6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (08/27/2015 09:08:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding  17 0.B.4.4.D.2.1.6.E.B.D.C.7.D.C.F.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Karner-PC.local.

Error: (08/27/2015 09:08:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.21:5353  19 0.B.4.4.D.2.1.6.E.B.D.C.7.D.C.F.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Karner-PC-2.local.

Error: (08/27/2015 09:08:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding  17 21.0.0.10.in-addr.arpa. PTR Karner-PC.local.

Error: (08/27/2015 09:08:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.21:5353  19 21.0.0.10.in-addr.arpa. PTR Karner-PC-2.local.

Error: (08/25/2015 03:21:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Network Security WFP Driver.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (08/25/2015 03:21:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Iron Driver.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (08/25/2015 03:21:10 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Karner-PC)
Description: Die Anwendung oder der Dienst "Kaspersky Anti-Virus Service 15.0.0" konnte nicht heruntergefahren werden.

Error: (08/25/2015 03:21:10 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Karner-PC)
Description: Die Anwendung oder der Dienst "Kaspersky Anti-Virus Service 15.0.0" konnte nicht heruntergefahren werden.

Error: (08/25/2015 03:08:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Network Security WFP Driver.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (08/25/2015 03:08:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Iron Driver.

System Error:
Das System kann die angegebene Datei nicht finden.
.


Systemfehler:
=============
Error: (08/27/2015 02:54:44 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (08/27/2015 02:54:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Virtualization Client" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/27/2015 02:54:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Update Mgr RollAround" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/27/2015 02:54:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/27/2015 02:54:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/27/2015 02:54:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Service Mgr RollAround" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/27/2015 02:54:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/27/2015 02:54:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/27/2015 02:54:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Client Virtualization Handler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/27/2015 02:54:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office:
=========================
Error: (03/13/2015 05:46:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 453 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (03/08/2013 03:23:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 437 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (03/06/2013 03:37:40 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 821 seconds with 720 seconds of active time.  This session ended with a crash.

Error: (03/06/2013 03:23:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 185 seconds with 180 seconds of active time.  This session ended with a crash.


CodeIntegrity:
===================================
  Date: 2014-09-19 17:27:33.966
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-19 17:27:33.964
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-19 17:27:33.945
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-19 17:27:33.943
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-19 17:26:31.532
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-19 17:26:31.442
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-18 14:15:47.555
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-18 14:15:47.465
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-18 14:15:47.445
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-18 14:15:47.443
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Speicherinformationen ===========================

Processor: AMD A8-3800 APU with Radeon(tm) HD Graphics
Prozentuale Nutzung des RAM: 52%
Installierter physikalischer RAM: 3576.13 MB
Verfügbarer physikalischer RAM: 1695.66 MB
Summe virtueller Speicher: 11574.34 MB
Verfügbarer virtueller Speicher: 9440.56 MB

==================== Laufwerke ================================

Drive c: (Boot) (Fixed) (Total:890.41 GB) (Free:773.58 GB) NTFS
Drive d: (Ipod) (Fixed) (Total:40 GB) (Free:0 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=890.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== Ende von Addition.txt ============================

