Windows 7: Win32: Dropper-gen[Drp] gefunden

Tubalcain · 14.06.2014, 15:52

Hallo,
vor ein paar Stunden hab ich meinen PC nach Viren scannen lassen. Dabei hat Avast! drei dateien, die mit Win32: Dropper-gen[Drp] infizierst sind gefunden. Hab sie dann in den Container geschickt und würde jetzt gerne wissen ob alles sauber ist oder nicht.

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:23 on 14/06/2014 (Kunng)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Alle anderen Logs waren leider zu groß um sie hier direkt zu posten, hab sie gezippt.
Hoffe auf eine schnelle hilfe und danke im vorraus.

cosinus · 14.06.2014, 16:54

Hi und

Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Tubalcain · 14.06.2014, 17:22

FRST teil 1:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 02
Ran by Kunng (administrator) on KUNNG-PC on 14-06-2014 16:24:16
Running from G:\Kunng\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
() C:\Windows\System32\PnkBstrA.exe
(Dropbox, Inc.) C:\Users\Kunng\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(EJIE Technology) C:\Program Files (x86)\Clover\clover.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
() G:\Kunng\Downloads\Defogger.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-12] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
Startup: C:\Users\Kunng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Kunng\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO: ExplorerWatcher Class - {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} - C:\Program Files (x86)\Clover\TabHelper64.dll (EJIE Technology)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Kunng\AppData\Roaming\Mozilla\Firefox\Profiles\uqrgtf3x.default
FF SelectedSearchEngine: GoogIe
FF Homepage: hxxp://www.google.de/|hxxp://www.youtube.com/?gl=DE&hl=de|hxxp://www.gamestar.de/|hxxp://www.battlefield-4.net/index.html|hxxp://www.chip.de/
FF Keyword.URL: hxxp://www.theast.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=gDZrbh8T&q=
FF NetworkProxy: "autoconfig_url", "data:application/x-ns-proxy-autoconfig;base64,ZnVuY3Rpb24gRmluZFByb3h5Rm9yVVJMKHVybCwgaG9zdCkgewogIGlmICgoaG9zdCA9PSAnd3d3LnlvdXR1YmUuY29tJyAmJiB1cmwuaW5kZXhPZigneW91dHViZS5jb20vd2F0Y2g/dj1LOVM0bFIxeUcxcyZsaXN0PVBMNzAyMUZFRjdFMEJBNUE3QiZpbmRleD0zJnB4dHJ5PTInKSAhPSAtMSkgfHwgKGhvc3QuaW5kZXhPZignYy55b3V0dWJlLmNvbScpICE9IC0xICYmIHVybC5pbmRleE9mKCdjLnlvdXR1YmUuY29tL3ZpZGVvcGxheWJhY2snKSAhPSAtMSAmJiB1cmwuaW5kZXhPZignZ2NyPXVzJykgIT0gLTEpKQogICAgcmV0dXJuICdQUk9YWSAyMDkuMjM5LjEyMC45NzozMTMxJzsKICByZXR1cm4gJ0RJUkVDVCc7Cn0="
FF NetworkProxy: "backup.ftp", "proxyus3.stealthy.co"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "proxyus3.stealthy.co"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "proxyus3.stealthy.co"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "www-proxy.t-online.de"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "www-proxy.t-online.de"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "www-proxy.t-online.de"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "www-proxy.t-online.de"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Kunng\AppData\Roaming\Mozilla\Firefox\Profiles\uqrgtf3x.default\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: YouTube Unblocker - C:\Users\Kunng\AppData\Roaming\Mozilla\Firefox\Profiles\uqrgtf3x.default\Extensions\youtubeunblocker@unblocker.yt [2014-06-12]
FF Extension: DownloadHelper - C:\Users\Kunng\AppData\Roaming\Mozilla\Firefox\Profiles\uqrgtf3x.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-06-12]
FF Extension: SearchPreview - C:\Users\Kunng\AppData\Roaming\Mozilla\Firefox\Profiles\uqrgtf3x.default\Extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2014-06-12]
FF Extension: Ghostery - C:\Users\Kunng\AppData\Roaming\Mozilla\Firefox\Profiles\uqrgtf3x.default\Extensions\firefox@ghostery.com.xpi [2014-06-12]
FF Extension: Tab Scope - C:\Users\Kunng\AppData\Roaming\Mozilla\Firefox\Profiles\uqrgtf3x.default\Extensions\tabscope@xuldev.org.xpi [2014-06-12]
FF Extension: Flagfox - C:\Users\Kunng\AppData\Roaming\Mozilla\Firefox\Profiles\uqrgtf3x.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-06-12]
FF Extension: NoScript - C:\Users\Kunng\AppData\Roaming\Mozilla\Firefox\Profiles\uqrgtf3x.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-06-12]
FF Extension: Adblock Plus - C:\Users\Kunng\AppData\Roaming\Mozilla\Firefox\Profiles\uqrgtf3x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-12]
FF Extension: Greasemonkey - C:\Users\Kunng\AppData\Roaming\Mozilla\Firefox\Profiles\uqrgtf3x.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-06-12]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-12]

Chrome: 
=======
CHR StartupUrls: "hxxp://battlelog.battlefield.com/bf4/de/"
CHR Extension: (Google Docs) - C:\Users\Kunng\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-12]
CHR Extension: (Google Drive) - C:\Users\Kunng\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-12]
CHR Extension: (YouTube) - C:\Users\Kunng\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-12]
CHR Extension: (Google-Suche) - C:\Users\Kunng\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-12]
CHR Extension: (avast! Online Security) - C:\Users\Kunng\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-13]
CHR Extension: (Better Battlelog (BBLog)) - C:\Users\Kunng\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjlfnjepjdmlppapoikepbaabbghofma [2014-06-12]
CHR Extension: (Google Wallet) - C:\Users\Kunng\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-12]
CHR Extension: (Google Mail) - C:\Users\Kunng\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-12]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-12]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-12] (AVAST Software)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241728 2014-03-11] (Foxit Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1864480 2014-05-28] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-06-13] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2014-06-13] ()
R3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [543424 2014-05-29] (Valve Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-12] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-12] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [102912 2012-03-15] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [220672 2012-03-15] (Renesas Electronics Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-14 16:24 - 2014-06-14 16:24 - 00000000 ____D () C:\FRST
2014-06-14 16:23 - 2014-06-14 16:23 - 00000000 _____ () C:\Users\Kunng\defogger_reenable
2014-06-14 13:02 - 2014-06-14 16:17 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\TS3Client
2014-06-14 12:38 - 2014-06-14 12:38 - 00000707 _____ () C:\Users\Public\Desktop\Mass Effect.lnk
2014-06-14 12:38 - 2014-06-14 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect
2014-06-13 18:48 - 2014-06-13 18:48 - 00000000 __SHD () C:\Users\Kunng\AppData\Local\EmieUserList
2014-06-13 18:48 - 2014-06-13 18:48 - 00000000 __SHD () C:\Users\Kunng\AppData\Local\EmieSiteList
2014-06-13 18:01 - 2014-06-13 18:01 - 00000000 ____D () C:\Users\Kunng\.eclipse
2014-06-13 18:00 - 2014-06-13 18:00 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-13 18:00 - 2014-06-13 18:00 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-13 18:00 - 2014-06-13 18:00 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-13 18:00 - 2014-06-13 18:00 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-13 18:00 - 2014-06-13 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-06-13 18:00 - 2014-06-13 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-13 18:00 - 2014-06-13 18:00 - 00000000 ____D () C:\Program Files\Java
2014-06-13 17:59 - 2014-06-13 17:59 - 00000000 ____D () C:\ProgramData\Sun
2014-06-13 17:30 - 2014-06-13 17:30 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\Opera
2014-06-13 17:30 - 2014-06-13 17:30 - 00000000 ____D () C:\Users\Kunng\AppData\Local\Opera
2014-06-13 16:20 - 2014-06-13 16:20 - 00000000 ____D () C:\Users\Public\Documents\TimeGate Studios
2014-06-13 16:20 - 2014-06-13 16:20 - 00000000 ____D () C:\Users\Public\Documents\Monolith Productions
2014-06-13 16:02 - 2014-06-13 20:14 - 00000000 ____D () C:\Users\Kunng\.VirtualBox
2014-06-13 16:02 - 2014-06-13 16:02 - 00000000 ____D () C:\Users\Kunng\VirtualBox VMs
2014-06-13 15:52 - 2014-06-13 15:52 - 00000000 ____D () C:\Users\Public\Documents\WBGames
2014-06-13 15:17 - 2014-06-13 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WB Games
2014-06-13 15:16 - 2014-06-13 15:16 - 00000000 ____D () C:\Program Files (x86)\WB Games
2014-06-13 14:28 - 2014-06-13 14:27 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2014-06-13 14:12 - 2014-06-13 14:12 - 00000000 ____D () C:\Users\Kunng\Documents\4a games
2014-06-13 13:26 - 2014-06-13 13:26 - 00000000 ____D () C:\Program Files (x86)\2K Games
2014-06-13 13:13 - 2014-06-13 13:13 - 00000000 __SHD () C:\ProgramData\SecuROM
2014-06-13 12:56 - 2014-06-13 12:56 - 00000000 ____D () C:\Windows\SysWOW64\AGEIA
2014-06-13 12:56 - 2014-06-13 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-06-13 12:56 - 2014-06-13 12:56 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-06-13 12:43 - 2014-06-13 12:48 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\DarkSoulsII
2014-06-13 11:59 - 2014-06-13 11:59 - 00000000 ____D () C:\Users\Kunng\AppData\Local\Blizzard Entertainment
2014-06-13 11:39 - 2014-06-13 11:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD
2014-06-13 11:32 - 2014-06-13 11:32 - 00000000 ____D () C:\Program Files (x86)\JoWooD
2014-06-13 11:25 - 2014-06-13 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
2014-06-13 10:59 - 2014-06-13 11:04 - 00000000 ____D () C:\Users\Kunng\Documents\BFH.Beta
2014-06-13 10:18 - 2014-06-13 10:55 - 00000184 _____ () C:\Users\Kunng\Desktop\pbuser.htm
2014-06-13 10:18 - 2014-06-13 10:18 - 00011288 _____ () C:\Users\Kunng\Desktop\pbgame.htm
2014-06-13 10:06 - 2014-06-13 10:06 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\InstallShield
2014-06-13 10:03 - 2014-06-13 10:03 - 00000310 _____ () C:\Windows\game.ini
2014-06-13 10:03 - 2014-06-13 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
2014-06-13 09:45 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-13 09:45 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-13 09:45 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-13 09:45 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-06-13 09:45 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-06-13 09:45 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-06-13 09:45 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-06-13 09:45 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-06-13 09:45 - 2013-12-25 00:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-06-13 09:45 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-06-13 09:45 - 2013-11-23 20:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-06-13 09:45 - 2013-11-23 19:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-06-13 09:45 - 2013-11-23 00:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-06-13 09:45 - 2012-02-11 08:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2014-06-13 09:45 - 2012-02-11 08:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2014-06-13 09:45 - 2011-02-25 08:19 - 02871808 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-06-13 09:45 - 2011-02-25 07:30 - 02616320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2014-06-13 00:04 - 2014-06-13 00:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-13 00:02 - 2013-05-10 07:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-06-13 00:02 - 2013-05-10 06:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-06-13 00:02 - 2013-05-10 06:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-06-13 00:01 - 2013-05-10 07:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-06-12 23:53 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-06-12 23:49 - 2014-06-12 23:49 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 23:49 - 2014-06-12 23:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 23:49 - 2014-06-12 23:49 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 23:49 - 2014-06-12 23:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 23:49 - 2014-06-12 23:49 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-06-12 23:49 - 2014-06-12 23:49 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-06-12 23:49 - 2014-06-12 23:49 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-06-12 23:49 - 2014-06-12 23:49 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-06-12 23:49 - 2014-06-12 23:49 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00266456 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00240856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-06-12 23:49 - 2014-06-12 23:49 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-06-12 23:49 - 2014-06-12 23:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 23:48 - 2014-06-12 23:54 - 00013275 _____ () C:\Windows\IE11_main.log
2014-06-12 23:45 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-06-12 23:45 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-06-12 23:45 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-06-12 23:45 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-06-12 23:45 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-06-12 23:45 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-06-12 23:45 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-06-12 23:45 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-06-12 23:45 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-06-12 23:45 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-06-12 23:45 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-06-12 23:45 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-06-12 23:45 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-06-12 23:45 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-06-12 23:45 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-06-12 23:45 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-06-12 23:38 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-06-12 23:38 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-06-12 23:38 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-06-12 23:38 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-06-12 23:27 - 2013-01-13 23:17 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-06-12 23:27 - 2013-01-13 23:17 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-06-12 23:27 - 2013-01-13 23:16 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-06-12 23:27 - 2013-01-13 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-06-12 23:27 - 2013-01-13 23:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-06-12 23:27 - 2013-01-13 23:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-06-12 23:27 - 2013-01-13 23:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-06-12 23:27 - 2013-01-13 23:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2014-06-12 23:27 - 2013-01-13 23:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-06-12 23:27 - 2013-01-13 22:35 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-06-12 23:27 - 2013-01-13 22:35 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-06-12 23:27 - 2013-01-13 22:35 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-06-12 23:27 - 2013-01-13 22:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-06-12 23:27 - 2013-01-13 22:31 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-06-12 23:27 - 2013-01-13 22:31 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-06-12 23:27 - 2013-01-13 22:31 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-06-12 23:27 - 2013-01-13 22:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-06-12 23:27 - 2013-01-13 22:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-06-12 23:27 - 2013-01-13 22:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-06-12 23:27 - 2013-01-13 22:20 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-06-12 23:27 - 2013-01-13 22:09 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-06-12 23:27 - 2013-01-13 22:08 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-06-12 23:27 - 2013-01-13 21:59 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-06-12 23:27 - 2013-01-13 21:58 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-06-12 23:27 - 2013-01-13 21:54 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-06-12 23:27 - 2013-01-13 21:53 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-06-12 23:27 - 2013-01-13 21:53 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2014-06-12 23:27 - 2013-01-13 21:49 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-06-12 23:27 - 2013-01-13 21:48 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-06-12 23:27 - 2013-01-13 21:46 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-06-12 23:27 - 2013-01-13 21:38 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-06-12 23:27 - 2013-01-13 21:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-06-12 23:27 - 2013-01-13 21:25 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-06-12 23:27 - 2013-01-13 21:24 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-06-12 23:27 - 2013-01-13 21:24 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-06-12 23:27 - 2013-01-13 21:20 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-06-12 23:27 - 2013-01-13 21:20 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-06-12 23:27 - 2013-01-13 20:34 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-06-12 23:27 - 2013-01-13 20:09 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-06-12 23:27 - 2013-01-13 19:26 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-06-12 23:27 - 2013-01-13 19:05 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-06-12 23:27 - 2013-01-04 08:11 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-06-12 23:27 - 2013-01-04 08:11 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-06-12 23:22 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-06-12 23:22 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-06-12 23:22 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-06-12 23:22 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-06-12 23:22 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-06-12 23:22 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-06-12 23:22 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-06-12 23:22 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-06-12 23:22 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-06-12 23:22 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 23:22 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 23:22 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 23:22 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 23:22 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 23:22 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 23:22 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 23:22 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 23:22 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 23:22 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-12 23:22 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-06-12 23:22 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-06-12 23:22 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-06-12 23:22 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-06-12 23:22 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-06-12 23:22 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-06-12 23:22 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-06-12 23:22 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-06-12 23:22 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-06-12 23:22 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-06-12 23:22 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-06-12 23:22 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-06-12 23:22 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-06-12 23:22 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-06-12 23:22 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-06-12 23:22 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-06-12 23:22 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-06-12 23:22 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-06-12 23:22 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-06-12 23:22 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-06-12 23:22 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-06-12 23:22 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-06-12 23:22 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-06-12 23:22 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-06-12 23:22 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-06-12 23:22 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-06-12 23:22 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-06-12 23:22 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-06-12 23:22 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-06-12 23:22 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-06-12 23:22 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-06-12 23:22 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-06-12 23:22 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-06-12 23:22 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-06-12 23:22 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-12 23:22 - 2014-01-01 01:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-06-12 23:22 - 2014-01-01 01:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-06-12 23:22 - 2013-12-04 04:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-06-12 23:22 - 2013-12-04 04:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-06-12 23:22 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-06-12 23:22 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-06-12 23:22 - 2013-12-04 04:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-06-12 23:22 - 2013-12-04 04:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-06-12 23:22 - 2013-12-04 04:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-06-12 23:22 - 2013-12-04 04:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-06-12 23:22 - 2013-12-04 04:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-06-12 23:22 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-06-12 23:22 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-06-12 23:22 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-06-12 23:22 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-06-12 23:22 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-06-12 23:22 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-06-12 23:22 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-06-12 23:22 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-06-12 23:22 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-06-12 23:22 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-06-12 23:22 - 2013-10-05 22:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-06-12 23:22 - 2013-10-05 21:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-06-12 23:22 - 2013-10-04 04:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-06-12 23:22 - 2013-10-04 04:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-06-12 23:22 - 2013-10-04 04:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-06-12 23:22 - 2013-10-04 03:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2014-06-12 23:22 - 2013-10-04 03:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-06-12 23:22 - 2013-10-04 03:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2014-06-12 23:22 - 2013-09-28 03:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-06-12 23:22 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-06-12 23:22 - 2013-09-25 04:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-06-12 23:22 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-06-12 23:22 - 2013-09-25 03:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-06-12 23:22 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-06-12 23:22 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-06-12 23:22 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-06-12 23:22 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-06-12 23:22 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-06-12 23:22 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-06-12 23:22 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-06-12 23:22 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2014-06-12 23:22 - 2013-07-04 14:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-06-12 23:22 - 2013-02-27 08:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-06-12 23:22 - 2013-02-27 07:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-06-12 23:22 - 2012-10-09 20:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-06-12 23:22 - 2012-10-09 20:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-06-12 23:22 - 2012-10-09 19:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2014-06-12 23:22 - 2012-10-09 19:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2014-06-12 23:22 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-06-12 23:22 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-06-12 23:21 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-12 23:21 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-12 23:21 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 23:21 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 23:21 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-06-12 23:21 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-06-12 23:21 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-06-12 23:21 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-06-12 23:21 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-06-12 23:21 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-06-12 23:21 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-06-12 23:21 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-06-12 23:21 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-06-12 23:21 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-06-12 23:21 - 2013-11-27 03:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-06-12 23:21 - 2013-11-27 03:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-06-12 23:21 - 2013-11-27 03:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-06-12 23:21 - 2013-11-27 03:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-06-12 23:21 - 2013-11-27 03:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-06-12 23:21 - 2013-11-27 03:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-06-12 23:21 - 2013-11-27 03:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-06-12 23:21 - 2013-11-12 04:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-06-12 23:21 - 2013-11-12 04:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-06-12 23:21 - 2013-10-30 04:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-06-12 23:21 - 2013-10-30 04:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-06-12 23:21 - 2013-10-19 04:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-06-12 23:21 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-06-12 23:21 - 2013-10-12 04:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-06-12 23:21 - 2013-10-12 04:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-06-12 23:21 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-06-12 23:21 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-06-12 23:21 - 2013-10-12 03:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-06-12 23:21 - 2013-10-12 03:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-06-12 23:21 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-06-12 23:21 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-06-12 23:21 - 2013-10-04 04:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-06-12 23:21 - 2013-10-04 03:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-06-12 23:21 - 2013-10-03 04:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-06-12 23:21 - 2013-10-03 04:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-06-12 23:21 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-06-12 23:21 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-06-12 23:21 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-06-12 23:21 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-06-12 23:21 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-06-12 23:21 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-06-12 23:21 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-06-12 23:21 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-06-12 23:21 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-06-12 23:21 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2014-06-12 23:21 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-06-12 23:21 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-06-12 23:21 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-06-12 23:21 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-06-12 23:21 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-06-12 23:21 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-06-12 23:21 - 2013-07-12 12:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2014-06-12 23:21 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-06-12 23:21 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-06-12 23:21 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-06-12 23:21 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-06-12 23:21 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-06-12 23:21 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-06-12 23:21 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-06-12 23:21 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-06-12 23:21 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-06-12 23:21 - 2013-07-03 06:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2014-06-12 23:21 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-06-12 23:21 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-06-12 23:21 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-06-12 23:21 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-06-12 23:21 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-06-12 23:21 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-06-12 23:21 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-06-12 23:21 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-06-12 23:21 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2014-06-12 23:21 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2014-06-12 23:21 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2014-06-12 23:21 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-06-12 23:21 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-06-12 23:21 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-06-12 23:21 - 2013-05-10 07:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-06-12 23:21 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2014-06-12 23:21 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-06-12 23:21 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2014-06-12 23:21 - 2013-04-26 01:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-06-12 23:21 - 2013-04-01 00:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-06-12 23:21 - 2013-03-19 07:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2014-06-12 23:21 - 2012-11-23 05:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-06-12 23:21 - 2012-10-03 19:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2014-06-12 23:21 - 2012-10-03 19:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2014-06-12 23:21 - 2012-10-03 19:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2014-06-12 23:21 - 2012-10-03 19:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2014-06-12 23:21 - 2012-10-03 19:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2014-06-12 23:21 - 2012-10-03 19:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-06-12 23:21 - 2012-10-03 18:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2014-06-12 23:21 - 2012-10-03 18:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2014-06-12 23:21 - 2012-10-03 18:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2014-06-12 23:21 - 2012-10-03 18:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-06-12 23:21 - 2012-08-22 20:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-06-12 23:21 - 2012-08-21 23:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2014-06-12 23:21 - 2012-07-04 22:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2014-06-12 23:21 - 2012-01-13 09:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2014-06-12 23:17 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-06-12 23:17 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-06-12 23:17 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-06-12 23:17 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-06-12 23:17 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-06-12 23:17 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-06-12 23:17 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-06-12 23:17 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-06-12 23:17 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-06-12 23:17 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-06-12 23:17 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-06-12 23:17 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-06-12 23:17 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-06-12 23:17 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-06-12 23:17 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-06-12 23:17 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-06-12 23:17 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-06-12 23:17 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-06-12 23:17 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-06-12 23:17 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-06-12 23:17 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-06-12 23:17 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-06-12 23:17 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-06-12 23:17 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-06-12 23:17 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-06-12 23:17 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-06-12 23:17 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-06-12 23:17 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-06-12 23:17 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-06-12 23:17 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-06-12 23:17 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-06-12 23:17 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-06-12 23:17 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-06-12 23:17 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-06-12 23:17 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-06-12 23:17 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-06-12 23:17 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-06-12 23:17 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-06-12 23:17 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-06-12 23:17 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-06-12 23:17 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2014-06-12 23:17 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2014-06-12 23:17 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2014-06-12 23:17 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2014-06-12 23:16 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-06-12 23:16 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-06-12 23:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-06-12 23:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-06-12 23:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-06-12 23:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-06-12 23:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-06-12 23:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-06-12 23:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-06-12 23:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-06-12 23:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-06-12 23:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-06-12 23:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-06-12 23:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-06-12 23:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-06-12 23:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-06-12 23:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-06-12 23:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-06-12 23:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-06-12 23:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-06-12 23:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-06-12 23:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-06-12 23:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-06-12 23:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-06-12 23:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-06-12 23:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-06-12 23:16 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-06-12 23:16 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-06-12 23:16 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-06-12 23:16 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-06-12 23:16 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-06-12 23:16 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-06-12 23:15 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-06-12 23:15 - 2013-04-10 08:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-06-12 23:15 - 2011-02-03 13:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-06-12 23:11 - 2013-10-12 04:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-06-12 23:11 - 2013-10-12 04:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-06-12 23:11 - 2013-10-12 04:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-06-12 23:11 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-06-12 23:11 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-06-12 23:11 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-06-12 23:01 - 2014-06-12 23:01 - 00000000 ____D () C:\Windows\system32\SPReview