gorbiWTF 28.08.2015 02:45
Gmer.log
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-08-27 21:25:27
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000063 WDC_WD10 rev.80.0 931,51GB
Running: y2fv9j2d.exe; Driver: C:\Users\Karner\AppData\Local\Temp\uxriipog.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000075c91401 2 bytes JMP 7646b20b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2708] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000075c91419 2 bytes JMP 7646b336 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000075c91431 2 bytes JMP 764e8f39 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      0000000075c9144a 2 bytes CALL 76444885 C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                              * 9
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2708] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17        0000000075c914dd 2 bytes JMP 764e8832 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  0000000075c914f5 2 bytes JMP 764e8a08 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2708] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17        0000000075c9150d 2 bytes JMP 764e8728 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000075c91525 2 bytes JMP 764e8af2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        0000000075c9153d 2 bytes JMP 7645fc98 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2708] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17            0000000075c91555 2 bytes JMP 764668df C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      0000000075c9156d 2 bytes JMP 764e8ff1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000075c91585 2 bytes JMP 764e8b52 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2708] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17          0000000075c9159d 2 bytes JMP 764e86ec C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        0000000075c915b5 2 bytes JMP 7645fd31 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      0000000075c915cd 2 bytes JMP 7646b2cc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  0000000075c916b2 2 bytes JMP 764e8eb4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2708] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  0000000075c916bd 2 bytes JMP 764e8681 C:\Windows\syswow64\kernel32.dll
?      C:\Windows\system32\mssprxy.dll [412] entry point in ".rdata" section                                                                            000000006e1f71e6
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                          0000000076f813ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                          0000000076f81544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                  0000000076f818ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                  0000000076f81ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                    0000000076f81d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                        0000000076f81e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                      0000000076f81f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                          0000000076f82238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                      0000000076f826e0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                    0000000076f82702 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79      0000000076f8275f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184    0000000076f827c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                              * 3
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299            0000000076f82b8b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375            0000000076f82bd7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                              * 2
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                        0000000076f830ab 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                        0000000076f83238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                        0000000076f838ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                        0000000076f83923 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197            0000000076f839f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                    0000000076f83f90 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                    0000000076f84041 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                    0000000076f840b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                              * 3
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                        0000000076f841f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                        0000000076f84234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609                                  0000000076f844a1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                    0000000076f8468c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                    0000000076f84753 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                  0000000076f84847 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                  0000000076f84966 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                              * 2
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                0000000076f84a90 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                    0000000076f84ae3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                0000000076f84ce5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                            0000000076f84ee0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                      0000000076f84fe7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483                        0000000076f851d3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                        0000000076f86016 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198                        0000000076f860e6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                          0000000076f861de 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                          0000000076f863cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45            0000000076f8640d 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                0000000076f86424 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                0000000076f8647c 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                          0000000076f86c46 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241                  0000000076f87be1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119                          0000000076f87c67 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                              0000000076fcda80 8 bytes {JMP QWORD [RIP-0x46e40]}
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                            0000000076fcdc00 8 bytes {JMP QWORD [RIP-0x465e2]}
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                  0000000076fcdc30 8 bytes {JMP QWORD [RIP-0x47829]}
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                0000000076fcdd50 8 bytes {JMP QWORD [RIP-0x478da]}
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                    0000000076fcde00 8 bytes {JMP QWORD [RIP-0x479e2]}
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                    0000000076fce430 8 bytes {JMP QWORD [RIP-0x467cf]}
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                  0000000076fce680 8 bytes {JMP QWORD [RIP-0x46aa5]}
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                  0000000076fceee0 8 bytes {JMP QWORD [RIP-0x47403]}
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                00000000736a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                00000000736a146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                              00000000736a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                          00000000736a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                          00000000736a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[3908] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                    00000000736a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                  0000000076f813ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                  0000000076f81544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                          0000000076f818ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                          0000000076f81ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                            0000000076f81d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                0000000076f81e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                              0000000076f81f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                  0000000076f82238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                              0000000076f826e0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                            0000000076f82702 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79              0000000076f8275f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184            0000000076f827c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                              * 3
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                    0000000076f82b8b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                    0000000076f82bd7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                              * 2