2014-06-12 22:49 - 2010-11-20 05:44 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\NAPHLPR.DLL
2014-06-12 22:49 - 2010-11-20 05:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\NAPCRYPT.DLL
2014-06-12 22:49 - 2010-11-20 05:34 - 00363392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
2014-06-12 22:49 - 2010-11-20 05:34 - 00295808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-06-12 22:49 - 2010-11-20 05:34 - 00215936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2014-06-12 22:49 - 2010-11-20 05:33 - 00213888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2014-06-12 22:49 - 2010-11-20 05:33 - 00171392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys
2014-06-12 22:49 - 2010-11-20 05:33 - 00155008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpio.sys
2014-06-12 22:49 - 2010-11-20 05:33 - 00140672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys
2014-06-12 22:49 - 2010-11-20 05:33 - 00078720 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpSAMD.sys
2014-06-12 22:49 - 2010-11-20 05:33 - 00014720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys
2014-06-12 22:49 - 2010-11-20 05:32 - 00334208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2014-06-12 22:49 - 2010-11-20 05:29 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2014-06-12 22:49 - 2010-11-20 05:29 - 00298104 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2014-06-12 22:49 - 2010-11-20 05:28 - 00166784 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 03860992 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 02652160 _____ (Microsoft Corporation) C:\Windows\system32\netshell.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 02543616 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 02262528 _____ (Microsoft Corporation) C:\Windows\system32\SyncCenter.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 02193920 _____ (Microsoft Corporation) C:\Windows\system32\themecpl.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 02086912 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 02018304 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 01911808 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 01808384 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 01753088 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 01646080 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 01556992 _____ (Microsoft Corporation) C:\Windows\system32\RacEngn.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 01363968 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 01281024 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 01243136 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2014-06-12 22:49 - 2010-11-20 05:27 - 01212416 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 01197056 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 01158656 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 01050624 _____ (Microsoft Corporation) C:\Windows\system32\printui.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2014-06-12 22:49 - 2010-11-20 05:27 - 00933376 _____ (Microsoft Corporation) C:\Windows\system32\SmiEngine.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00898560 _____ (Microsoft Corporation) C:\Windows\system32\OobeFldr.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00867840 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00849920 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00828416 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00799744 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00781312 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\sdcpl.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\odbc32.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00691200 _____ (Microsoft Corporation) C:\Windows\system32\VAN.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2014-06-12 22:49 - 2010-11-20 05:27 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\PerfCenterCPL.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00636416 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmdev.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00633344 _____ (Microsoft Corporation) C:\Windows\system32\riched20.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00605696 _____ (Microsoft Corporation) C:\Windows\system32\wmpeffects.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00577536 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\mspbda.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\msdri.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00527872 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmnet.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\QAGENTRT.DLL
2014-06-12 22:49 - 2010-11-20 05:27 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\wlangpui.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\wiadefui.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\shwebsvc.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\sqlcese30.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00435712 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceStatus.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00431104 _____ (Microsoft Corporation) C:\Windows\system32\WPDSp.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00418816 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\shsvcs.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\sharemediacpl.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\srchadmin.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\raschap.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\scansetting.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00299520 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\srrstr.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\MSAC3ENC.DLL
2014-06-12 22:49 - 2010-11-20 05:27 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\QAGENT.DLL
2014-06-12 22:49 - 2010-11-20 05:27 - 00264192 _____ (Microsoft Corporation) C:\Windows\system32\upnp.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00263168 _____ (Microsoft Corporation) C:\Windows\system32\spwizui.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\wavemsp.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\qdv.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\sqmapi.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\spp.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\taskbarcpl.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00238080 _____ (Microsoft Corporation) C:\Windows\system32\mstask.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\scecli.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00232448 _____ (Microsoft Corporation) C:\Windows\system32\sppcomapi.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceSyncProvider.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\wmpsrcwp.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00221696 _____ (Microsoft Corporation) C:\Windows\system32\OnLineIDCpl.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\wpdwcn.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\mprddm.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\sysclass.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\netjoin.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\twext.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00165376 _____ (Microsoft Corporation) C:\Windows\system32\netid.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00148992 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\thumbcache.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\sppnp.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\regapi.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\UserAccountControlSettings.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\QCLIPROV.DLL
2014-06-12 22:49 - 2010-11-20 05:27 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\tlscsp.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\napdsnap.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\wkscli.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\vfwwdm32.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\vss_ps.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\umb.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\rtutils.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\msvidc32.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\msdmo.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\netutils.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\wsdchngr.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\TRAPI.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\spopk.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\syssetup.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\muifontsetup.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\msrle32.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\nrpsrv.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\shunimpl.dll
2014-06-12 22:49 - 2010-11-20 05:27 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\riched32.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 04120064 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 03391488 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 03205120 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 02067456 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 01866240 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 01457664 _____ (Microsoft Corporation) C:\Windows\system32\DxpTaskSync.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 01340416 _____ (Microsoft Corporation) C:\Windows\system32\diagperf.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 01244160 _____ (Microsoft Corporation) C:\Windows\system32\imapi2fs.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 01087488 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 01066496 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 01065984 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 00934912 _____ (Microsoft Corporation) C:\Windows\system32\FirewallControlPanel.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 00861184 _____ (Microsoft Corporation) C:\Windows\system32\fontext.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 00594432 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\imapi2.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2014-06-12 22:49 - 2010-11-20 05:26 - 00495104 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\DXP.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 00355328 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\MediaMetadataHandler.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\hgcpl.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 00317952 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\dot3ui.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 00282624 _____ (Microsoft Corporation) C:\Windows\system32\iTVData.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 00281600 _____ (Microsoft) C:\Windows\system32\DShowRdpFilter.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 00281088 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 00240640 _____ (Microsoft Corporation) C:\Windows\system32\MFPlay.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\hgprint.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairingFolder.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\iasrad.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\IPHLPAPI.DLL
2014-06-12 22:49 - 2010-11-20 05:26 - 00121344 _____ (Microsoft Corporation) C:\Windows\system32\fphc.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 00116224 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\fms.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\iasacct.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\KMSVC.DLL
2014-06-12 22:49 - 2010-11-20 05:26 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\Mcx2Svc.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\dot3cfg.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\inetmib1.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\iyuv_32.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\luainstall.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\FXSMON.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\mimefilt.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\HotStartUserAgent.dll
2014-06-12 22:49 - 2010-11-20 05:26 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\elsTrans.dll
2014-06-12 22:49 - 2010-11-20 05:25 - 03957760 _____ (Microsoft Corporation) C:\Windows\system32\WinSAT.exe
2014-06-12 22:49 - 2010-11-20 05:25 - 03524608 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2014-06-12 22:49 - 2010-11-20 05:25 - 01975296 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2014-06-12 22:49 - 2010-11-20 05:25 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\certmgr.dll
2014-06-12 22:49 - 2010-11-20 05:25 - 01600512 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2014-06-12 22:49 - 2010-11-20 05:25 - 00840192 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-06-12 22:49 - 2010-11-20 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayCpl.dll
2014-06-12 22:49 - 2010-11-20 05:25 - 00705024 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2014-06-12 22:49 - 2010-11-20 05:25 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\spinstall.exe
2014-06-12 22:49 - 2010-11-20 05:25 - 00549888 _____ (Microsoft Corporation) C:\Windows\system32\ActionCenterCPL.dll
2014-06-12 22:49 - 2010-11-20 05:25 - 00533504 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2014-06-12 22:49 - 2010-11-20 05:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\biocpl.dll
2014-06-12 22:49 - 2010-11-20 05:25 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-06-12 22:49 - 2010-11-20 05:25 - 00349696 _____ (Microsoft Corporation) C:\Windows\system32\slui.exe
2014-06-12 22:49 - 2010-11-20 05:25 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2014-06-12 22:49 - 2010-11-20 05:25 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2014-06-12 22:49 - 2010-11-20 05:25 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-06-12 22:49 - 2010-11-20 05:25 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\spreview.exe
2014-06-12 22:49 - 2010-11-20 05:25 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\WindowsAnytimeUpgradeResults.exe
2014-06-12 22:49 - 2010-11-20 05:25 - 00293888 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe
2014-06-12 22:49 - 2010-11-20 05:25 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\taskmgr.exe
2014-06-12 22:49 - 2010-11-20 05:25 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2014-06-12 22:49 - 2010-11-20 05:25 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\bcdsrv.dll
2014-06-12 22:49 - 2010-11-20 05:25 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\cabview.dll
2014-06-12 22:49 - 2010-11-20 05:25 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayServices.dll
2014-06-12 22:49 - 2010-11-20 05:25 - 00128000 _____ (Microsoft) C:\Windows\system32\Robocopy.exe
2014-06-12 22:49 - 2010-11-20 05:25 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2014-06-12 22:49 - 2010-11-20 05:25 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\AxInstSv.dll
2014-06-12 22:49 - 2010-11-20 05:25 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\nslookup.exe
2014-06-12 22:49 - 2010-11-20 05:25 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\cca.dll
2014-06-12 22:49 - 2010-11-20 05:25 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2014-06-12 22:49 - 2010-11-20 05:25 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2014-06-12 22:49 - 2010-11-20 05:25 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\tabcal.exe
2014-06-12 22:49 - 2010-11-20 05:25 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\CertPolEng.dll
2014-06-12 22:49 - 2010-11-20 05:25 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\takeown.exe
2014-06-12 22:49 - 2010-11-20 05:25 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\PnPUnattend.exe
2014-06-12 22:49 - 2010-11-20 05:25 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\tzutil.exe
2014-06-12 22:49 - 2010-11-20 05:25 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\runonce.exe
2014-06-12 22:49 - 2010-11-20 05:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\acppage.dll
2014-06-12 22:49 - 2010-11-20 05:25 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\MultiDigiMon.exe
2014-06-12 22:49 - 2010-11-20 05:25 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2014-06-12 22:49 - 2010-11-20 05:25 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\proquota.exe
2014-06-12 22:49 - 2010-11-20 05:25 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\userinit.exe
2014-06-12 22:49 - 2010-11-20 05:25 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2014-06-12 22:49 - 2010-11-20 05:25 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\browseui.dll
2014-06-12 22:49 - 2010-11-20 05:24 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\mblctr.exe
2014-06-12 22:49 - 2010-11-20 05:24 - 00899584 _____ (Microsoft Corporation) C:\Windows\system32\Bubbles.scr
2014-06-12 22:49 - 2010-11-20 05:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
2014-06-12 22:49 - 2010-11-20 05:24 - 00777728 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe
2014-06-12 22:49 - 2010-11-20 05:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\FXSSVC.exe
2014-06-12 22:49 - 2010-11-20 05:24 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\TabletPC.cpl
2014-06-12 22:49 - 2010-11-20 05:24 - 00653312 _____ (Microsoft Corporation) C:\Windows\system32\lpksetup.exe
2014-06-12 22:49 - 2010-11-20 05:24 - 00474112 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2014-06-12 22:49 - 2010-11-20 05:24 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2014-06-12 22:49 - 2010-11-20 05:24 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\diskraid.exe
2014-06-12 22:49 - 2010-11-20 05:24 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\eudcedit.exe
2014-06-12 22:49 - 2010-11-20 05:24 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\sysdm.cpl
2014-06-12 22:49 - 2010-11-20 05:24 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2014-06-12 22:49 - 2010-11-20 05:24 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\mcbuilder.exe
2014-06-12 22:49 - 2010-11-20 05:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2014-06-12 22:49 - 2010-11-20 05:24 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\Mystify.scr
2014-06-12 22:49 - 2010-11-20 05:24 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\Ribbons.scr
2014-06-12 22:49 - 2010-11-20 05:24 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\wdmaud.drv
2014-06-12 22:49 - 2010-11-20 05:24 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\VBICodec.ax
2014-06-12 22:49 - 2010-11-20 05:24 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\diskpart.exe
2014-06-12 22:49 - 2010-11-20 05:24 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\desk.cpl
2014-06-12 22:49 - 2010-11-20 05:24 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2014-06-12 22:49 - 2010-11-20 05:24 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\kstvtune.ax
2014-06-12 22:49 - 2010-11-20 05:24 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\mobsync.exe
2014-06-12 22:49 - 2010-11-20 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\WSTPager.ax
2014-06-12 22:49 - 2010-11-20 05:24 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\manage-bde.exe
2014-06-12 22:49 - 2010-11-20 05:24 - 00071168 _____ (Microsoft Corporation) C:\Windows\bfsvc.exe
2014-06-12 22:49 - 2010-11-20 05:24 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\ksxbar.ax
2014-06-12 22:49 - 2010-11-20 05:24 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\g711codc.ax
2014-06-12 22:49 - 2010-11-20 05:24 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\ftp.exe
2014-06-12 22:49 - 2010-11-20 05:24 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\vbisurf.ax
2014-06-12 22:49 - 2010-11-20 05:24 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\choice.exe
2014-06-12 22:49 - 2010-11-20 05:24 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\LogonUI.exe
2014-06-12 22:49 - 2010-11-20 05:24 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\FXSUNATD.exe
2014-06-12 22:49 - 2010-11-20 05:15 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2014-06-12 22:49 - 2010-11-20 05:13 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\RDPENCDD.dll
2014-06-12 22:49 - 2010-11-20 05:13 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2014-06-12 22:49 - 2010-11-20 05:12 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\pifmgr.dll
2014-06-12 22:49 - 2010-11-20 05:02 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2014-06-12 22:49 - 2010-11-20 05:02 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2014-06-12 22:49 - 2010-11-20 05:02 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\KBDTUF.DLL
2014-06-12 22:49 - 2010-11-20 05:02 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\KBDSG.DLL
2014-06-12 22:49 - 2010-11-20 05:02 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\kbdlk41a.dll
2014-06-12 22:49 - 2010-11-20 05:02 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\KBDGKL.DLL
2014-06-12 22:49 - 2010-11-20 05:02 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDNEPR.DLL
2014-06-12 22:49 - 2010-11-20 05:02 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDINBEN.DLL
2014-06-12 22:49 - 2010-11-20 05:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDUS.DLL
2014-06-12 22:49 - 2010-11-20 05:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDUGHR1.DLL
2014-06-12 22:49 - 2010-11-20 05:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAJIK.DLL
2014-06-12 22:49 - 2010-11-20 05:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDMON.DLL
2014-06-12 22:49 - 2010-11-20 05:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINMAR.DLL
2014-06-12 22:49 - 2010-11-20 05:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINKAN.DLL
2014-06-12 22:49 - 2010-11-20 05:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINHIN.DLL
2014-06-12 22:49 - 2010-11-20 05:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBULG.DLL
2014-06-12 22:49 - 2010-11-20 05:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBLR.DLL
2014-06-12 22:49 - 2010-11-20 05:02 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDGEO.DLL
2014-06-12 22:49 - 2010-11-20 04:54 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\BlbEvents.dll
2014-06-12 22:49 - 2010-11-20 04:36 - 00046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NAPCRYPT.DLL
2014-06-12 22:49 - 2010-11-20 04:21 - 02983424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbon.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 02755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 02157568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themecpl.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 02146304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncCenter.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 01667584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 01624064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPEncEn.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 01227776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 01175040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 01115136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RacEngn.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00933376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Vault.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00782336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00755200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sud.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2014-06-12 22:49 - 2010-11-20 04:21 - 00738816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00600064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2014-06-12 22:49 - 2010-11-20 04:21 - 00505856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00416768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiadefui.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00410624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\systemcpl.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00410112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanui.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00406528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00372224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00363008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wbemcomn.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00350720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDSp.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00350208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shlwapi.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00346624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00327680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\raschap.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00228352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00222208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wavemsp.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVolSSO.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnp.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppcomapi.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdscore.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpsrcwp.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00181760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tcpipcfg.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scecli.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spp.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remotepg.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twext.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00134656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00113664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsetup.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiavideo.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00108032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00105984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDShServiceObj.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppinst.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srvcli.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QUTIL.DLL
2014-06-12 22:49 - 2010-11-20 04:21 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spbcd.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unimdmat.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpd3d.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00051712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsnmp32.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00051200 _____ (Twain Working Group) C:\Windows\twain_32.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samcli.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RpcRtRemote.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wtsapi32.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TRAPI.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdprefdrvapi.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schedcli.dll
2014-06-12 22:49 - 2010-11-20 04:21 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll
2014-06-12 22:49 - 2010-11-20 04:20 - 02504192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVCORE.DLL
2014-06-12 22:49 - 2010-11-20 04:20 - 02494464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netshell.dll
2014-06-12 22:49 - 2010-11-20 04:20 - 02130944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\networkmap.dll
2014-06-12 22:49 - 2010-11-20 04:20 - 01750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pnidui.dll
2014-06-12 22:49 - 2010-11-20 04:20 - 01661440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\networkexplorer.dll
2014-06-12 22:49 - 2010-11-20 04:20 - 01508864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll
2014-06-12 22:49 - 2010-11-20 04:20 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2014-06-12 22:49 - 2010-11-20 04:20 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-06-12 22:49 - 2010-11-20 04:20 - 00600576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PerfCenterCPL.dll

Tubalcain · 14.06.2014, 17:24

FRST teil 2:

Code:

ATTFilter

2014-06-12 22:49 - 2010-11-20 04:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powercpl.dll
2014-06-12 22:49 - 2010-11-20 04:20 - 00406528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2014-06-12 22:49 - 2010-11-20 04:20 - 00346112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshipsec.dll
2014-06-12 22:49 - 2010-11-20 04:20 - 00236544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2014-06-12 22:49 - 2010-11-20 04:20 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OnLineIDCpl.dll
2014-06-12 22:49 - 2010-11-20 04:20 - 00190976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qcap.dll
2014-06-12 22:49 - 2010-11-20 04:20 - 00183296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceSyncProvider.dll
2014-06-12 22:49 - 2010-11-20 04:20 - 00174592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ocsetapi.dll
2014-06-12 22:49 - 2010-11-20 04:20 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QAGENT.DLL
2014-06-12 22:49 - 2010-11-20 04:20 - 00166400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netiohlp.dll
2014-06-12 22:49 - 2010-11-20 04:20 - 00165376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\provsvc.dll
2014-06-12 22:49 - 2010-11-20 04:20 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prntvpt.dll
2014-06-12 22:49 - 2010-11-20 04:20 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2014-06-12 22:49 - 2010-11-20 04:20 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nci.dll
2014-06-12 22:49 - 2010-11-20 04:20 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olethk32.dll
2014-06-12 22:49 - 2010-11-20 04:20 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QCLIPROV.DLL
2014-06-12 22:49 - 2010-11-20 04:20 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntlanman.dll
2014-06-12 22:49 - 2010-11-20 04:20 - 00068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\napdsnap.dll
2014-06-12 22:49 - 2010-11-20 04:20 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptui.dll
2014-06-12 22:49 - 2010-11-20 04:20 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
2014-06-12 22:49 - 2010-11-20 04:20 - 00040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcconf.dll
2014-06-12 22:49 - 2010-11-20 04:19 - 03207680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-06-12 22:49 - 2010-11-20 04:19 - 02151936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcndmgr.dll
2014-06-12 22:49 - 2010-11-20 04:19 - 01493504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2014-06-12 22:49 - 2010-11-20 04:19 - 00954288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc40u.dll
2014-06-12 22:49 - 2010-11-20 04:19 - 00856576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallControlPanel.dll
2014-06-12 22:49 - 2010-11-20 04:19 - 00732160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imapi2fs.dll
2014-06-12 22:49 - 2010-11-20 04:19 - 00488448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-06-12 22:49 - 2010-11-20 04:19 - 00400896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ipsmsnap.dll
2014-06-12 22:49 - 2010-11-20 04:19 - 00392192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imapi2.dll
2014-06-12 22:49 - 2010-11-20 04:19 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-06-12 22:49 - 2010-11-20 04:19 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hgcpl.dll
2014-06-12 22:49 - 2010-11-20 04:19 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2014-06-12 22:49 - 2010-11-20 04:19 - 00271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2014-06-12 22:49 - 2010-11-20 04:19 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprddm.dll
2014-06-12 22:49 - 2010-11-20 04:19 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MediaMetadataHandler.dll
2014-06-12 22:49 - 2010-11-20 04:19 - 00226304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSAC3ENC.DLL
2014-06-12 22:49 - 2010-11-20 04:19 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iTVData.dll
2014-06-12 22:49 - 2010-11-20 04:19 - 00213504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MMDevAPI.dll
2014-06-12 22:49 - 2010-11-20 04:19 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstask.dll
2014-06-12 22:49 - 2010-11-20 04:19 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2014-06-12 22:49 - 2010-11-20 04:19 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprapi.dll
2014-06-12 22:49 - 2010-11-20 04:19 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2014-06-12 22:49 - 2010-11-20 04:19 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logoncli.dll
2014-06-12 22:49 - 2010-11-20 04:19 - 00124416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fde.dll
2014-06-12 22:49 - 2010-11-20 04:19 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\migisol.dll
2014-06-12 22:49 - 2010-11-20 04:19 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mciavi32.dll
2014-06-12 22:49 - 2010-11-20 04:19 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2014-06-12 22:49 - 2010-11-20 04:19 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdeploy.dll
2014-06-12 22:49 - 2010-11-20 04:19 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsium.dll
2014-06-12 22:49 - 2010-11-20 04:19 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lsmproxy.dll
2014-06-12 22:49 - 2010-11-20 04:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\muifontsetup.dll
2014-06-12 22:49 - 2010-11-20 04:18 - 03727872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\accessibilitycpl.dll
2014-06-12 22:49 - 2010-11-20 04:18 - 01400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DxpTaskSync.dll
2014-06-12 22:49 - 2010-11-20 04:18 - 01334272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2014-06-12 22:49 - 2010-11-20 04:18 - 01003520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-06-12 22:49 - 2010-11-20 04:18 - 00744448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActionCenter.dll
2014-06-12 22:49 - 2010-11-20 04:18 - 00740864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\batmeter.dll
2014-06-12 22:49 - 2010-11-20 04:18 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuxiliaryDisplayCpl.dll
2014-06-12 22:49 - 2010-11-20 04:18 - 00630784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXPTaskRingtone.dll
2014-06-12 22:49 - 2010-11-20 04:18 - 00537600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActionCenterCPL.dll
2014-06-12 22:49 - 2010-11-20 04:18 - 00333824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3ui.dll
2014-06-12 22:49 - 2010-11-20 04:18 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvstore.dll
2014-06-12 22:49 - 2010-11-20 04:18 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-06-12 22:49 - 2010-11-20 04:18 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2014-06-12 22:49 - 2010-11-20 04:18 - 00257024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpx.dll
2014-06-12 22:49 - 2010-11-20 04:18 - 00242176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2014-06-12 22:49 - 2010-11-20 04:18 - 00222208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2014-06-12 22:49 - 2010-11-20 04:18 - 00211456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairingFolder.dll
2014-06-12 22:49 - 2010-11-20 04:18 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiagn.dll
2014-06-12 22:49 - 2010-11-20 04:18 - 00205312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\efscore.dll
2014-06-12 22:49 - 2010-11-20 04:18 - 00202752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\activeds.dll
2014-06-12 22:49 - 2010-11-20 04:18 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dskquoui.dll
2014-06-12 22:49 - 2010-11-20 04:18 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-06-12 22:49 - 2010-11-20 04:18 - 00132608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cabview.dll
2014-06-12 22:49 - 2010-11-20 04:18 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscmmc.dll
2014-06-12 22:49 - 2010-11-20 04:18 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2014-06-12 22:49 - 2010-11-20 04:18 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3cfg.dll
2014-06-12 22:49 - 2010-11-20 04:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2014-06-12 22:49 - 2010-11-20 04:18 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertPolEng.dll
2014-06-12 22:49 - 2010-11-20 04:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\acppage.dll
2014-06-12 22:49 - 2010-11-20 04:18 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-06-12 22:49 - 2010-11-20 04:18 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsauth.dll
2014-06-12 22:49 - 2010-11-20 04:18 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elsTrans.dll
2014-06-12 22:49 - 2010-11-20 04:18 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\C_ISCII.DLL
2014-06-12 22:49 - 2010-11-20 04:17 - 00327680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimserv.exe
2014-06-12 22:49 - 2010-11-20 04:17 - 00314368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVol.exe
2014-06-12 22:49 - 2010-11-20 04:17 - 00303104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2014-06-12 22:49 - 2010-11-20 04:17 - 00302592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
2014-06-12 22:49 - 2010-11-20 04:17 - 00288256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eudcedit.exe
2014-06-12 22:49 - 2010-11-20 04:17 - 00220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mcbuilder.exe
2014-06-12 22:49 - 2010-11-20 04:17 - 00197632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ocsetup.exe
2014-06-12 22:49 - 2010-11-20 04:17 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2014-06-12 22:49 - 2010-11-20 04:17 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2014-06-12 22:49 - 2010-11-20 04:17 - 00157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
2014-06-12 22:49 - 2010-11-20 04:17 - 00144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsicli.exe
2014-06-12 22:49 - 2010-11-20 04:17 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskpart.exe
2014-06-12 22:49 - 2010-11-20 04:17 - 00113152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupugc.exe
2014-06-12 22:49 - 2010-11-20 04:17 - 00101376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mobsync.exe
2014-06-12 22:49 - 2010-11-20 04:17 - 00098816 _____ (Microsoft) C:\Windows\SysWOW64\Robocopy.exe
2014-06-12 22:49 - 2010-11-20 04:17 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logagent.exe
2014-06-12 22:49 - 2010-11-20 04:17 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\isoburn.exe
2014-06-12 22:49 - 2010-11-20 04:17 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2014-06-12 22:49 - 2010-11-20 04:17 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MuiUnattend.exe
2014-06-12 22:49 - 2010-11-20 04:17 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\w32tm.exe
2014-06-12 22:49 - 2010-11-20 04:17 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\findstr.exe
2014-06-12 22:49 - 2010-11-20 04:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\takeown.exe
2014-06-12 22:49 - 2010-11-20 04:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzutil.exe
2014-06-12 22:49 - 2010-11-20 04:17 - 00042496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ftp.exe
2014-06-12 22:49 - 2010-11-20 04:17 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2014-06-12 22:49 - 2010-11-20 04:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unlodctr.exe
2014-06-12 22:49 - 2010-11-20 04:17 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userinit.exe
2014-06-12 22:49 - 2010-11-20 04:17 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netiougc.exe
2014-06-12 22:49 - 2010-11-20 04:17 - 00024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2014-06-12 22:49 - 2010-11-20 04:17 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgentc.exe
2014-06-12 22:49 - 2010-11-20 04:16 - 00905216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl
2014-06-12 22:49 - 2010-11-20 04:16 - 00878592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Bubbles.scr
2014-06-12 22:49 - 2010-11-20 04:16 - 00776192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2014-06-12 22:49 - 2010-11-20 04:16 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe
2014-06-12 22:49 - 2010-11-20 04:16 - 00389632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2014-06-12 22:49 - 2010-11-20 04:16 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysdm.cpl
2014-06-12 22:49 - 2010-11-20 04:16 - 00320000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2014-06-12 22:49 - 2010-11-20 04:16 - 00220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Ribbons.scr
2014-06-12 22:49 - 2010-11-20 04:16 - 00142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powercfg.cpl
2014-06-12 22:49 - 2010-11-20 04:16 - 00107008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Kswdmcap.ax
2014-06-12 22:49 - 2010-11-20 04:16 - 00045568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\g711codc.ax
2014-06-12 22:49 - 2010-11-20 04:08 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-06-12 22:49 - 2010-11-20 04:08 - 00119808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imm32.dll
2014-06-12 22:49 - 2010-11-20 04:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTUF.DLL
2014-06-12 22:49 - 2010-11-20 04:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDSG.DLL
2014-06-12 22:49 - 2010-11-20 04:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDCZ1.DLL
2014-06-12 22:49 - 2010-11-20 04:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDSF.DLL
2014-06-12 22:49 - 2010-11-20 04:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDPO.DLL
2014-06-12 22:49 - 2010-11-20 04:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDNEPR.DLL
2014-06-12 22:49 - 2010-11-20 04:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINORI.DLL
2014-06-12 22:49 - 2010-11-20 04:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINKAN.DLL
2014-06-12 22:49 - 2010-11-20 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDUGHR1.DLL
2014-06-12 22:49 - 2010-11-20 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDMAORI.DLL
2014-06-12 22:49 - 2010-11-20 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDLT1.DLL
2014-06-12 22:49 - 2010-11-20 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTEL.DLL
2014-06-12 22:49 - 2010-11-20 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBLR.DLL
2014-06-12 22:49 - 2010-11-20 04:07 - 01164800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll
2014-06-12 22:49 - 2010-11-20 04:06 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2014-06-12 22:49 - 2010-11-20 04:00 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2014-06-12 22:49 - 2010-11-20 03:05 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\rdpdd.dll
2014-06-12 22:49 - 2010-11-20 02:52 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
2014-06-12 22:49 - 2010-11-20 02:52 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2014-06-12 22:49 - 2010-11-20 02:52 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys
2014-06-12 22:49 - 2010-11-20 02:52 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2014-06-12 22:49 - 2010-11-20 02:51 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2014-06-12 22:49 - 2010-11-20 02:44 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2014-06-12 22:49 - 2010-11-20 02:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys
2014-06-12 22:49 - 2010-11-20 02:44 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys
2014-06-12 22:49 - 2010-11-20 02:43 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-06-12 22:49 - 2010-11-20 02:43 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys
2014-06-12 22:49 - 2010-11-20 02:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2014-06-12 22:49 - 2010-11-20 02:33 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2014-06-12 22:49 - 2010-11-20 02:14 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-06-12 22:49 - 2010-11-20 02:10 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys
2014-06-12 22:49 - 2010-11-20 02:04 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-06-12 22:49 - 2010-11-20 01:27 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2014-06-12 22:49 - 2010-11-20 01:26 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2014-06-12 22:49 - 2010-11-20 01:26 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-06-12 22:49 - 2010-11-20 01:25 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2014-06-12 22:49 - 2010-11-20 01:23 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2014-06-12 22:49 - 2010-11-20 01:19 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys
2014-06-12 22:49 - 2010-11-04 18:20 - 00347904 _____ () C:\Windows\system32\systemsf.ebd
2014-06-12 22:49 - 2010-11-04 17:58 - 00155472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-06-12 22:49 - 2010-11-04 17:58 - 00080720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-06-12 22:49 - 2010-11-04 17:57 - 00444752 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2014-06-12 22:49 - 2010-11-04 17:57 - 00154960 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-06-12 22:49 - 2009-07-13 17:16 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tcpmonui.dll
2014-06-12 22:49 - 2009-06-10 13:40 - 00001041 _____ () C:\Windows\SysWOW64\tcpbidi.xml
2014-06-12 22:48 - 2010-11-20 05:44 - 01077248 _____ (Microsoft Corporation) C:\Windows\system32\Narrator.exe
2014-06-12 22:48 - 2010-11-20 05:39 - 05066752 _____ (Microsoft Corporation) C:\Windows\system32\AuthFWSnapin.dll
2014-06-12 22:48 - 2010-11-20 05:34 - 00071552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2014-06-12 22:48 - 2010-11-20 05:33 - 00366976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2014-06-12 22:48 - 2010-11-20 05:33 - 00299392 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2014-06-12 22:48 - 2010-11-20 05:33 - 00289664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2014-06-12 22:48 - 2010-11-20 05:33 - 00263040 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2014-06-12 22:48 - 2010-11-20 05:33 - 00184704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2014-06-12 22:48 - 2010-11-20 05:33 - 00103808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys
2014-06-12 22:48 - 2010-11-20 05:33 - 00094592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2014-06-12 22:48 - 2010-11-20 05:33 - 00063360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
2014-06-12 22:48 - 2010-11-20 05:33 - 00031104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys
2014-06-12 22:48 - 2010-11-20 05:32 - 02217856 _____ (Microsoft Corporation) C:\Windows\system32\bootres.dll
2014-06-12 22:48 - 2010-11-20 05:32 - 00179072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-06-12 22:48 - 2010-11-20 05:29 - 00780008 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 03650560 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 03027968 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2014-06-12 22:48 - 2010-11-20 05:27 - 03008000 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 02851840 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 02250752 _____ (Microsoft Corporation) C:\Windows\system32\SensorsCpl.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 02146816 _____ (Microsoft Corporation) C:\Windows\system32\networkmap.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 02072576 _____ (Microsoft Corporation) C:\Windows\system32\WMPEncEn.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 01900544 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\netcenter.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 01672704 _____ (Microsoft Corporation) C:\Windows\system32\networkexplorer.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 01509888 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\wlanpref.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 01326080 _____ (Microsoft Corporation) C:\Windows\system32\NaturalLanguage6.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2014-06-12 22:48 - 2010-11-20 05:27 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\sdengin2.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 01098240 _____ (Microsoft Corporation) C:\Windows\system32\Vault.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 01082880 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 01080320 _____ (Microsoft Corporation) C:\Windows\system32\onexui.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 01024512 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 01008128 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\sqlsrv32.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00812032 _____ (Microsoft Corporation) C:\Windows\system32\wpccpl.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\sud.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00582656 _____ (Microsoft Corporation) C:\Windows\system32\sxs.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\wiaservc.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00529408 _____ (Microsoft Corporation) C:\Windows\system32\wbemcomn.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\wmicmiplugin.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\WinSATAPI.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\powercpl.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00481280 _____ (Microsoft Corporation) C:\Windows\system32\wmpps.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\nshipsec.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\spwizeng.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\termmgr.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\prnfldr.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wlanui.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00409600 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\mtxclu.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00366080 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00358400 _____ (Microsoft Corporation) C:\Windows\system32\wmpdxm.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\netdiagfx.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\tapisrv.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00300032 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00263168 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\tcpipcfg.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\onex.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\QSHVHOST.DLL
2014-06-12 22:48 - 2010-11-20 05:27 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\mprapi.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00217600 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\netiohlp.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\rasppp.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\syncui.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\netplwiz.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\vdsbas.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\provsvc.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\prncache.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\qcap.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\sdrsvc.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\ocsetapi.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\prntvpt.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00154624 _____ (Microsoft Corporation) C:\Windows\system32\uxlib.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00153088 _____ (Microsoft Corporation) C:\Windows\system32\remotepg.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\recovery.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\mydocs.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\wmpshell.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\shsetup.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\ntlanman.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\srvcli.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\wiavideo.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\QSVRMGMT.DLL
2014-06-12 22:48 - 2010-11-20 05:27 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\QUTIL.DLL
2014-06-12 22:48 - 2010-11-20 05:27 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\nci.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\spbcd.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\unimdmat.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\rdpd3d.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\samcli.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\ncryptui.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\RpcRtRemote.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\WavDest.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\odbcconf.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\PrintIsolationProxy.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\wshbth.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\msasn1.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\vpnikeapi.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\shimgvw.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\wdiasqmmodule.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\shgina.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\msyuv.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\sisbkup.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\schedcli.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\rdprefdrvapi.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\tsbyuv.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wshirda.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\rdpcfgex.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-06-12 22:48 - 2010-11-20 05:27 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-06-12 22:48 - 2010-11-20 05:27 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\DiagCpl.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00777728 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\dsuiext.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00623104 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\ipsmsnap.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00551936 _____ (Microsoft Corporation) C:\Windows\system32\localsec.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCenter.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\FXSTIFF.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\drvstore.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00399872 _____ (Microsoft Corporation) C:\Windows\system32\dpx.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\efscore.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\framedynos.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\dxdiagn.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\framedyn.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dot3svc.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dskquoui.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\defaultlocationcpl.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00232448 _____ (Microsoft Corporation) C:\Windows\system32\ListSvc.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\iasrecst.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\logoncli.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\ifsutil.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\fde.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\dps.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\EhStorAPI.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\dwmredir.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\dnscmmc.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\dot3msm.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\dot3api.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\hbaapi.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\fdProxy.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\fdeploy.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\lsmproxy.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\cscapi.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\httpapi.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\mciqtz32.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\iscsium.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dsauth.dll
2014-06-12 22:48 - 2010-11-20 05:26 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\cscdll.dll
2014-06-12 22:48 - 2010-11-20 05:25 - 03745792 _____ (Microsoft Corporation) C:\Windows\system32\accessibilitycpl.dll
2014-06-12 22:48 - 2010-11-20 05:25 - 01504256 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
2014-06-12 22:48 - 2010-11-20 05:25 - 01264640 _____ (Microsoft Corporation) C:\Windows\system32\sdclt.exe
2014-06-12 22:48 - 2010-11-20 05:25 - 00958464 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-06-12 22:48 - 2010-11-20 05:25 - 00897536 _____ (Microsoft Corporation) C:\Windows\system32\azroles.dll
2014-06-12 22:48 - 2010-11-20 05:25 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\ActionCenter.dll
2014-06-12 22:48 - 2010-11-20 05:25 - 00749568 _____ (Microsoft Corporation) C:\Windows\system32\batmeter.dll
2014-06-12 22:48 - 2010-11-20 05:25 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-06-12 22:48 - 2010-11-20 05:25 - 00472064 _____ (Microsoft Corporation) C:\Windows\system32\azroleui.dll
2014-06-12 22:48 - 2010-11-20 05:25 - 00464384 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2014-06-12 22:48 - 2010-11-20 05:25 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
2014-06-12 22:48 - 2010-11-20 05:25 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\nltest.exe
2014-06-12 22:48 - 2010-11-20 05:25 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2014-06-12 22:48 - 2010-11-20 05:25 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-06-12 22:48 - 2010-11-20 05:25 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
2014-06-12 22:48 - 2010-11-20 05:25 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\sethc.exe
2014-06-12 22:48 - 2010-11-20 05:25 - 00273920 _____ (Microsoft Corporation) C:\Windows\system32\SndVol.exe
2014-06-12 22:48 - 2010-11-20 05:25 - 00238080 _____ (Microsoft Corporation) C:\Windows\system32\recdisc.exe
2014-06-12 22:48 - 2010-11-20 05:25 - 00213504 _____ (Microsoft Corporation) C:\Windows\system32\ActionQueue.dll
2014-06-12 22:48 - 2010-11-20 05:25 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\PkgMgr.exe
2014-06-12 22:48 - 2010-11-20 05:25 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\ocsetup.exe
2014-06-12 22:48 - 2010-11-20 05:25 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\autoplay.dll
2014-06-12 22:48 - 2010-11-20 05:25 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\net1.exe
2014-06-12 22:48 - 2010-11-20 05:25 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\cabinet.dll
2014-06-12 22:48 - 2010-11-20 05:25 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\amstream.dll
2014-06-12 22:48 - 2010-11-20 05:25 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\setupcl.exe
2014-06-12 22:48 - 2010-11-20 05:25 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\repair-bde.exe
2014-06-12 22:48 - 2010-11-20 05:25 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\AzSqlExt.dll
2014-06-12 22:48 - 2010-11-20 05:25 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\bitsperf.dll
2014-06-12 22:48 - 2010-11-20 05:25 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\BWUnpairElevated.dll
2014-06-12 22:48 - 2010-11-20 05:25 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\C_ISCII.DLL
2014-06-12 22:48 - 2010-11-20 05:24 - 00793088 _____ (Microsoft Corporation) C:\Windows\system32\autoconv.exe
2014-06-12 22:48 - 2010-11-20 05:24 - 00763904 _____ (Microsoft Corporation) C:\Windows\system32\autofmt.exe
2014-06-12 22:48 - 2010-11-20 05:24 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl
2014-06-12 22:48 - 2010-11-20 05:24 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\bthprops.cpl
2014-06-12 22:48 - 2010-11-20 05:24 - 00606208 _____ (Microsoft Corporation) C:\Windows\system32\dfrgui.exe
2014-06-12 22:48 - 2010-11-20 05:24 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\main.cpl
2014-06-12 22:48 - 2010-11-20 05:24 - 00477696 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2014-06-12 22:48 - 2010-11-20 05:24 - 00373248 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
2014-06-12 22:48 - 2010-11-20 05:24 - 00345088 _____ (Microsoft Corporation) C:\Windows\system32\cmd.exe
2014-06-12 22:48 - 2010-11-20 05:24 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\lsm.exe
2014-06-12 22:48 - 2010-11-20 05:24 - 00333824 _____ (Microsoft Corporation) C:\Windows\system32\ssText3d.scr
2014-06-12 22:48 - 2010-11-20 05:24 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\unimdm.tsp
2014-06-12 22:48 - 2010-11-20 05:24 - 00300032 _____ (Microsoft Corporation) C:\Windows\system32\msconfig.exe
2014-06-12 22:48 - 2010-11-20 05:24 - 00232448 _____ (Microsoft Corporation) C:\Windows\system32\bitsadmin.exe
2014-06-12 22:48 - 2010-11-20 05:24 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\bcdboot.exe
2014-06-12 22:48 - 2010-11-20 05:24 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\powercfg.cpl
2014-06-12 22:48 - 2010-11-20 05:24 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\iscsicli.exe
2014-06-12 22:48 - 2010-11-20 05:24 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\MdSched.exe
2014-06-12 22:48 - 2010-11-20 05:24 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\Kswdmcap.ax