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                0000000076f830ab 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                0000000076f83238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                0000000076f838ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                0000000076f83923 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                    0000000076f839f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                            0000000076f83f90 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                            0000000076f84041 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                            0000000076f840b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                              * 3
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                0000000076f841f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                0000000076f84234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609                                          0000000076f844a1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                            0000000076f8468c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                            0000000076f84753 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                          0000000076f84847 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                          0000000076f84966 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                              * 2
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                        0000000076f84a90 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                            0000000076f84ae3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                        0000000076f84ce5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                    0000000076f84ee0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                              0000000076f84fe7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483                                0000000076f851d3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                0000000076f86016 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198                                0000000076f860e6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                  0000000076f861de 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                  0000000076f863cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                    0000000076f8640d 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                        0000000076f86424 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                        0000000076f8647c 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                  0000000076f86c46 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241                          0000000076f87be1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119                                  0000000076f87c67 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                      0000000076fcda80 8 bytes {JMP QWORD [RIP-0x46e40]}
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                    0000000076fcdc00 8 bytes {JMP QWORD [RIP-0x465e2]}
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                          0000000076fcdc30 8 bytes {JMP QWORD [RIP-0x47829]}
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                        0000000076fcdd50 8 bytes {JMP QWORD [RIP-0x478da]}
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                            0000000076fcde00 8 bytes {JMP QWORD [RIP-0x479e2]}
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                            0000000076fce430 8 bytes {JMP QWORD [RIP-0x467cf]}
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                          0000000076fce680 8 bytes {JMP QWORD [RIP-0x46aa5]}
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                          0000000076fceee0 8 bytes {JMP QWORD [RIP-0x47403]}
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                        00000000736a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                        00000000736a146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                      00000000736a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                  00000000736a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                  00000000736a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                            00000000736a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                    0000000075c91401 2 bytes JMP 7646b20b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                      0000000075c91419 2 bytes JMP 7646b336 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                    0000000075c91431 2 bytes JMP 764e8f39 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                    0000000075c9144a 2 bytes CALL 76444885 C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                              * 9
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                      0000000075c914dd 2 bytes JMP 764e8832 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                0000000075c914f5 2 bytes JMP 764e8a08 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                      0000000075c9150d 2 bytes JMP 764e8728 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                0000000075c91525 2 bytes JMP 764e8af2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                      0000000075c9153d 2 bytes JMP 7645fc98 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                          0000000075c91555 2 bytes JMP 764668df C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                    0000000075c9156d 2 bytes JMP 764e8ff1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                      0000000075c91585 2 bytes JMP 764e8b52 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                        0000000075c9159d 2 bytes JMP 764e86ec C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                      0000000075c915b5 2 bytes JMP 7645fd31 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                    0000000075c915cd 2 bytes JMP 7646b2cc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                0000000075c916b2 2 bytes JMP 764e8eb4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\TeamViewer.exe[5308] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                0000000075c916bd 2 bytes JMP 764e8681 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                      0000000076f813ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                      0000000076f81544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                              0000000076f818ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                              0000000076f81ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                0000000076f81d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                    0000000076f81e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                  0000000076f81f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                      0000000076f82238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                  0000000076f826e0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                0000000076f82702 8 bytes {JMP 0x10}
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                  0000000076f8275f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                0000000076f827c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                              * 3
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                        0000000076f82b8b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                        0000000076f82bd7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                              * 2
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                    0000000076f830ab 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                    0000000076f83238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                    0000000076f838ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                    0000000076f83923 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                        0000000076f839f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                0000000076f83f90 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                0000000076f84041 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                0000000076f840b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                              * 3
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                    0000000076f841f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                    0000000076f84234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609                                              0000000076f844a1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                0000000076f8468c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                0000000076f84753 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                              0000000076f84847 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                              0000000076f84966 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                              * 2