2014-06-12 22:48 - 2010-11-20 05:24 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-06-12 22:48 - 2010-11-20 05:24 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\aitagent.exe
2014-06-12 22:48 - 2010-11-20 05:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\cmstp.exe
2014-06-12 22:48 - 2010-11-20 05:24 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\isoburn.exe
2014-06-12 22:48 - 2010-11-20 05:24 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\findstr.exe
2014-06-12 22:48 - 2010-11-20 05:24 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\djoin.exe
2014-06-12 22:48 - 2010-11-20 05:24 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2014-06-12 22:48 - 2010-11-20 05:14 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwizres.dll
2014-06-12 22:48 - 2010-11-20 05:02 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\KBDTUQ.DLL
2014-06-12 22:48 - 2010-11-20 05:02 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\KBDCZ1.DLL
2014-06-12 22:48 - 2010-11-20 05:02 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDSF.DLL
2014-06-12 22:48 - 2010-11-20 05:02 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDPO.DLL
2014-06-12 22:48 - 2010-11-20 05:02 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDINTAM.DLL
2014-06-12 22:48 - 2010-11-20 05:02 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDGR1.DLL
2014-06-12 22:48 - 2010-11-20 05:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTURME.DLL
2014-06-12 22:48 - 2010-11-20 05:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDMAORI.DLL
2014-06-12 22:48 - 2010-11-20 05:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDLT1.DLL
2014-06-12 22:48 - 2010-11-20 05:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINTEL.DLL
2014-06-12 22:48 - 2010-11-20 05:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINORI.DLL
2014-06-12 22:48 - 2010-11-20 05:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-06-12 22:48 - 2010-11-20 04:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-ums-l1-1-0.dll
2014-06-12 22:48 - 2010-11-20 04:36 - 00107008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NAPHLPR.DLL
2014-06-12 22:48 - 2010-11-20 04:32 - 05066752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthFWSnapin.dll
2014-06-12 22:48 - 2010-11-20 04:23 - 00144768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 02202624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsCpl.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 01712640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsservices.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 01363456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 01326592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanpref.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 01128448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 01003008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMNetMgr.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00902656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2014-06-12 22:48 - 2010-11-20 04:21 - 00778240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqlsrv32.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00638976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VAN.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00616960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00560128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmdev.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00473600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\riched20.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00458752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00436736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmnet.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00428544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shwebsvc.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00411648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlangpui.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00380416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sxs.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\termmgr.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwizeng.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00352256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpeffects.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00351232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00335872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSATAPI.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00328192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsvcs.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqlcese30.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00307712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srchadmin.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00299520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpdxm.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00276992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00270848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00246272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scansetting.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00242176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tapisrv.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00198144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdwcn.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqmapi.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00186368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasppp.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00167936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSHVHOST.DLL
2014-06-12 22:48 - 2010-11-20 04:21 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vdsbas.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\syncui.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpps.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxlib.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00105472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpshell.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSVRMGMT.DLL
2014-06-12 22:48 - 2010-11-20 04:21 - 00087552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\thumbcache.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserAccountControlSettings.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\regapi.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tlscsp.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vfwwdm32.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00051712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wkscli.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtutils.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshbth.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimgvw.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\utildll.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00027648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vpnikeapi.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsdchngr.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shgina.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spopk.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00019456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sisbkup.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\syssetup.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsbyuv.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshirda.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shunimpl.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\riched32.dll
2014-06-12 22:48 - 2010-11-20 04:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-06-12 22:48 - 2010-11-20 04:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-06-12 22:48 - 2010-11-20 04:20 - 01644032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcenter.dll
2014-06-12 22:48 - 2010-11-20 04:20 - 01160192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll
2014-06-12 22:48 - 2010-11-20 04:20 - 01111552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\onexui.dll
2014-06-12 22:48 - 2010-11-20 04:20 - 00932352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.dll
2014-06-12 22:48 - 2010-11-20 04:20 - 00859648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OobeFldr.dll
2014-06-12 22:48 - 2010-11-20 04:20 - 00801280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NaturalLanguage6.dll
2014-06-12 22:48 - 2010-11-20 04:20 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbc32.dll
2014-06-12 22:48 - 2010-11-20 04:20 - 00563712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2014-06-12 22:48 - 2010-11-20 04:20 - 00547840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceApi.dll
2014-06-12 22:48 - 2010-11-20 04:20 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceStatus.dll
2014-06-12 22:48 - 2010-11-20 04:20 - 00395264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnfldr.dll
2014-06-12 22:48 - 2010-11-20 04:20 - 00324608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2014-06-12 22:48 - 2010-11-20 04:20 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2014-06-12 22:48 - 2010-11-20 04:20 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2014-06-12 22:48 - 2010-11-20 04:20 - 00283136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdv.dll
2014-06-12 22:48 - 2010-11-20 04:20 - 00225792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netdiagfx.dll
2014-06-12 22:48 - 2010-11-20 04:20 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2014-06-12 22:48 - 2010-11-20 04:20 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\onex.dll
2014-06-12 22:48 - 2010-11-20 04:20 - 00175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netplwiz.dll
2014-06-12 22:48 - 2010-11-20 04:20 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netjoin.dll
2014-06-12 22:48 - 2010-11-20 04:20 - 00136192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mydocs.dll
2014-06-12 22:48 - 2010-11-20 04:20 - 00121344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2014-06-12 22:48 - 2010-11-20 04:20 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netid.dll
2014-06-12 22:48 - 2010-11-20 04:20 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prncache.dll
2014-06-12 22:48 - 2010-11-20 04:20 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netutils.dll
2014-06-12 22:48 - 2010-11-20 04:20 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfts.dll
2014-06-12 22:48 - 2010-11-20 04:20 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-06-12 22:48 - 2010-11-20 04:19 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2014-06-12 22:48 - 2010-11-20 04:19 - 00954752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc40.dll
2014-06-12 22:48 - 2010-11-20 04:19 - 00830464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2014-06-12 22:48 - 2010-11-20 04:19 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontext.dll
2014-06-12 22:48 - 2010-11-20 04:19 - 00592384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2014-06-12 22:48 - 2010-11-20 04:19 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-06-12 22:48 - 2010-11-20 04:19 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2014-06-12 22:48 - 2010-11-20 04:19 - 00429056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\localsec.dll
2014-06-12 22:48 - 2010-11-20 04:19 - 00320512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxclu.dll
2014-06-12 22:48 - 2010-11-20 04:19 - 00320512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2014-06-12 22:48 - 2010-11-20 04:19 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-06-12 22:48 - 2010-11-20 04:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedynos.dll
2014-06-12 22:48 - 2010-11-20 04:19 - 00202752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedyn.dll
2014-06-12 22:48 - 2010-11-20 04:19 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2014-06-12 22:48 - 2010-11-20 04:19 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2014-06-12 22:48 - 2010-11-20 04:19 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFPlay.dll
2014-06-12 22:48 - 2010-11-20 04:19 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasrad.dll
2014-06-12 22:48 - 2010-11-20 04:19 - 00167936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msutb.dll
2014-06-12 22:48 - 2010-11-20 04:19 - 00148992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ifsutil.dll
2014-06-12 22:48 - 2010-11-20 04:19 - 00122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasrecst.dll
2014-06-12 22:48 - 2010-11-20 04:19 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvfw32.dll
2014-06-12 22:48 - 2010-11-20 04:19 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IPHLPAPI.DLL
2014-06-12 22:48 - 2010-11-20 04:19 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fphc.dll
2014-06-12 22:48 - 2010-11-20 04:19 - 00093696 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\SysWOW64\fms.dll
2014-06-12 22:48 - 2010-11-20 04:19 - 00082944 _____ (Radius Inc.) C:\Windows\SysWOW64\iccvid.dll
2014-06-12 22:48 - 2010-11-20 04:19 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasacct.dll
2014-06-12 22:48 - 2010-11-20 04:19 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2014-06-12 22:48 - 2010-11-20 04:19 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hbaapi.dll
2014-06-12 22:48 - 2010-11-20 04:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetmib1.dll
2014-06-12 22:48 - 2010-11-20 04:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iyuv_32.dll
2014-06-12 22:48 - 2010-11-20 04:19 - 00042496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mimefilt.dll
2014-06-12 22:48 - 2010-11-20 04:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\luainstall.dll
2014-06-12 22:48 - 2010-11-20 04:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mciqtz32.dll
2014-06-12 22:48 - 2010-11-20 04:19 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\httpapi.dll
2014-06-12 22:48 - 2010-11-20 04:19 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msasn1.dll
2014-06-12 22:48 - 2010-11-20 04:19 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvidc32.dll
2014-06-12 22:48 - 2010-11-20 04:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdmo.dll
2014-06-12 22:48 - 2010-11-20 04:19 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msyuv.dll
2014-06-12 22:48 - 2010-11-20 04:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrle32.dll
2014-06-12 22:48 - 2010-11-20 04:18 - 02522624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2014-06-12 22:48 - 2010-11-20 04:18 - 01828352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2014-06-12 22:48 - 2010-11-20 04:18 - 01555456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certmgr.dll
2014-06-12 22:48 - 2010-11-20 04:18 - 01371136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2014-06-12 22:48 - 2010-11-20 04:18 - 01040384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Display.dll
2014-06-12 22:48 - 2010-11-20 04:18 - 00854016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2014-06-12 22:48 - 2010-11-20 04:18 - 00762880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\azroles.dll
2014-06-12 22:48 - 2010-11-20 04:18 - 00743424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-06-12 22:48 - 2010-11-20 04:18 - 00685056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsuiext.dll
2014-06-12 22:48 - 2010-11-20 04:18 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2014-06-12 22:48 - 2010-11-20 04:18 - 00484864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceCenter.dll
2014-06-12 22:48 - 2010-11-20 04:18 - 00402944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-06-12 22:48 - 2010-11-20 04:18 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-06-12 22:48 - 2010-11-20 04:18 - 00314368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\azroleui.dll
2014-06-12 22:48 - 2010-11-20 04:18 - 00309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-06-12 22:48 - 2010-11-20 04:18 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2014-06-12 22:48 - 2010-11-20 04:18 - 00252928 _____ (Microsoft) C:\Windows\SysWOW64\DShowRdpFilter.dll
2014-06-12 22:48 - 2010-11-20 04:18 - 00243712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\audiodev.dll
2014-06-12 22:48 - 2010-11-20 04:18 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2014-06-12 22:48 - 2010-11-20 04:18 - 00220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\defaultlocationcpl.dll
2014-06-12 22:48 - 2010-11-20 04:18 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsldp.dll
2014-06-12 22:48 - 2010-11-20 04:18 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autoplay.dll
2014-06-12 22:48 - 2010-11-20 04:18 - 00128512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EhStorAPI.dll
2014-06-12 22:48 - 2010-11-20 04:18 - 00115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3msm.dll
2014-06-12 22:48 - 2010-11-20 04:18 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\avifil32.dll
2014-06-12 22:48 - 2010-11-20 04:18 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3api.dll
2014-06-12 22:48 - 2010-11-20 04:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cabinet.dll
2014-06-12 22:48 - 2010-11-20 04:18 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\amstream.dll
2014-06-12 22:48 - 2010-11-20 04:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cca.dll
2014-06-12 22:48 - 2010-11-20 04:18 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscapi.dll
2014-06-12 22:48 - 2010-11-20 04:18 - 00028160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzSqlExt.dll
2014-06-12 22:48 - 2010-11-20 04:18 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscdll.dll
2014-06-12 22:48 - 2010-11-20 04:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bitsperf.dll
2014-06-12 22:48 - 2010-11-20 04:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browseui.dll
2014-06-12 22:48 - 2010-11-20 04:17 - 00586752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfrgui.exe
2014-06-12 22:48 - 2010-11-20 04:17 - 00276480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskraid.exe
2014-06-12 22:48 - 2010-11-20 04:17 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sethc.exe
2014-06-12 22:48 - 2010-11-20 04:17 - 00227328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskmgr.exe
2014-06-12 22:48 - 2010-11-20 04:17 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PkgMgr.exe
2014-06-12 22:48 - 2010-11-20 04:17 - 00142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\net1.exe
2014-06-12 22:48 - 2010-11-20 04:17 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nslookup.exe
2014-06-12 22:48 - 2010-11-20 04:17 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmstp.exe
2014-06-12 22:48 - 2010-11-20 04:17 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2014-06-12 22:48 - 2010-11-20 04:17 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\runonce.exe
2014-06-12 22:48 - 2010-11-20 04:17 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2014-06-12 22:48 - 2010-11-20 04:17 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\proquota.exe
2014-06-12 22:48 - 2010-11-20 04:16 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bthprops.cpl
2014-06-12 22:48 - 2010-11-20 04:16 - 00679424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autoconv.exe
2014-06-12 22:48 - 2010-11-20 04:16 - 00658944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autofmt.exe
2014-06-12 22:48 - 2010-11-20 04:16 - 00649216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl
2014-06-12 22:48 - 2010-11-20 04:16 - 00516096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\main.cpl
2014-06-12 22:48 - 2010-11-20 04:16 - 00413696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
2014-06-12 22:48 - 2010-11-20 04:16 - 00345088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2014-06-12 22:48 - 2010-11-20 04:16 - 00293888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ssText3d.scr
2014-06-12 22:48 - 2010-11-20 04:16 - 00281088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unimdm.tsp
2014-06-12 22:48 - 2010-11-20 04:16 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mystify.scr
2014-06-12 22:48 - 2010-11-20 04:16 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2014-06-12 22:48 - 2010-11-20 04:16 - 00186368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bitsadmin.exe
2014-06-12 22:48 - 2010-11-20 04:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdmaud.drv
2014-06-12 22:48 - 2010-11-20 04:16 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VBICodec.ax
2014-06-12 22:48 - 2010-11-20 04:16 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\desk.cpl
2014-06-12 22:48 - 2010-11-20 04:16 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kstvtune.ax
2014-06-12 22:48 - 2010-11-20 04:16 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSTPager.ax
2014-06-12 22:48 - 2010-11-20 04:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksxbar.ax
2014-06-12 22:48 - 2010-11-20 04:16 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbisurf.ax
2014-06-12 22:48 - 2010-11-20 04:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTUQ.DLL
2014-06-12 22:48 - 2010-11-20 04:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdlk41a.dll
2014-06-12 22:48 - 2010-11-20 04:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDGR1.DLL
2014-06-12 22:48 - 2010-11-20 04:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDGKL.DLL
2014-06-12 22:48 - 2010-11-20 04:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTAM.DLL
2014-06-12 22:48 - 2010-11-20 04:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINMAR.DLL
2014-06-12 22:48 - 2010-11-20 04:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINHIN.DLL
2014-06-12 22:48 - 2010-11-20 04:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBEN.DLL
2014-06-12 22:48 - 2010-11-20 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDUS.DLL
2014-06-12 22:48 - 2010-11-20 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTURME.DLL
2014-06-12 22:48 - 2010-11-20 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAJIK.DLL
2014-06-12 22:48 - 2010-11-20 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDMON.DLL
2014-06-12 22:48 - 2010-11-20 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDGEO.DLL
2014-06-12 22:48 - 2010-11-20 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBULG.DLL
2014-06-12 22:48 - 2010-11-20 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-06-12 22:48 - 2010-11-20 04:07 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwizres.dll
2014-06-12 22:48 - 2010-11-20 04:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pifmgr.dll
2014-06-12 22:48 - 2010-11-20 04:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2014-06-12 22:48 - 2010-11-20 03:37 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbrpm.sys
2014-06-12 22:48 - 2010-11-20 02:52 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys
2014-06-12 22:48 - 2010-11-20 02:52 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
2014-06-12 22:48 - 2010-11-20 02:52 - 00111104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys
2014-06-12 22:48 - 2010-11-20 02:50 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys
2014-06-12 22:48 - 2010-11-20 02:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2014-06-12 22:48 - 2010-11-20 02:44 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys
2014-06-12 22:48 - 2010-11-20 02:34 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys
2014-06-12 22:48 - 2010-11-20 02:33 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2014-06-12 22:48 - 2010-11-20 02:33 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CompositeBus.sys
2014-06-12 22:48 - 2010-11-20 01:30 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpipmi.sys
2014-06-12 22:48 - 2010-11-20 01:22 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys
2014-06-12 22:48 - 2010-11-20 01:21 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-06-12 22:48 - 2010-11-09 17:48 - 00010429 _____ () C:\Windows\system32\ScavengeSpace.xml
2014-06-12 22:48 - 2010-11-04 18:20 - 00105559 _____ () C:\Windows\SysWOW64\RacRules.xml
2014-06-12 22:48 - 2010-11-04 18:20 - 00105559 _____ () C:\Windows\system32\RacRules.xml
2014-06-12 22:48 - 2010-11-04 18:11 - 00433512 _____ (Microsoft Corporation) C:\Windows\system32\MCEWMDRMNDBootstrap.dll
2014-06-12 22:48 - 2010-11-04 18:11 - 00312168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCEWMDRMNDBootstrap.dll
2014-06-12 22:48 - 2010-11-04 17:58 - 01130824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-06-12 22:48 - 2010-11-04 17:58 - 00297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2014-06-12 22:48 - 2010-11-04 17:58 - 00049488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2014-06-12 22:48 - 2010-11-04 17:57 - 01942856 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-06-12 22:48 - 2010-11-04 17:57 - 00048976 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2014-06-12 22:48 - 2010-11-04 17:53 - 00320352 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2014-06-12 22:48 - 2010-11-04 17:53 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2014-06-12 22:48 - 2010-11-04 17:53 - 00109928 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2014-06-12 22:48 - 2010-11-04 17:53 - 00099176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
2014-06-12 22:47 - 2014-06-12 22:47 - 00000000 ____D () C:\Windows\system32\EventProviders
2014-06-12 22:36 - 2014-06-12 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
2014-06-12 22:03 - 2014-06-13 13:13 - 00000000 ____D () C:\Users\Kunng\Documents\my games
2014-06-12 19:31 - 2014-06-12 19:31 - 02434856 _____ () C:\Windows\SysWOW64\pbsvc.exe
2014-06-12 19:31 - 2014-06-12 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield Bad Company 2
2014-06-12 18:45 - 2014-06-12 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dead Space
2014-06-12 18:12 - 2014-06-13 11:38 - 00000000 ____D () C:\Users\Kunng\Documents\StarCraft II
2014-06-12 18:12 - 2014-06-12 20:06 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-06-12 18:12 - 2014-06-12 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2014-06-12 18:12 - 2014-06-12 18:13 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-06-12 18:10 - 2014-06-12 18:10 - 00000000 ____D () C:\ProgramData\Battle.net
2014-06-12 18:07 - 2014-06-12 18:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 18:07 - 2014-06-01 17:17 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 17:56 - 2014-06-12 18:00 - 00004879 _____ () C:\Windows\IE9_main.log
2014-06-12 17:55 - 2014-06-12 17:55 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2014-06-12 17:54 - 2012-07-26 06:55 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-06-12 17:54 - 2012-07-26 04:36 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2014-06-12 17:54 - 2012-06-02 16:35 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2014-06-12 17:51 - 2011-03-11 08:41 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2014-06-12 17:51 - 2011-03-11 08:41 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2014-06-12 17:51 - 2011-03-11 08:41 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2014-06-12 17:51 - 2011-03-11 08:41 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2014-06-12 17:51 - 2011-03-11 08:41 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2014-06-12 17:51 - 2011-03-11 08:33 - 02565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2014-06-12 17:51 - 2011-03-11 08:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2014-06-12 17:51 - 2011-03-11 07:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2014-06-12 17:51 - 2011-03-11 07:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2014-06-12 17:51 - 2011-03-11 06:37 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-06-12 17:48 - 2014-06-12 23:06 - 00005792 _____ () C:\Windows\PFRO.log
2014-06-12 17:32 - 2014-06-14 11:53 - 00001847 _____ () C:\Windows\setupact.log
2014-06-12 17:32 - 2014-06-12 17:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-06-12 17:32 - 2014-06-12 17:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-12 17:22 - 2014-06-12 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
2014-06-12 17:20 - 2014-06-12 17:20 - 00000000 ____D () C:\Users\Kunng\Documents\savedgames
2014-06-12 17:20 - 2014-06-12 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies
2014-06-12 17:19 - 2014-06-13 10:09 - 00001021 _____ () C:\Windows\DXError.log
2014-06-12 17:16 - 2014-06-12 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield Hardline Beta
2014-06-12 17:15 - 2014-06-12 17:15 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\vlc
2014-06-12 17:13 - 2014-06-12 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2014-06-12 17:12 - 2014-06-13 19:01 - 00260114 _____ () C:\Windows\DirectX.log
2014-06-12 17:03 - 2014-06-12 17:03 - 00003094 _____ () C:\Windows\System32\Tasks\{787E45DE-6A0F-4BB6-8F08-43338C8AF2EB}
2014-06-12 16:57 - 2014-06-12 16:57 - 00003094 _____ () C:\Windows\System32\Tasks\{52251F40-3A0D-43B1-A50F-8E2ABA88F1DD}
2014-06-12 16:57 - 2014-06-12 16:57 - 00003094 _____ () C:\Windows\System32\Tasks\{0FD356A7-1D21-4194-9CF5-CD56D437EB9F}
2014-06-12 16:56 - 2014-06-12 16:56 - 00000000 ____D () C:\ProgramData\Skype
2014-06-12 16:56 - 2014-06-12 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2014-06-12 16:56 - 2014-06-12 16:56 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2014-06-12 16:53 - 2014-06-14 11:54 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\DropboxMaster
2014-06-12 16:53 - 2014-06-12 16:53 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-12 16:53 - 2014-06-12 16:53 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\DVDVideoSoft
2014-06-12 16:53 - 2014-06-12 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-06-12 16:52 - 2014-06-14 11:54 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\Dropbox
2014-06-12 16:47 - 2014-06-12 17:13 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\FreeFileSync
2014-06-12 16:40 - 2014-06-12 16:40 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\LibreOffice
2014-06-12 16:39 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-06-12 16:39 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-06-12 16:39 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-06-12 16:39 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-06-12 16:39 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-06-12 16:39 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-06-12 16:37 - 2014-06-12 16:37 - 00000000 ___HD () C:\Windows\system32\CanonIJ Uninstaller Information
2014-06-12 16:37 - 2014-06-12 16:37 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-06-12 16:37 - 2014-06-12 16:37 - 00000000 ___HD () C:\Program Files\CanonBJ
2014-06-12 16:37 - 2014-06-12 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-06-12 16:37 - 2014-06-12 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5100 series
2014-06-12 16:37 - 2014-06-12 16:37 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-06-12 16:37 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\Windows\system32\CNMLMAD.DLL
2014-06-12 16:37 - 2010-03-18 19:26 - 00348672 _____ (CANON INC.) C:\Windows\system32\CNC5100L.dll
2014-06-12 16:37 - 2010-03-18 19:25 - 00307200 _____ (CANON INC.) C:\Windows\SysWOW64\CNC5100L.dll
2014-06-12 16:37 - 2010-03-18 17:13 - 01354240 _____ (CANON INC.) C:\Windows\system32\CNC5100C.dll
2014-06-12 16:37 - 2010-03-18 17:13 - 00112128 _____ (CANON INC.) C:\Windows\system32\CNC5100I.dll
2014-06-12 16:37 - 2010-03-18 17:11 - 00106496 _____ (CANON INC.) C:\Windows\SysWOW64\CNC5100U.dll
2014-06-12 16:37 - 2010-03-11 08:57 - 00248320 _____ (CANON INC.) C:\Windows\system32\CNMIUAD.DLL
2014-06-12 16:37 - 2010-01-13 14:04 - 00103424 _____ (Canon Inc.) C:\Windows\system32\CNC5100O.dll
2014-06-12 16:37 - 2009-11-17 15:17 - 00012800 _____ () C:\Windows\SysWOW64\CNC1748D.TBL
2014-06-12 16:37 - 2009-11-17 15:17 - 00012800 _____ () C:\Windows\system32\CNC1748D.TBL
2014-06-12 16:37 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2014-06-12 16:37 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2014-06-12 16:35 - 2014-06-12 16:35 - 00000000 ___HD () C:\ProgramData\{A4B500C8-F3EB-4AD9-9762-515CCA35FD16}
2014-06-12 16:30 - 2014-06-12 16:30 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\TrueCrypt
2014-06-12 16:29 - 2014-06-12 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 1942
2014-06-12 16:25 - 2014-06-12 16:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalypso
2014-06-12 16:24 - 2014-06-12 16:24 - 00000000 ____D () C:\Users\Kunng\AppData\Local\Stardock
2014-06-12 16:12 - 2014-06-12 16:12 - 00001019 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-06-12 16:12 - 2014-06-12 16:12 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-06-12 15:09 - 2014-06-12 15:11 - 00000000 ____D () C:\Users\Kunng\Documents\Battlefield 4
2014-06-12 15:07 - 2014-06-13 10:20 - 00000000 ____D () C:\Users\Kunng\AppData\Local\PunkBuster
2014-06-12 14:55 - 2014-06-12 14:55 - 00000000 ____D () C:\Users\Kunng\AppData\Local\Macromedia
2014-06-12 14:54 - 2014-06-12 14:54 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-12 14:54 - 2014-06-12 14:54 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-12 14:54 - 2014-06-12 14:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-12 14:33 - 2014-06-12 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4

Tubalcain · 14.06.2014, 17:25

FRST teil 3:

Code:

ATTFilter

2014-06-12 14:32 - 2014-06-13 14:37 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-06-12 14:32 - 2014-06-13 14:27 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-06-12 14:32 - 2014-06-13 10:03 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-06-12 14:32 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-06-12 14:32 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-06-12 14:32 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-06-12 14:32 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-06-12 14:32 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-06-12 14:32 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-06-12 14:22 - 2010-02-23 10:16 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2014-06-12 14:13 - 2014-06-12 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elsword_DE
2014-06-12 14:13 - 2014-06-12 14:13 - 00000000 ____D () C:\Program Files (x86)\Gameforge4D
2014-06-12 14:11 - 2014-06-12 18:03 - 00000000 ____D () C:\Windows\Panther
2014-06-12 14:08 - 2012-07-26 05:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-06-12 14:08 - 2012-07-26 05:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-06-12 14:08 - 2012-07-26 05:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-06-12 14:08 - 2012-07-26 05:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-06-12 14:08 - 2012-07-26 05:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-06-12 14:08 - 2012-07-26 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-06-12 14:08 - 2012-07-26 04:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-06-12 14:08 - 2012-06-02 16:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-06-12 14:03 - 2014-06-12 14:03 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-12 14:03 - 2014-06-12 14:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-12 14:03 - 2014-06-12 14:03 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-06-12 14:03 - 2014-06-12 14:03 - 00000000 ____D () C:\Windows\system32\Macromed
2014-06-12 14:03 - 2014-06-12 14:03 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\Macromedia
2014-06-12 14:03 - 2014-06-12 14:03 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\Adobe
2014-06-12 14:02 - 2012-03-01 08:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2014-06-12 14:02 - 2012-03-01 08:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2014-06-12 14:02 - 2012-03-01 07:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2014-06-12 14:00 - 2014-06-12 15:44 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-06-12 14:00 - 2014-06-12 14:00 - 00000000 ____D () C:\Users\Kunng\AppData\Local\ESN
2014-06-12 14:00 - 2011-06-15 12:02 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll
2014-06-12 14:00 - 2011-06-15 12:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll
2014-06-12 14:00 - 2011-06-15 12:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll
2014-06-12 14:00 - 2011-06-15 12:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll
2014-06-12 14:00 - 2011-06-15 10:55 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2014-06-12 14:00 - 2011-06-15 10:55 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2014-06-12 14:00 - 2011-06-15 10:55 - 00122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2014-06-12 14:00 - 2011-06-15 10:55 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2014-06-12 14:00 - 2011-06-15 10:55 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2014-06-12 13:59 - 2012-12-07 15:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-06-12 13:59 - 2012-12-07 15:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2014-06-12 13:59 - 2012-12-07 14:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2014-06-12 13:59 - 2012-12-07 14:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2014-06-12 13:59 - 2012-12-07 13:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2014-06-12 13:59 - 2012-12-07 13:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2014-06-12 13:59 - 2012-12-07 13:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2014-06-12 13:59 - 2012-12-07 13:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2014-06-12 13:59 - 2012-12-07 13:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2014-06-12 13:59 - 2012-12-07 13:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2014-06-12 13:59 - 2012-12-07 13:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2014-06-12 13:59 - 2012-12-07 13:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2014-06-12 13:59 - 2012-12-07 13:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2014-06-12 13:59 - 2012-12-07 13:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2014-06-12 13:59 - 2012-12-07 13:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2014-06-12 13:59 - 2012-12-07 13:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2014-06-12 13:59 - 2012-12-07 13:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2014-06-12 13:59 - 2012-12-07 13:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2014-06-12 13:59 - 2012-12-07 12:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2014-06-12 13:59 - 2012-12-07 12:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2014-06-12 13:59 - 2012-12-07 12:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2014-06-12 13:59 - 2012-12-07 12:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2014-06-12 13:59 - 2012-12-07 12:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2014-06-12 13:59 - 2012-12-07 12:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2014-06-12 13:59 - 2012-12-07 12:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2014-06-12 13:59 - 2012-12-07 12:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2014-06-12 13:59 - 2012-12-07 12:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2014-06-12 13:59 - 2012-12-07 12:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2014-06-12 13:59 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2014-06-12 13:59 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2014-06-12 13:59 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2014-06-12 13:59 - 2012-12-07 12:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2014-06-12 13:59 - 2011-06-16 07:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2014-06-12 13:59 - 2011-06-16 06:33 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2014-06-12 13:59 - 2011-04-09 08:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-06-12 13:59 - 2011-04-09 07:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-06-12 13:58 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-06-12 13:58 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-06-12 13:58 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-06-12 13:58 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-06-12 13:58 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-06-12 13:58 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-06-12 13:58 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-06-12 13:58 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-06-12 13:58 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2014-06-12 13:58 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-06-12 13:58 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-06-12 13:58 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-06-12 13:58 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-06-12 13:58 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-06-12 13:58 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-06-12 13:58 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-06-12 13:58 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-06-12 13:58 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2014-06-12 13:58 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2014-06-12 13:58 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-06-12 13:58 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-06-12 13:58 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2014-06-12 13:58 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-06-12 13:58 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-06-12 13:58 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-06-12 13:58 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2014-06-12 13:58 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2014-06-12 13:58 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-06-12 13:58 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-06-12 13:58 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2014-06-12 13:58 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-06-12 13:58 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2014-06-12 13:58 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-06-12 13:58 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-06-12 13:58 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-06-12 13:58 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-06-12 13:58 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-06-12 13:58 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2014-06-12 13:58 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-06-12 13:58 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-06-12 13:58 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-06-12 13:58 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2014-06-12 13:58 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2014-06-12 13:58 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-06-12 13:58 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-06-12 13:58 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2014-06-12 13:58 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-06-12 13:58 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-06-12 13:58 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-06-12 13:58 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2014-06-12 13:58 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-06-12 13:58 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2014-06-12 13:58 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-06-12 13:58 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-06-12 13:58 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-06-12 13:58 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-06-12 13:58 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-06-12 13:58 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-06-12 13:58 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-06-12 13:58 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-06-12 13:58 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-06-12 13:58 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-06-12 13:58 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-06-12 13:58 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-06-12 13:58 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-06-12 13:58 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-06-12 13:58 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-06-12 13:58 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2014-06-12 13:58 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2014-06-12 13:58 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-06-12 13:58 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-06-12 13:58 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2014-06-12 13:58 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2014-06-12 13:58 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-06-12 13:58 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-06-12 13:58 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2014-06-12 13:58 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-06-12 13:58 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2014-06-12 13:58 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-06-12 13:58 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2014-06-12 13:58 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-06-12 13:58 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2014-06-12 13:58 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2014-06-12 13:58 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-06-12 13:58 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-06-12 13:57 - 2011-11-17 08:35 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2014-06-12 13:57 - 2011-11-17 07:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2014-06-12 13:57 - 2011-10-26 07:25 - 01572864 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-06-12 13:57 - 2011-10-26 06:32 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-06-12 13:57 - 2011-05-04 07:25 - 02315776 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2014-06-12 13:57 - 2011-05-04 07:22 - 02223616 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2014-06-12 13:57 - 2011-05-04 07:22 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2014-06-12 13:57 - 2011-05-04 07:22 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2014-06-12 13:57 - 2011-05-04 07:22 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2014-06-12 13:57 - 2011-05-04 07:22 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2014-06-12 13:57 - 2011-05-04 07:19 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2014-06-12 13:57 - 2011-05-04 07:19 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2014-06-12 13:57 - 2011-05-04 07:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2014-06-12 13:57 - 2011-05-04 06:34 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2014-06-12 13:57 - 2011-05-04 06:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2014-06-12 13:57 - 2011-05-04 06:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2014-06-12 13:57 - 2011-05-04 06:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2014-06-12 13:57 - 2011-05-04 06:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2014-06-12 13:57 - 2011-05-04 06:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2014-06-12 13:57 - 2011-05-04 06:28 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2014-06-12 13:57 - 2011-05-04 06:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2014-06-12 13:57 - 2011-05-04 06:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2014-06-12 13:57 - 2010-12-23 12:42 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2014-06-12 13:57 - 2010-12-23 12:42 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2014-06-12 13:57 - 2010-12-23 12:36 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2014-06-12 13:57 - 2010-12-23 07:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2014-06-12 13:57 - 2010-12-23 07:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2014-06-12 13:57 - 2010-12-23 07:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2014-06-12 13:56 - 2014-06-13 14:14 - 00000000 ____D () C:\Users\Kunng\.gimp-2.8
2014-06-12 13:56 - 2014-06-12 13:56 - 00001438 _____ () C:\Users\Kunng\Desktop\gimp.lnk
2014-06-12 13:56 - 2014-06-12 13:56 - 00000000 ____D () C:\Users\Kunng\AppData\Local\gegl-0.2
2014-06-12 13:56 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2014-06-12 13:56 - 2012-09-26 00:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2014-06-12 13:56 - 2012-09-26 00:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2014-06-12 13:56 - 2012-07-05 00:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2014-06-12 13:56 - 2012-07-05 00:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2014-06-12 13:56 - 2012-07-05 00:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2014-06-12 13:56 - 2012-07-04 23:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2014-06-12 13:56 - 2012-07-04 23:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2014-06-12 13:56 - 2012-05-14 07:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-06-12 13:56 - 2012-05-01 07:40 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-06-12 13:56 - 2012-04-28 05:55 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-06-12 13:56 - 2012-04-26 07:41 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-06-12 13:56 - 2012-04-26 07:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2014-06-12 13:56 - 2012-04-26 07:34 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2014-06-12 13:56 - 2012-04-07 14:31 - 03216384 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-06-12 13:56 - 2012-04-07 13:26 - 02342400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-06-12 13:56 - 2012-01-04 12:44 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2014-06-12 13:56 - 2012-01-04 10:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2014-06-12 13:56 - 2011-12-30 08:26 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2014-06-12 13:56 - 2011-12-30 07:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2014-06-12 13:56 - 2011-12-16 10:46 - 00634880 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2014-06-12 13:56 - 2011-12-16 09:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2014-06-12 13:56 - 2011-08-17 07:26 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2014-06-12 13:56 - 2011-08-17 07:25 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2014-06-12 13:56 - 2011-08-17 06:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2014-06-12 13:56 - 2011-08-17 06:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2014-06-12 13:56 - 2011-07-09 04:46 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-06-12 13:56 - 2011-05-24 13:42 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2014-06-12 13:56 - 2011-05-24 12:40 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2014-06-12 13:56 - 2011-05-24 12:40 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2014-06-12 13:56 - 2011-05-24 12:39 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2014-06-12 13:56 - 2011-05-24 12:37 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2014-06-12 13:56 - 2011-05-03 07:29 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-06-12 13:56 - 2011-05-03 06:30 - 00741376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-06-12 13:56 - 2011-04-29 05:06 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-06-12 13:56 - 2011-04-29 05:05 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-06-12 13:56 - 2011-04-29 05:05 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-06-12 13:56 - 2011-04-27 04:40 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-06-12 13:56 - 2011-04-27 04:39 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-06-12 13:56 - 2011-03-11 08:34 - 01395712 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2014-06-12 13:56 - 2011-03-11 08:34 - 01359872 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2014-06-12 13:56 - 2011-03-11 07:33 - 01164288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2014-06-12 13:56 - 2011-03-11 07:33 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2014-06-12 13:56 - 2011-03-03 08:24 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-06-12 13:56 - 2011-03-03 08:24 - 00183296 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-06-12 13:56 - 2011-03-03 08:21 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2014-06-12 13:56 - 2011-03-03 07:38 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2014-06-12 13:56 - 2011-03-03 07:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2014-06-12 13:56 - 2011-02-05 19:10 - 00642944 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-06-12 13:56 - 2011-02-05 19:10 - 00020352 _____ (Microsoft Corporation) C:\Windows\system32\kdusb.dll
2014-06-12 13:56 - 2011-02-05 19:10 - 00019328 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll
2014-06-12 13:56 - 2011-02-05 19:10 - 00017792 _____ (Microsoft Corporation) C:\Windows\system32\kdcom.dll
2014-06-12 13:56 - 2011-02-05 19:06 - 00605552 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-06-12 13:56 - 2011-02-05 19:06 - 00566208 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-06-12 13:56 - 2011-02-05 19:06 - 00518672 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-06-12 13:56 - 2010-11-20 15:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-06-12 13:56 - 2010-11-20 15:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\profprov.dll
2014-06-12 13:56 - 2010-11-20 15:25 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\cfgmgr32.dll
2014-06-12 13:56 - 2010-11-20 15:24 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax
2014-06-12 13:56 - 2010-11-20 15:24 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\Mpeg2Data.ax
2014-06-12 13:56 - 2010-11-20 15:24 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax
2014-06-12 13:56 - 2010-11-20 14:16 - 00204288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSNP.ax
2014-06-12 13:56 - 2010-11-20 14:16 - 00072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax
2014-06-12 13:56 - 2010-11-20 14:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax
2014-06-12 13:55 - 2014-06-12 13:58 - 00000000 ____D () C:\Program Files (x86)\PCSX2 1.2.1
2014-06-12 13:55 - 2014-06-12 13:55 - 00001877 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2014-06-12 13:55 - 2014-06-12 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
2014-06-12 13:55 - 2014-06-12 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2014-06-12 13:55 - 2014-06-12 13:55 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-06-12 13:55 - 2013-01-24 08:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-06-12 13:55 - 2012-11-02 07:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2014-06-12 13:55 - 2012-11-02 07:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2014-06-12 13:55 - 2012-06-06 08:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2014-06-12 13:55 - 2012-06-06 07:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2014-06-12 13:55 - 2012-05-05 10:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-06-12 13:55 - 2012-05-05 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-06-12 13:55 - 2012-03-17 09:58 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2014-06-12 13:55 - 2011-10-15 08:31 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2014-06-12 13:55 - 2011-10-15 07:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2014-06-12 13:55 - 2011-08-27 07:37 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-06-12 13:55 - 2011-08-27 07:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2014-06-12 13:55 - 2011-08-27 06:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-06-12 13:55 - 2011-08-27 06:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2014-06-12 13:55 - 2011-02-23 06:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2014-06-12 13:55 - 2011-02-18 12:51 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
2014-06-12 13:55 - 2011-02-18 07:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2014-06-12 13:55 - 2011-02-12 13:34 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe
2014-06-12 13:55 - 2010-11-20 15:25 - 00974336 _____ (Microsoft Corporation) C:\Windows\system32\WFS.exe
2014-06-12 13:55 - 2010-11-20 15:25 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-06-12 13:55 - 2010-11-20 14:58 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\dpnaddr.dll
2014-06-12 13:55 - 2010-11-20 13:57 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnaddr.dll
2014-06-12 13:54 - 2014-06-12 13:54 - 00000894 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-06-12 13:54 - 2014-06-12 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Capture
2014-06-12 13:54 - 2014-06-12 13:54 - 00000000 ____D () C:\Program Files\GIMP 2
2014-06-12 13:54 - 2014-06-12 13:54 - 00000000 ____D () C:\Program Files (x86)\FastStone Capture
2014-06-12 13:53 - 2014-06-12 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick
2014-06-12 13:53 - 2014-06-12 13:53 - 00000000 ____D () C:\Program Files (x86)\DVD Flick
2014-06-12 13:53 - 2008-08-31 13:27 - 00028672 _____ (-) C:\Windows\SysWOW64\mousewheel.ocx
2014-06-12 13:53 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2014-06-12 13:53 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-06-12 13:53 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2014-06-12 13:53 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-06-12 13:53 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2014-06-12 13:53 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-06-12 13:53 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2014-06-12 13:53 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-06-12 13:53 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2014-06-12 13:53 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-06-12 13:53 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2014-06-12 13:53 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-06-12 13:53 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2014-06-12 13:53 - 2007-08-31 18:36 - 00036864 _____ (Robdogg Inc.) C:\Windows\SysWOW64\trayicon_handler.ocx
2014-06-12 13:53 - 2004-03-09 00:00 - 01081616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomctl.ocx
2014-06-12 13:53 - 2004-03-09 00:00 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomct2.ocx
2014-06-12 13:53 - 2004-03-09 00:00 - 00609824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.ocx
2014-06-12 13:53 - 2004-03-09 00:00 - 00212240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\richtx32.ocx
2014-06-12 13:53 - 2003-01-26 13:41 - 00040960 _____ (vbAccelerator) C:\Windows\SysWOW64\ssubtmr6.dll
2014-06-12 13:53 - 1998-06-24 00:00 - 00164144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comct232.ocx
2014-06-12 13:52 - 2014-03-31 09:35 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-06-12 13:52 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-06-12 13:52 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2014-06-12 13:52 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-06-12 13:52 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2014-06-12 13:52 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-06-12 13:52 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2014-06-12 13:52 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2014-06-12 13:52 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2014-06-12 13:52 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-06-12 13:52 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2014-06-12 13:52 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-06-12 13:52 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2014-06-12 13:52 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-06-12 13:52 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2014-06-12 13:52 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-06-12 13:52 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2014-06-12 13:52 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-06-12 13:52 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2014-06-12 13:52 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-06-12 13:52 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2014-06-12 13:52 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-06-12 13:52 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2014-06-12 13:52 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-06-12 13:52 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-06-12 13:52 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-06-12 13:52 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2014-06-12 13:52 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-06-12 13:52 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2014-06-12 13:52 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-06-12 13:52 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2014-06-12 13:52 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-06-12 13:52 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2014-06-12 13:52 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2014-06-12 13:52 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2014-06-12 13:52 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2014-06-12 13:52 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2014-06-12 13:52 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-06-12 13:52 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2014-06-12 13:52 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-06-12 13:52 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2014-06-12 13:52 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2014-06-12 13:52 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2014-06-12 13:52 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2014-06-12 13:52 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2014-06-12 13:52 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2014-06-12 13:52 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2014-06-12 13:52 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2014-06-12 13:52 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2014-06-12 13:52 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2014-06-12 13:52 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2014-06-12 13:52 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-06-12 13:52 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2014-06-12 13:52 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2014-06-12 13:52 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2014-06-12 13:52 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2014-06-12 13:52 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2014-06-12 13:52 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2014-06-12 13:52 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2014-06-12 13:52 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2014-06-12 13:52 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2014-06-12 13:52 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2014-06-12 13:52 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2014-06-12 13:52 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-06-12 13:52 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2014-06-12 13:52 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2014-06-12 13:52 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2014-06-12 13:52 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2014-06-12 13:52 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2014-06-12 13:52 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2014-06-12 13:52 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2014-06-12 13:52 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2014-06-12 13:52 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2014-06-12 13:50 - 2014-06-12 13:50 - 00000000 ____D () C:\Users\Kunng\AppData\Local\LoiLo
2014-06-12 13:49 - 2014-06-12 13:53 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\TeraCopy
2014-06-12 13:49 - 2014-06-12 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LoiLoScope 2
2014-06-12 13:49 - 2014-06-12 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LoiLo Game Recorder
2014-06-12 13:49 - 2014-06-12 13:49 - 00000000 ____D () C:\Program Files\LoiLo
2014-06-12 13:48 - 2014-06-12 13:58 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-06-12 13:48 - 2014-06-12 13:48 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2014-06-12 13:48 - 2014-06-12 13:48 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server
2014-06-12 13:48 - 2014-06-12 13:48 - 00000000 ____D () C:\Program Files (x86)\LoiLo
2014-06-12 13:47 - 2014-06-12 13:48 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2014-06-12 13:47 - 2014-06-12 13:47 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2014-06-12 13:46 - 2014-06-12 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-12 13:46 - 2014-06-12 13:46 - 00000000 ____D () C:\Program Files\7-Zip
2014-06-12 13:45 - 2014-06-12 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-06-12 13:45 - 2014-06-12 13:45 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-06-12 13:44 - 2014-06-12 13:44 - 00000000 ____D () C:\Users\Kunng\AppData\Local\Paint.NET
2014-06-12 13:44 - 2014-06-12 13:44 - 00000000 ____D () C:\Program Files\Paint.NET
2014-06-12 13:43 - 2011-11-19 16:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-06-12 13:43 - 2011-11-19 16:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-06-12 13:42 - 2012-02-17 08:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-06-12 13:42 - 2012-02-17 07:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2014-06-12 13:42 - 2012-02-17 06:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2014-06-12 13:41 - 2014-06-13 17:54 - 00000000 ____D () C:\Users\Kunng\Desktop\Spiele
2014-06-12 13:41 - 2014-06-12 13:41 - 00000355 _____ () C:\Users\Kunng\Desktop\Computer.lnk
2014-06-12 13:40 - 2014-06-13 18:58 - 00000000 ____D () C:\Users\Kunng\Desktop\Programme
2014-06-12 13:40 - 2014-06-13 13:40 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2014-06-12 13:40 - 2014-06-12 16:49 - 00000947 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk
2014-06-12 13:40 - 2014-06-12 16:49 - 00000937 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealtimeSync.lnk
2014-06-12 13:40 - 2014-06-12 13:40 - 00003728 _____ () C:\Windows\System32\Tasks\Overwolf Updater Task
2014-06-12 13:40 - 2014-06-12 13:40 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2014-06-12 13:40 - 2014-06-12 13:40 - 00000000 ____D () C:\ProgramData\Overwolf
2014-06-12 13:40 - 2014-06-12 13:40 - 00000000 ____D () C:\Program Files\FreeFileSync
2014-06-12 13:39 - 2014-06-12 13:40 - 00000000 ____D () C:\Users\Kunng\AppData\Local\Overwolf
2014-06-12 13:39 - 2014-06-12 13:39 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-12 13:39 - 2014-06-12 13:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-06-12 13:39 - 2014-06-12 13:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-12 13:39 - 2014-06-12 13:39 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-06-12 13:39 - 2014-06-12 13:39 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-12 13:38 - 2014-06-12 13:38 - 00000000 ____D () C:\Program Files (x86)\eclipse
2014-06-12 13:35 - 2014-06-12 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2
2014-06-12 13:34 - 2014-06-12 13:45 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\Origin
2014-06-12 13:34 - 2014-06-12 13:45 - 00000000 ____D () C:\Users\Kunng\AppData\Local\Origin
2014-06-12 13:34 - 2014-06-12 13:35 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-06-12 13:34 - 2014-06-12 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2014-06-12 13:34 - 2014-05-16 14:04 - 00254240 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2014-06-12 13:34 - 2014-05-16 14:03 - 00128288 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2014-06-12 13:33 - 2014-06-13 13:04 - 00000000 ____D () C:\Users\Kunng\AppData\Local\Thunderbird
2014-06-12 13:33 - 2014-06-12 13:33 - 00231376 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2014-06-12 13:33 - 2014-06-12 13:33 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\Thunderbird
2014-06-12 13:33 - 2014-06-12 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
2014-06-12 13:33 - 2014-06-12 13:33 - 00000000 ____D () C:\Program Files\TrueCrypt
2014-06-12 13:33 - 2014-06-12 13:33 - 00000000 ____D () C:\Program Files\Oracle
2014-06-12 13:33 - 2014-06-12 12:33 - 00000532 _____ () C:\Users\Kunng\Documents\indexfile.txt
2014-06-12 13:32 - 2014-06-13 21:01 - 00000000 ____D () C:\ProgramData\Origin
2014-06-12 13:32 - 2014-06-13 14:13 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-12 13:32 - 2014-06-12 15:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-12 13:32 - 2014-06-12 15:09 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-06-12 13:32 - 2014-06-12 13:32 - 00002098 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-06-12 13:32 - 2014-06-12 13:32 - 00000979 _____ () C:\Users\Kunng\Desktop\Origin.lnk
2014-06-12 13:32 - 2014-06-12 13:32 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-12 13:32 - 2014-06-12 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-06-12 13:32 - 2014-06-12 13:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-12 13:31 - 2014-06-14 16:16 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\Notepad++
2014-06-12 13:31 - 2014-06-14 15:36 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-12 13:31 - 2014-06-14 13:36 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-12 13:31 - 2014-06-14 13:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-12 13:31 - 2014-06-12 13:45 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-12 13:31 - 2014-06-12 13:31 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-12 13:31 - 2014-06-12 13:31 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-12 13:31 - 2014-06-12 13:31 - 00002247 _____ () C:\Users\Kunng\Desktop\Google Chrome.lnk
2014-06-12 13:31 - 2014-06-12 13:31 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-06-12 13:31 - 2014-06-12 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-06-12 13:31 - 2014-06-12 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-06-12 13:31 - 2014-06-12 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-06-12 13:31 - 2014-06-12 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-12 13:31 - 2014-06-12 13:31 - 00000000 ____D () C:\Program Files\VideoLAN
2014-06-12 13:31 - 2014-06-12 13:31 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-06-12 13:30 - 2014-06-12 13:45 - 00000000 ____D () C:\Users\Kunng\AppData\Local\Google
2014-06-12 13:30 - 2014-06-12 13:30 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\ATI
2014-06-12 13:30 - 2014-06-12 13:30 - 00000000 ____D () C:\Users\Kunng\AppData\Local\ATI
2014-06-12 13:30 - 2014-06-12 13:30 - 00000000 ____D () C:\ProgramData\ATI
2014-06-12 13:30 - 2014-06-12 13:30 - 00000000 _____ () C:\Windows\ativpsrm.bin
2014-06-12 13:28 - 2014-06-12 13:28 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-06-12 13:28 - 2014-06-12 13:28 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\Foxit Software
2014-06-12 13:28 - 2014-06-12 13:28 - 00000000 ____D () C:\Users\Kunng\AppData\Local\Clover
2014-06-12 13:28 - 2014-06-12 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-06-12 13:28 - 2014-06-12 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clover
2014-06-12 13:28 - 2014-06-12 13:28 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2014-06-12 13:28 - 2014-06-12 13:28 - 00000000 ____D () C:\Program Files (x86)\Clover
2014-06-12 13:27 - 2014-06-12 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy
2014-06-12 13:27 - 2014-06-12 13:27 - 00000000 ____D () C:\Program Files\TeraCopy
2014-06-12 13:25 - 2014-06-12 13:25 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2014-06-12 13:25 - 2014-06-12 13:25 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-06-12 13:25 - 2014-06-12 13:25 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\library_dir
2014-06-12 13:25 - 2014-06-12 13:25 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\KeePass
2014-06-12 13:25 - 2014-06-12 13:25 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2014-06-12 13:24 - 2014-06-12 16:09 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\Raptr
2014-06-12 13:24 - 2014-06-12 13:25 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-06-12 13:24 - 2014-06-12 13:24 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\Mozilla
2014-06-12 13:24 - 2014-06-12 13:24 - 00000000 ____D () C:\Users\Kunng\AppData\Local\Mozilla
2014-06-12 13:24 - 2014-06-12 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-06-12 13:24 - 2014-06-12 13:24 - 00000000 ____D () C:\ProgramData\AMD
2014-06-12 13:24 - 2014-06-12 13:24 - 00000000 ____D () C:\Program Files\AMD
2014-06-12 13:24 - 2014-06-12 13:24 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-06-12 13:24 - 2012-06-03 00:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-06-12 13:24 - 2012-06-03 00:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-06-12 13:24 - 2012-06-03 00:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-06-12 13:24 - 2012-06-03 00:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-06-12 13:24 - 2012-06-03 00:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-06-12 13:24 - 2012-06-03 00:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-06-12 13:24 - 2012-06-03 00:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-06-12 13:24 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-06-12 13:24 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-06-12 13:23 - 2014-06-13 11:43 - 01592628 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-06-12 13:23 - 2014-06-12 14:32 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-12 13:23 - 2014-06-12 13:23 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-06-12 13:23 - 2014-06-12 13:23 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-06-12 13:22 - 2014-06-14 16:24 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\NetSpeedMonitor
2014-06-12 13:22 - 2014-06-12 13:26 - 00000000 ____D () C:\Program Files\Nightly
2014-06-12 13:22 - 2014-06-12 13:24 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-06-12 13:22 - 2014-06-12 13:22 - 00000874 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk
2014-06-12 13:22 - 2014-06-12 13:22 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\AVAST Software
2014-06-12 13:22 - 2014-06-12 13:22 - 00000000 ____D () C:\Program Files\NetSpeedMonitor
2014-06-12 13:22 - 2014-06-12 13:22 - 00000000 ____D () C:\Program Files\ATI
2014-06-12 13:21 - 2014-06-12 16:09 - 00070352 _____ () C:\Users\Kunng\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-12 13:21 - 2014-06-12 13:27 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-06-12 13:21 - 2014-06-12 13:27 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-06-12 13:21 - 2014-06-12 13:27 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-06-12 13:21 - 2014-06-12 13:22 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-12 13:21 - 2014-06-12 13:21 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1402572430366
2014-06-12 13:21 - 2014-06-12 13:21 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1402572430366
2014-06-12 13:21 - 2014-06-12 13:21 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-06-12 13:21 - 2014-06-12 13:21 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-12 13:21 - 2014-06-12 13:21 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-06-12 13:21 - 2014-06-12 13:21 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-12 13:21 - 2014-06-12 13:21 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-12 13:21 - 2014-06-12 13:21 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-12 13:21 - 2014-06-12 13:21 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-12 13:21 - 2014-06-12 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
2014-06-12 13:21 - 2014-06-12 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-12 13:21 - 2014-06-12 13:21 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-06-12 13:21 - 2014-06-12 13:21 - 00000000 ____D () C:\Program Files\AVAST Software
2014-06-12 13:21 - 2014-06-12 13:21 - 00000000 ____D () C:\Program Files (x86)\MozBackup
2014-06-12 13:21 - 2014-06-12 13:21 - 00000000 ____D () C:\AMD
2014-06-12 13:20 - 2014-06-13 17:29 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\2C0A
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0C0A
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0C04
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0816
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0804
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0424
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\041F
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\041E
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\041D
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\041B
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0419
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0416
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0415
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0414
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0413
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0412
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0411
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0410
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\040E
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\040D
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\040C
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\040B
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\040A
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0409
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0408
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0406
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0405
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0404
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0401
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Users\Kunng\SSD
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Program Files (x86)\Renesas Electronics
2014-06-12 13:19 - 2014-06-12 13:19 - 00000000 ____D () C:\ProgramData\Downloaded Installations
2014-06-12 13:17 - 2014-06-14 16:24 - 00000000 ____D () C:\Users\Kunng\AppData\Local\Temp
2014-06-12 13:17 - 2014-06-14 16:23 - 00000000 ____D () C:\Users\Kunng
2014-06-12 13:17 - 2014-06-14 13:17 - 01449055 _____ () C:\Windows\WindowsUpdate.log
2014-06-12 13:17 - 2014-06-13 09:45 - 00000000 ____D () C:\Users\Kunng\AppData\Local\VirtualStore
2014-06-12 13:17 - 2014-06-13 09:41 - 00001424 _____ () C:\Users\Kunng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-12 13:17 - 2014-06-13 09:41 - 00000000 ___RD () C:\Users\Kunng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-12 13:17 - 2014-06-13 09:41 - 00000000 ___RD () C:\Users\Kunng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-06-12 13:17 - 2014-06-12 13:17 - 00000020 ___SH () C:\Users\Kunng\ntuser.ini
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Kunng\Vorlagen
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Kunng\Startmenü
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Kunng\Netzwerkumgebung
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Kunng\Lokale Einstellungen
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Kunng\Eigene Dateien
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Kunng\Druckumgebung
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Kunng\Documents\Eigene Musik
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Kunng\Documents\Eigene Bilder
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Kunng\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Kunng\AppData\Local\Verlauf
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Kunng\AppData\Local\Anwendungsdaten
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Kunng\Anwendungsdaten
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Programme
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\ProgramData\Favoriten
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 __SHD () C:\Recovery
2014-06-12 13:17 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Kunng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-12 13:17 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Kunng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-12 13:14 - 2014-06-12 13:14 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2014-06-12 13:14 - 2014-06-12 13:14 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2014-05-16 14:03 - 2014-05-16 14:03 - 00156448 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys
2014-05-16 14:03 - 2014-05-16 14:03 - 00141600 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2014-05-16 14:01 - 2014-05-16 14:01 - 00204064 _____ (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll