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                            0000000076f84a90 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                0000000076f84ae3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                            0000000076f84ce5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                        0000000076f84ee0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                  0000000076f84fe7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483                                    0000000076f851d3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                    0000000076f86016 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198                                    0000000076f860e6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                      0000000076f861de 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                      0000000076f863cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                        0000000076f8640d 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                            0000000076f86424 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                            0000000076f8647c 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                      0000000076f86c46 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241                              0000000076f87be1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119                                      0000000076f87c67 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                          0000000076fcda80 8 bytes {JMP QWORD [RIP-0x46e40]}
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                        0000000076fcdc00 8 bytes {JMP QWORD [RIP-0x465e2]}
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                              0000000076fcdc30 8 bytes {JMP QWORD [RIP-0x47829]}
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                            0000000076fcdd50 8 bytes {JMP QWORD [RIP-0x478da]}
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                0000000076fcde00 8 bytes {JMP QWORD [RIP-0x479e2]}
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                0000000076fce430 8 bytes {JMP QWORD [RIP-0x467cf]}
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                              0000000076fce680 8 bytes {JMP QWORD [RIP-0x46aa5]}
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                              0000000076fceee0 8 bytes {JMP QWORD [RIP-0x47403]}
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                            00000000736a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                            00000000736a146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                          00000000736a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                      00000000736a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                      00000000736a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\TeamViewer\tv_w32.exe[2036] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                00000000736a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                            0000000076f813ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500                                            0000000076f81544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                    0000000076f818ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212                                                    0000000076f81ba8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                      0000000076f81d25 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                          0000000076f81e8f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89                                                        0000000076f81f75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680                                            0000000076f82238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                        0000000076f826e0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                      0000000076f82702 8 bytes {JMP 0x10}
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                        0000000076f8275f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184                      0000000076f827c8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                              * 3
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                              0000000076f82b8b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375                              0000000076f82bd7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                              * 2
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                          0000000076f830ab 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920                                          0000000076f83238 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                          0000000076f838ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                          0000000076f83923 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                              0000000076f839f5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                      0000000076f83f90 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161                                      0000000076f84041 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277                                      0000000076f840b5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                              * 3
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214                                          0000000076f841f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276                                          0000000076f84234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609                                                    0000000076f844a1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284                                      0000000076f8468c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483                                      0000000076f84753 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231                                                    0000000076f84847 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518                                                    0000000076f84966 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  ...                                                                                                                                              * 2
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                  0000000076f84a90 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                      0000000076f84ae3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501                                  0000000076f84ce5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256                                              0000000076f84ee0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247                                        0000000076f84fe7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483                                          0000000076f851d3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438                                          0000000076f86016 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!EtwEventProviderEnabled + 198                                          0000000076f860e6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!atol + 194                                                            0000000076f861de 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76                                                            0000000076f863cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45                              0000000076f8640d 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4                                  0000000076f86424 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92                                  0000000076f8647c 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790                                            0000000076f86c46 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 241                                    0000000076f87be1 8 bytes [10, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119                                            0000000076f87c67 8 bytes [00, 6C, F8, 7E, 00, 00, 00, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                0000000076fcda80 8 bytes {JMP QWORD [RIP-0x46e40]}
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                              0000000076fcdc00 8 bytes {JMP QWORD [RIP-0x465e2]}
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                    0000000076fcdc30 8 bytes {JMP QWORD [RIP-0x47829]}
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                  0000000076fcdd50 8 bytes {JMP QWORD [RIP-0x478da]}
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                      0000000076fcde00 8 bytes {JMP QWORD [RIP-0x479e2]}
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                      0000000076fce430 8 bytes {JMP QWORD [RIP-0x467cf]}
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                    0000000076fce680 8 bytes {JMP QWORD [RIP-0x46aa5]}
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                    0000000076fceee0 8 bytes {JMP QWORD [RIP-0x47403]}
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                  00000000736a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                  00000000736a146b 8 bytes {JMP 0xffffffffffffffb0}
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                00000000736a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                            00000000736a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                            00000000736a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\Karner\Desktop\3\y2fv9j2d.exe[5164] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                      00000000736a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]

---- Disk sectors - GMER 2.1 ----

Disk  \Device\Harddisk0\DR0                                                                                                                            unknown MBR code

---- EOF - GMER 2.1 ----

schrauber 02.09.2015 06:34
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:55 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131