==================== One Month Modified Files and Folders =======

2014-06-14 16:24 - 2014-06-14 16:24 - 00000000 ____D () C:\FRST
2014-06-14 16:24 - 2014-06-12 13:22 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\NetSpeedMonitor
2014-06-14 16:24 - 2014-06-12 13:17 - 00000000 ____D () C:\Users\Kunng\AppData\Local\Temp
2014-06-14 16:23 - 2014-06-14 16:23 - 00000000 _____ () C:\Users\Kunng\defogger_reenable
2014-06-14 16:23 - 2014-06-12 13:17 - 00000000 ____D () C:\Users\Kunng
2014-06-14 16:17 - 2014-06-14 13:02 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\TS3Client
2014-06-14 16:16 - 2014-06-12 13:31 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\Notepad++
2014-06-14 15:55 - 2009-07-14 06:45 - 00014112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-14 15:55 - 2009-07-14 06:45 - 00014112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-14 15:36 - 2014-06-12 13:31 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-14 13:36 - 2014-06-12 13:31 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-14 13:33 - 2014-06-12 13:31 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-14 13:17 - 2014-06-12 13:17 - 01449055 _____ () C:\Windows\WindowsUpdate.log
2014-06-14 12:38 - 2014-06-14 12:38 - 00000707 _____ () C:\Users\Public\Desktop\Mass Effect.lnk
2014-06-14 12:38 - 2014-06-14 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect
2014-06-14 12:38 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-14 11:59 - 2009-07-14 19:58 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-06-14 11:59 - 2009-07-14 19:58 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-06-14 11:59 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-14 11:54 - 2014-06-12 16:53 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\DropboxMaster
2014-06-14 11:54 - 2014-06-12 16:52 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\Dropbox
2014-06-14 11:53 - 2014-06-12 17:32 - 00001847 _____ () C:\Windows\setupact.log
2014-06-14 11:53 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-13 21:01 - 2014-06-12 13:32 - 00000000 ____D () C:\ProgramData\Origin
2014-06-13 20:14 - 2014-06-13 16:02 - 00000000 ____D () C:\Users\Kunng\.VirtualBox
2014-06-13 19:01 - 2014-06-12 17:12 - 00260114 _____ () C:\Windows\DirectX.log
2014-06-13 18:58 - 2014-06-12 13:40 - 00000000 ____D () C:\Users\Kunng\Desktop\Programme
2014-06-13 18:48 - 2014-06-13 18:48 - 00000000 __SHD () C:\Users\Kunng\AppData\Local\EmieUserList
2014-06-13 18:48 - 2014-06-13 18:48 - 00000000 __SHD () C:\Users\Kunng\AppData\Local\EmieSiteList
2014-06-13 18:01 - 2014-06-13 18:01 - 00000000 ____D () C:\Users\Kunng\.eclipse
2014-06-13 18:00 - 2014-06-13 18:00 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-13 18:00 - 2014-06-13 18:00 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-13 18:00 - 2014-06-13 18:00 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-13 18:00 - 2014-06-13 18:00 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-13 18:00 - 2014-06-13 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-06-13 18:00 - 2014-06-13 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-13 18:00 - 2014-06-13 18:00 - 00000000 ____D () C:\Program Files\Java
2014-06-13 17:59 - 2014-06-13 17:59 - 00000000 ____D () C:\ProgramData\Sun
2014-06-13 17:54 - 2014-06-12 13:41 - 00000000 ____D () C:\Users\Kunng\Desktop\Spiele
2014-06-13 17:30 - 2014-06-13 17:30 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\Opera
2014-06-13 17:30 - 2014-06-13 17:30 - 00000000 ____D () C:\Users\Kunng\AppData\Local\Opera
2014-06-13 17:29 - 2014-06-12 13:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-13 16:20 - 2014-06-13 16:20 - 00000000 ____D () C:\Users\Public\Documents\TimeGate Studios
2014-06-13 16:20 - 2014-06-13 16:20 - 00000000 ____D () C:\Users\Public\Documents\Monolith Productions
2014-06-13 16:02 - 2014-06-13 16:02 - 00000000 ____D () C:\Users\Kunng\VirtualBox VMs
2014-06-13 15:55 - 2014-06-13 15:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WB Games
2014-06-13 15:52 - 2014-06-13 15:52 - 00000000 ____D () C:\Users\Public\Documents\WBGames
2014-06-13 15:16 - 2014-06-13 15:16 - 00000000 ____D () C:\Program Files (x86)\WB Games
2014-06-13 14:37 - 2014-06-12 14:32 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-06-13 14:27 - 2014-06-13 14:28 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2014-06-13 14:27 - 2014-06-12 14:32 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-06-13 14:14 - 2014-06-12 13:56 - 00000000 ____D () C:\Users\Kunng\.gimp-2.8
2014-06-13 14:13 - 2014-06-12 13:32 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-13 14:12 - 2014-06-13 14:12 - 00000000 ____D () C:\Users\Kunng\Documents\4a games
2014-06-13 13:40 - 2014-06-12 13:40 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2014-06-13 13:26 - 2014-06-13 13:26 - 00000000 ____D () C:\Program Files (x86)\2K Games
2014-06-13 13:13 - 2014-06-13 13:13 - 00000000 __SHD () C:\ProgramData\SecuROM
2014-06-13 13:13 - 2014-06-12 22:03 - 00000000 ____D () C:\Users\Kunng\Documents\my games
2014-06-13 13:04 - 2014-06-12 13:33 - 00000000 ____D () C:\Users\Kunng\AppData\Local\Thunderbird
2014-06-13 12:56 - 2014-06-13 12:56 - 00000000 ____D () C:\Windows\SysWOW64\AGEIA
2014-06-13 12:56 - 2014-06-13 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-06-13 12:56 - 2014-06-13 12:56 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-06-13 12:48 - 2014-06-13 12:43 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\DarkSoulsII
2014-06-13 11:59 - 2014-06-13 11:59 - 00000000 ____D () C:\Users\Kunng\AppData\Local\Blizzard Entertainment
2014-06-13 11:43 - 2014-06-12 13:23 - 01592628 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-06-13 11:39 - 2014-06-13 11:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD
2014-06-13 11:38 - 2014-06-12 18:12 - 00000000 ____D () C:\Users\Kunng\Documents\StarCraft II
2014-06-13 11:32 - 2014-06-13 11:32 - 00000000 ____D () C:\Program Files (x86)\JoWooD
2014-06-13 11:25 - 2014-06-13 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
2014-06-13 11:04 - 2014-06-13 10:59 - 00000000 ____D () C:\Users\Kunng\Documents\BFH.Beta
2014-06-13 10:55 - 2014-06-13 10:18 - 00000184 _____ () C:\Users\Kunng\Desktop\pbuser.htm
2014-06-13 10:20 - 2014-06-12 15:07 - 00000000 ____D () C:\Users\Kunng\AppData\Local\PunkBuster
2014-06-13 10:18 - 2014-06-13 10:18 - 00011288 _____ () C:\Users\Kunng\Desktop\pbgame.htm
2014-06-13 10:09 - 2014-06-12 17:19 - 00001021 _____ () C:\Windows\DXError.log
2014-06-13 10:06 - 2014-06-13 10:06 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\InstallShield
2014-06-13 10:03 - 2014-06-13 10:03 - 00000310 _____ () C:\Windows\game.ini
2014-06-13 10:03 - 2014-06-13 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
2014-06-13 10:03 - 2014-06-12 14:32 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-06-13 09:45 - 2014-06-12 13:17 - 00000000 ____D () C:\Users\Kunng\AppData\Local\VirtualStore
2014-06-13 09:41 - 2014-06-12 13:17 - 00001424 _____ () C:\Users\Kunng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-13 09:41 - 2014-06-12 13:17 - 00000000 ___RD () C:\Users\Kunng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-13 09:41 - 2014-06-12 13:17 - 00000000 ___RD () C:\Users\Kunng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-06-13 09:41 - 2009-07-14 06:45 - 00323640 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-13 09:40 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-13 00:04 - 2014-06-13 00:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-13 00:04 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-06-13 00:04 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-06-13 00:04 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-06-13 00:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-06-13 00:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-06-13 00:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-06-13 00:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-06-13 00:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-06-12 23:54 - 2014-06-12 23:48 - 00013275 _____ () C:\Windows\IE11_main.log
2014-06-12 23:49 - 2014-06-12 23:49 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 23:49 - 2014-06-12 23:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 23:49 - 2014-06-12 23:49 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 23:49 - 2014-06-12 23:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 23:49 - 2014-06-12 23:49 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-06-12 23:49 - 2014-06-12 23:49 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-06-12 23:49 - 2014-06-12 23:49 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-06-12 23:49 - 2014-06-12 23:49 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-06-12 23:49 - 2014-06-12 23:49 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00266456 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00240856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-06-12 23:49 - 2014-06-12 23:49 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-06-12 23:49 - 2014-06-12 23:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

FRST teil 4:

Code:

ATTFilter

2014-06-12 23:49 - 2014-06-12 23:49 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 23:06 - 2014-06-12 17:48 - 00005792 _____ () C:\Windows\PFRO.log
2014-06-12 23:02 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-06-12 23:02 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-06-12 23:02 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-06-12 23:02 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-06-12 23:02 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-06-12 23:02 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2014-06-12 23:02 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-06-12 23:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\sppui
2014-06-12 23:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
2014-06-12 23:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2014-06-12 23:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2014-06-12 23:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\manifeststore
2014-06-12 23:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-06-12 23:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\AdvancedInstallers
2014-06-12 23:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sppui
2014-06-12 23:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Setup
2014-06-12 23:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\oobe
2014-06-12 23:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\migwiz
2014-06-12 23:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\manifeststore
2014-06-12 23:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-06-12 23:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2014-06-12 23:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\servicing
2014-06-12 23:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-06-12 23:01 - 2014-06-12 23:01 - 00000000 ____D () C:\Windows\system32\SPReview
2014-06-12 22:59 - 2009-07-14 04:36 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2014-06-12 22:59 - 2009-07-14 04:36 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2014-06-12 22:47 - 2014-06-12 22:47 - 00000000 ____D () C:\Windows\system32\EventProviders
2014-06-12 22:36 - 2014-06-12 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
2014-06-12 20:06 - 2014-06-12 18:12 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-06-12 19:31 - 2014-06-12 19:31 - 02434856 _____ () C:\Windows\SysWOW64\pbsvc.exe
2014-06-12 19:31 - 2014-06-12 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield Bad Company 2
2014-06-12 18:45 - 2014-06-12 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dead Space
2014-06-12 18:13 - 2014-06-12 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2014-06-12 18:13 - 2014-06-12 18:12 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-06-12 18:10 - 2014-06-12 18:10 - 00000000 ____D () C:\ProgramData\Battle.net
2014-06-12 18:08 - 2014-06-12 18:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 18:03 - 2014-06-12 14:11 - 00000000 ____D () C:\Windows\Panther
2014-06-12 18:00 - 2014-06-12 17:56 - 00004879 _____ () C:\Windows\IE9_main.log
2014-06-12 17:55 - 2014-06-12 17:55 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2014-06-12 17:32 - 2014-06-12 17:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-06-12 17:32 - 2014-06-12 17:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-12 17:22 - 2014-06-12 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
2014-06-12 17:20 - 2014-06-12 17:20 - 00000000 ____D () C:\Users\Kunng\Documents\savedgames
2014-06-12 17:20 - 2014-06-12 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies
2014-06-12 17:16 - 2014-06-12 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield Hardline Beta
2014-06-12 17:15 - 2014-06-12 17:15 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\vlc
2014-06-12 17:13 - 2014-06-12 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2014-06-12 17:13 - 2014-06-12 16:47 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\FreeFileSync
2014-06-12 17:03 - 2014-06-12 17:03 - 00003094 _____ () C:\Windows\System32\Tasks\{787E45DE-6A0F-4BB6-8F08-43338C8AF2EB}
2014-06-12 16:57 - 2014-06-12 16:57 - 00003094 _____ () C:\Windows\System32\Tasks\{52251F40-3A0D-43B1-A50F-8E2ABA88F1DD}
2014-06-12 16:57 - 2014-06-12 16:57 - 00003094 _____ () C:\Windows\System32\Tasks\{0FD356A7-1D21-4194-9CF5-CD56D437EB9F}
2014-06-12 16:56 - 2014-06-12 16:56 - 00000000 ____D () C:\ProgramData\Skype
2014-06-12 16:56 - 2014-06-12 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2014-06-12 16:56 - 2014-06-12 16:56 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2014-06-12 16:53 - 2014-06-12 16:53 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-12 16:53 - 2014-06-12 16:53 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\DVDVideoSoft
2014-06-12 16:53 - 2014-06-12 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-06-12 16:49 - 2014-06-12 13:40 - 00000947 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk
2014-06-12 16:49 - 2014-06-12 13:40 - 00000937 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealtimeSync.lnk
2014-06-12 16:44 - 2009-07-14 05:20 - 00000000 __RSD () C:\Windows\Media
2014-06-12 16:40 - 2014-06-12 16:40 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\LibreOffice
2014-06-12 16:37 - 2014-06-12 16:37 - 00000000 ___HD () C:\Windows\system32\CanonIJ Uninstaller Information
2014-06-12 16:37 - 2014-06-12 16:37 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-06-12 16:37 - 2014-06-12 16:37 - 00000000 ___HD () C:\Program Files\CanonBJ
2014-06-12 16:37 - 2014-06-12 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-06-12 16:37 - 2014-06-12 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5100 series
2014-06-12 16:37 - 2014-06-12 16:37 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-06-12 16:35 - 2014-06-12 16:35 - 00000000 ___HD () C:\ProgramData\{A4B500C8-F3EB-4AD9-9762-515CCA35FD16}
2014-06-12 16:30 - 2014-06-12 16:30 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\TrueCrypt
2014-06-12 16:29 - 2014-06-12 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 1942
2014-06-12 16:25 - 2014-06-12 16:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalypso
2014-06-12 16:24 - 2014-06-12 16:24 - 00000000 ____D () C:\Users\Kunng\AppData\Local\Stardock
2014-06-12 16:12 - 2014-06-12 16:12 - 00001019 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-06-12 16:12 - 2014-06-12 16:12 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-06-12 16:09 - 2014-06-12 13:24 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\Raptr
2014-06-12 16:09 - 2014-06-12 13:21 - 00070352 _____ () C:\Users\Kunng\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-12 15:44 - 2014-06-12 14:00 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-06-12 15:44 - 2014-06-12 13:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-12 15:11 - 2014-06-12 15:09 - 00000000 ____D () C:\Users\Kunng\Documents\Battlefield 4
2014-06-12 15:09 - 2014-06-12 13:32 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-06-12 14:55 - 2014-06-12 14:55 - 00000000 ____D () C:\Users\Kunng\AppData\Local\Macromedia
2014-06-12 14:54 - 2014-06-12 14:54 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-12 14:54 - 2014-06-12 14:54 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-12 14:54 - 2014-06-12 14:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-12 14:33 - 2014-06-12 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4
2014-06-12 14:32 - 2014-06-12 13:23 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-12 14:31 - 2014-05-09 17:20 - 00820224 _____ () C:\Users\Kunng\Desktop\pbsetup.exe
2014-06-12 14:13 - 2014-06-12 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elsword_DE
2014-06-12 14:13 - 2014-06-12 14:13 - 00000000 ____D () C:\Program Files (x86)\Gameforge4D
2014-06-12 14:11 - 2009-07-14 07:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-06-12 14:11 - 2009-07-14 07:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-06-12 14:03 - 2014-06-12 14:03 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-12 14:03 - 2014-06-12 14:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-12 14:03 - 2014-06-12 14:03 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-06-12 14:03 - 2014-06-12 14:03 - 00000000 ____D () C:\Windows\system32\Macromed
2014-06-12 14:03 - 2014-06-12 14:03 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\Macromedia
2014-06-12 14:03 - 2014-06-12 14:03 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\Adobe
2014-06-12 14:00 - 2014-06-12 14:00 - 00000000 ____D () C:\Users\Kunng\AppData\Local\ESN
2014-06-12 13:58 - 2014-06-12 13:55 - 00000000 ____D () C:\Program Files (x86)\PCSX2 1.2.1
2014-06-12 13:58 - 2014-06-12 13:48 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-06-12 13:56 - 2014-06-12 13:56 - 00001438 _____ () C:\Users\Kunng\Desktop\gimp.lnk
2014-06-12 13:56 - 2014-06-12 13:56 - 00000000 ____D () C:\Users\Kunng\AppData\Local\gegl-0.2
2014-06-12 13:55 - 2014-06-12 13:55 - 00001877 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2014-06-12 13:55 - 2014-06-12 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
2014-06-12 13:55 - 2014-06-12 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2014-06-12 13:55 - 2014-06-12 13:55 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-06-12 13:54 - 2014-06-12 13:54 - 00000894 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-06-12 13:54 - 2014-06-12 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Capture
2014-06-12 13:54 - 2014-06-12 13:54 - 00000000 ____D () C:\Program Files\GIMP 2
2014-06-12 13:54 - 2014-06-12 13:54 - 00000000 ____D () C:\Program Files (x86)\FastStone Capture
2014-06-12 13:53 - 2014-06-12 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick
2014-06-12 13:53 - 2014-06-12 13:53 - 00000000 ____D () C:\Program Files (x86)\DVD Flick
2014-06-12 13:53 - 2014-06-12 13:49 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\TeraCopy
2014-06-12 13:50 - 2014-06-12 13:50 - 00000000 ____D () C:\Users\Kunng\AppData\Local\LoiLo
2014-06-12 13:49 - 2014-06-12 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LoiLoScope 2
2014-06-12 13:49 - 2014-06-12 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LoiLo Game Recorder
2014-06-12 13:49 - 2014-06-12 13:49 - 00000000 ____D () C:\Program Files\LoiLo
2014-06-12 13:48 - 2014-06-12 13:48 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2014-06-12 13:48 - 2014-06-12 13:48 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server
2014-06-12 13:48 - 2014-06-12 13:48 - 00000000 ____D () C:\Program Files (x86)\LoiLo
2014-06-12 13:48 - 2014-06-12 13:47 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2014-06-12 13:47 - 2014-06-12 13:47 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2014-06-12 13:46 - 2014-06-12 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-12 13:46 - 2014-06-12 13:46 - 00000000 ____D () C:\Program Files\7-Zip
2014-06-12 13:45 - 2014-06-12 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-06-12 13:45 - 2014-06-12 13:45 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-06-12 13:45 - 2014-06-12 13:34 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\Origin
2014-06-12 13:45 - 2014-06-12 13:34 - 00000000 ____D () C:\Users\Kunng\AppData\Local\Origin
2014-06-12 13:45 - 2014-06-12 13:31 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-12 13:45 - 2014-06-12 13:30 - 00000000 ____D () C:\Users\Kunng\AppData\Local\Google
2014-06-12 13:44 - 2014-06-12 13:44 - 00000000 ____D () C:\Users\Kunng\AppData\Local\Paint.NET
2014-06-12 13:44 - 2014-06-12 13:44 - 00000000 ____D () C:\Program Files\Paint.NET
2014-06-12 13:41 - 2014-06-12 13:41 - 00000355 _____ () C:\Users\Kunng\Desktop\Computer.lnk
2014-06-12 13:40 - 2014-06-12 13:40 - 00003728 _____ () C:\Windows\System32\Tasks\Overwolf Updater Task
2014-06-12 13:40 - 2014-06-12 13:40 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2014-06-12 13:40 - 2014-06-12 13:40 - 00000000 ____D () C:\ProgramData\Overwolf
2014-06-12 13:40 - 2014-06-12 13:40 - 00000000 ____D () C:\Program Files\FreeFileSync
2014-06-12 13:40 - 2014-06-12 13:39 - 00000000 ____D () C:\Users\Kunng\AppData\Local\Overwolf
2014-06-12 13:39 - 2014-06-12 13:39 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-12 13:39 - 2014-06-12 13:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-06-12 13:39 - 2014-06-12 13:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-12 13:39 - 2014-06-12 13:39 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-06-12 13:39 - 2014-06-12 13:39 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-12 13:38 - 2014-06-12 13:38 - 00000000 ____D () C:\Program Files (x86)\eclipse
2014-06-12 13:35 - 2014-06-12 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2
2014-06-12 13:35 - 2014-06-12 13:34 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-06-12 13:34 - 2014-06-12 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2014-06-12 13:33 - 2014-06-12 13:33 - 00231376 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2014-06-12 13:33 - 2014-06-12 13:33 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\Thunderbird
2014-06-12 13:33 - 2014-06-12 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
2014-06-12 13:33 - 2014-06-12 13:33 - 00000000 ____D () C:\Program Files\TrueCrypt
2014-06-12 13:33 - 2014-06-12 13:33 - 00000000 ____D () C:\Program Files\Oracle
2014-06-12 13:32 - 2014-06-12 13:32 - 00002098 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-06-12 13:32 - 2014-06-12 13:32 - 00000979 _____ () C:\Users\Kunng\Desktop\Origin.lnk
2014-06-12 13:32 - 2014-06-12 13:32 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-12 13:32 - 2014-06-12 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-06-12 13:32 - 2014-06-12 13:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-12 13:31 - 2014-06-12 13:31 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-12 13:31 - 2014-06-12 13:31 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-12 13:31 - 2014-06-12 13:31 - 00002247 _____ () C:\Users\Kunng\Desktop\Google Chrome.lnk
2014-06-12 13:31 - 2014-06-12 13:31 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-06-12 13:31 - 2014-06-12 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-06-12 13:31 - 2014-06-12 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-06-12 13:31 - 2014-06-12 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-06-12 13:31 - 2014-06-12 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-12 13:31 - 2014-06-12 13:31 - 00000000 ____D () C:\Program Files\VideoLAN
2014-06-12 13:31 - 2014-06-12 13:31 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-06-12 13:30 - 2014-06-12 13:30 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\ATI
2014-06-12 13:30 - 2014-06-12 13:30 - 00000000 ____D () C:\Users\Kunng\AppData\Local\ATI
2014-06-12 13:30 - 2014-06-12 13:30 - 00000000 ____D () C:\ProgramData\ATI
2014-06-12 13:30 - 2014-06-12 13:30 - 00000000 _____ () C:\Windows\ativpsrm.bin
2014-06-12 13:28 - 2014-06-12 13:28 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-06-12 13:28 - 2014-06-12 13:28 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\Foxit Software
2014-06-12 13:28 - 2014-06-12 13:28 - 00000000 ____D () C:\Users\Kunng\AppData\Local\Clover
2014-06-12 13:28 - 2014-06-12 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-06-12 13:28 - 2014-06-12 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clover
2014-06-12 13:28 - 2014-06-12 13:28 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2014-06-12 13:28 - 2014-06-12 13:28 - 00000000 ____D () C:\Program Files (x86)\Clover
2014-06-12 13:27 - 2014-06-12 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy
2014-06-12 13:27 - 2014-06-12 13:27 - 00000000 ____D () C:\Program Files\TeraCopy
2014-06-12 13:27 - 2014-06-12 13:21 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-06-12 13:27 - 2014-06-12 13:21 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-06-12 13:27 - 2014-06-12 13:21 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-06-12 13:26 - 2014-06-12 13:22 - 00000000 ____D () C:\Program Files\Nightly
2014-06-12 13:25 - 2014-06-12 13:25 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2014-06-12 13:25 - 2014-06-12 13:25 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-06-12 13:25 - 2014-06-12 13:25 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\library_dir
2014-06-12 13:25 - 2014-06-12 13:25 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\KeePass
2014-06-12 13:25 - 2014-06-12 13:25 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2014-06-12 13:25 - 2014-06-12 13:24 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-06-12 13:24 - 2014-06-12 13:24 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\Mozilla
2014-06-12 13:24 - 2014-06-12 13:24 - 00000000 ____D () C:\Users\Kunng\AppData\Local\Mozilla
2014-06-12 13:24 - 2014-06-12 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-06-12 13:24 - 2014-06-12 13:24 - 00000000 ____D () C:\ProgramData\AMD
2014-06-12 13:24 - 2014-06-12 13:24 - 00000000 ____D () C:\Program Files\AMD
2014-06-12 13:24 - 2014-06-12 13:24 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-06-12 13:24 - 2014-06-12 13:22 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-06-12 13:23 - 2014-06-12 13:23 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-06-12 13:23 - 2014-06-12 13:23 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-06-12 13:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-06-12 13:22 - 2014-06-12 13:22 - 00000874 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk
2014-06-12 13:22 - 2014-06-12 13:22 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\AVAST Software
2014-06-12 13:22 - 2014-06-12 13:22 - 00000000 ____D () C:\Program Files\NetSpeedMonitor
2014-06-12 13:22 - 2014-06-12 13:22 - 00000000 ____D () C:\Program Files\ATI
2014-06-12 13:22 - 2014-06-12 13:21 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-12 13:21 - 2014-06-12 13:21 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1402572430366
2014-06-12 13:21 - 2014-06-12 13:21 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1402572430366
2014-06-12 13:21 - 2014-06-12 13:21 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-06-12 13:21 - 2014-06-12 13:21 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-12 13:21 - 2014-06-12 13:21 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-06-12 13:21 - 2014-06-12 13:21 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-12 13:21 - 2014-06-12 13:21 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-12 13:21 - 2014-06-12 13:21 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-12 13:21 - 2014-06-12 13:21 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-12 13:21 - 2014-06-12 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
2014-06-12 13:21 - 2014-06-12 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-12 13:21 - 2014-06-12 13:21 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-06-12 13:21 - 2014-06-12 13:21 - 00000000 ____D () C:\Program Files\AVAST Software
2014-06-12 13:21 - 2014-06-12 13:21 - 00000000 ____D () C:\Program Files (x86)\MozBackup
2014-06-12 13:21 - 2014-06-12 13:21 - 00000000 ____D () C:\AMD
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\2C0A
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0C0A
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0C04
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0816
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0804
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0424
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\041F
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\041E
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\041D
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\041B
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0419
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0416
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0415
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0414
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0413
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0412
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0411
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0410
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\040E
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\040D
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\040C
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\040B
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\040A
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0409
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0408
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0406
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0405
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0404
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Windows\system32\0401
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Users\Kunng\SSD
2014-06-12 13:20 - 2014-06-12 13:20 - 00000000 ____D () C:\Program Files (x86)\Renesas Electronics
2014-06-12 13:20 - 2009-07-14 19:58 - 00000000 ____D () C:\Windows\system32\0407
2014-06-12 13:20 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\restore
2014-06-12 13:19 - 2014-06-12 13:19 - 00000000 ____D () C:\ProgramData\Downloaded Installations
2014-06-12 13:17 - 2014-06-12 13:17 - 00000020 ___SH () C:\Users\Kunng\ntuser.ini
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Kunng\Vorlagen
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Kunng\Startmenü
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Kunng\Netzwerkumgebung
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Kunng\Lokale Einstellungen
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Kunng\Eigene Dateien
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Kunng\Druckumgebung
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Kunng\Documents\Eigene Musik
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Kunng\Documents\Eigene Bilder
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Kunng\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Kunng\AppData\Local\Verlauf
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Kunng\AppData\Local\Anwendungsdaten
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Kunng\Anwendungsdaten
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Programme
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\ProgramData\Favoriten
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-06-12 13:17 - 2014-06-12 13:17 - 00000000 __SHD () C:\Recovery
2014-06-12 13:17 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-12 13:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Windows NT
2014-06-12 13:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-12 13:14 - 2014-06-12 13:14 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2014-06-12 13:14 - 2014-06-12 13:14 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2014-06-12 13:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-06-12 12:33 - 2014-06-12 13:33 - 00000532 _____ () C:\Users\Kunng\Documents\indexfile.txt
2014-06-08 11:13 - 2014-06-12 23:21 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-12 23:21 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-01 17:17 - 2014-06-12 18:07 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-30 11:11 - 2014-06-13 09:45 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-16 14:04 - 2014-06-12 13:34 - 00254240 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2014-05-16 14:03 - 2014-06-12 13:34 - 00128288 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2014-05-16 14:03 - 2014-05-16 14:03 - 00156448 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys
2014-05-16 14:03 - 2014-05-16 14:03 - 00141600 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2014-05-16 14:01 - 2014-05-16 14:01 - 00204064 _____ (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll

Some content of TEMP:
====================
C:\Users\Kunng\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Kunng\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpigoier.dll
C:\Users\Kunng\AppData\Local\Temp\patchw32.dll
C:\Users\Kunng\AppData\Local\Temp\raptrpatch.exe
C:\Users\Kunng\AppData\Local\Temp\raptr_stub.exe
C:\Users\Kunng\AppData\Local\Temp\sonarinst.exe
C:\Users\Kunng\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Kunng\AppData\Local\Temp\_is1AC1.exe
C:\Users\Kunng\AppData\Local\Temp\_is4D83.exe
C:\Users\Kunng\AppData\Local\Temp\_is5502.exe
C:\Users\Kunng\AppData\Local\Temp\_is92CD.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-12 13:12

==================== End Of Log ============================

Tubalcain · 14.06.2014, 17:26

Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2014 02
Ran by Kunng at 2014-06-14 16:25:19
Running from G:\Kunng\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Alien Breed 2: Assault (HKLM-x32\...\Steam App 22650) (Version:  - Team17 Software Ltd.)
AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
Arma: Cold War Assault (HKLM-x32\...\Steam App 65790) (Version:  - Bohemia Interactive)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version:  - Rocksteady Studios)
Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version:  - Rocksteady Studios)
Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts)
Battlefield 2142 (HKLM-x32\...\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}) (Version:  - )
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.2 - Electronic Arts)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.1.0 - Electronic Arts)
Battlefield™ Hardline Beta (HKLM-x32\...\{599276A7-F45D-40B1-A0B6-CF132A1CAD49}) (Version: 1.0.0.4 - Electronic Arts)
Binary Domain (HKLM-x32\...\Steam App 203750) (Version:  - Devil's Details)
Borderlands (HKLM-x32\...\{52B65911-1559-4ED5-9461-46957FDD48CD}) (Version: 1.0.295 - 2K Games)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
BRINK (HKLM-x32\...\Steam App 22350) (Version:  - Splash Damage)
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000 - Activision) Hidden
Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version:  - Canon Inc.)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Clover 3.0 (HKLM-x32\...\Clover) (Version: 3.0 - EJIE Technology)
Command & Conquer™ Alarmstufe Rot 3 (HKLM-x32\...\{296D8550-CB06-48E4-9A8B-E5034FB64715}) (Version: 1.0.1.0 - Electronic Arts)
Command and Conquer 3: Kane's Wrath (HKLM-x32\...\Steam App 24810) (Version:  - EA Los Angeles)
Command and Conquer 3: Tiberium Wars (HKLM-x32\...\Steam App 24790) (Version:  - EA Los Angeles)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version:  - FromSoftware, Inc)
Dawn of War - Soulstorm (HKLM-x32\...\{20533183-D42D-4261-A125-956736FBEA8C}) (Version: 1.00.0000 - THQ)
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
Deus Ex: Game of the Year Edition (HKLM-x32\...\Steam App 6910) (Version:  - Ion Storm)
Deus Ex: Human Revolution - Director's Cut (HKLM-x32\...\Steam App 238010) (Version:  - Eidos Montreal)
Deus Ex: Invisible War (HKLM-x32\...\Steam App 6920) (Version:  - Ion Storm)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Dungeons And Dragons Anthology - The Master Collection (HKLM-x32\...\{79612FB7-0B07-4E34-A346-79133691FF12}) (Version: 1.0.0 - Atari)
Dust: An Elysian Tail (HKLM-x32\...\Steam App 236090) (Version:  - Humble Hearts LLC)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
Elsword_DE (HKLM-x32\...\Elsword_DE_is1) (Version:  - )
F.E.A.R. 3 (HKLM-x32\...\Steam App 21100) (Version:  - Day 1 Studios)
F.E.A.R. Ultimate Shooter Edition - F.E.A.R. 2 (HKLM-x32\...\{8C06EE31-AE51-4589-B53F-1406F6BBA229}) (Version: 1.00.0000 - WB Games)
F.E.A.R. Ultimate Shooter Edition (HKLM-x32\...\{C03D7CF4-E172-421F-8209-667BAF0BEA1C}) (Version: 1.00.0000 - WB Games)
FastStone Capture 5.3 (HKLM-x32\...\FastStone Capture) (Version: 5.3 - FastStone Soft)
FEAR_Installer_Fix (HKLM-x32\...\{8D797CA6-C708-4541-B731-779CC9863A07}) (Version: 1.0 - WB Games Inc.)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.99.311 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.0.429 - Foxit Corporation)
Free Video to MP3 Converter version 5.0.40.514 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.40.514 - DVDVideoSoft Ltd.)
FreeFileSync 6.6 (HKLM-x32\...\FreeFileSync) (Version: 6.6 - Zenju)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
HAWKEN (HKLM-x32\...\Steam App 271290) (Version:  - Adhesive Games)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - JC2-MP Team)
KeePass Password Safe 2.26 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.26 - Dominik Reichl)
Kingdoms of Amalur: Reckoning™ (HKLM-x32\...\Steam App 102500) (Version:  - Big Huge Games)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Left 4 Dead 2 Authoring Tools (HKLM-x32\...\Steam App 563) (Version:  - Valve)
LEGO® Der Herr der Ringe™ (HKLM-x32\...\{C6F20FA7-342A-47A9-A3C8-EB36CABE6419}) (Version: 1.0.0.0 - Warner Bros. Interactive Entertainment)
LibreOffice 4.2.4.2 (HKLM-x32\...\{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}) (Version: 4.2.4.2 - The Document Foundation)
LoiLo Game Recorder (HKLM\...\{89E4163C-BD19-45A9-BCEB-980741786799}_is1) (Version: 1.1.0.0 - LoiLo inc.)
LoiLoScope 2 (HKLM-x32\...\{CAB75FFC-2377-4B95-A8FA-C9234B812A92}_is1) (Version: 2.5.3.2 - LoiLo inc)
Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios)
Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.)
Metal Slug 3 (HKLM-x32\...\Steam App 250180) (Version:  - DotEmu)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - 4A Games)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSI Afterburner 3.0.0 (HKLM-x32\...\Afterburner) (Version: 3.0.0 - MSI Co., LTD)
Natural Selection 2 (HKLM-x32\...\Steam App 4920) (Version:  - Unknown Worlds Entertainment)
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
Nightly 33.0a1 (x64 en-US) (HKLM\...\Nightly 33.0a1 (x64 en-US)) (Version: 33.0a1 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.3 - Notepad++ Team)
NVIDIA PhysX v8.10.29 (HKLM-x32\...\{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}) (Version: 8.10.29 - NVIDIA Corporation)
Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.53.394.0 - Overwolf Ltd.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Red Orchestra 2: Heroes of Stalingrad - Single Player (HKLM-x32\...\Steam App 236830) (Version:  - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.16.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.16.0 - Renesas Electronics Corporation) Hidden
Retro City Rampage™ (HKLM-x32\...\Steam App 204630) (Version:  - Vblank Entertainment, Inc.)
RivaTuner Statistics Server 6.1.1 (HKLM-x32\...\RTSS) (Version: 6.1.1 - Unwinder)
Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version:  - 5th Cell Media)
Sid Meier's Civilization 4 - Beyond the Sword (HKLM-x32\...\{32E4F0D2-C135-475E-A841-1D59A0D22989}) (Version: 3.19 - Firaxis Games)
Sid Meier's Civilization 4 Complete (HKLM-x32\...\{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}) (Version: 1.74 - Firaxis Games)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - Firaxis Games)
SimCity 4 Deluxe (HKLM-x32\...\Steam App 24780) (Version:  - EA - Maxis)
Sins of a Solar Empire (HKLM-x32\...\Sins of a Solar Empire) (Version:  - Stardock Entertainment)
Sins of a Solar Empire (x32 Version: 1.05 - Kalypso) Hidden
Skullgirls (HKLM-x32\...\Steam App 245170) (Version:  - Lab Zero Games)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - United Front Games)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - )
Spec Ops: The Line (HKLM-x32\...\Steam App 50300) (Version:  - Yager)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Supreme Commander (HKLM-x32\...\Steam App 9350) (Version:  - Gas Powered Games)
Supreme Commander: Forged Alliance (HKLM-x32\...\Steam App 9420) (Version:  - Gas Powered Games)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version:  - CD Projekt RED)
Tom Clancy's EndWar (HKLM-x32\...\{7C3D8108-8D99-427F-A1C2-D8E0D25A469C}) (Version: 1.00.0000 - Ubisoft)
Torchlight (HKLM-x32\...\{4F64A46D-67F7-4497-AEA2-313D4305A5F6}) (Version: 1.0.0 - JoWooD)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - Runic Games)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Warhammer 40,000 Space Marine (HKLM-x32\...\Steam App 55150) (Version:  - Relic)
Warhammer® 40,000™: Dawn of War® II - Chaos Rising™ (HKLM-x32\...\Steam App 20570) (Version:  - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II – Retribution™ (HKLM-x32\...\Steam App 56400) (Version:  - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II (HKLM-x32\...\Steam App 15620) (Version:  - Relic Entertainment)
WORLD IN CONFLICT: SOVIET ASSAULT (HKLM-x32\...\{F11ADC64-C89E-47F4-A0B3-3665FF859397}) (Version: 1.0.1.0 - Ubisoft Entertainment)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)

==================== Restore Points  =========================

13-06-2014 13:16:11 Installed FEAR_Installer_Fix
13-06-2014 13:17:39 Installiert F.E.A.R. Ultimate Shooter Edition - F.E.A.R. 2
13-06-2014 13:55:26 Installiert F.E.A.R. Ultimate Shooter Edition
13-06-2014 15:28:56 Installiert Tom Clancy's EndWar
13-06-2014 15:29:13 DirectX wurde installiert
13-06-2014 15:57:14 Installed Java 8 Update 5 (64-bit)
13-06-2014 15:59:20 Removed Java 8 Update 5 (64-bit)
13-06-2014 15:59:52 Installed Java SE Development Kit 8 Update 5 (64-bit)
13-06-2014 16:00:37 Installed Java 8 Update 5 (64-bit)
13-06-2014 17:00:40 DirectX wurde installiert
13-06-2014 20:00:47 Installed LEGO® The Lord of the Rings™
14-06-2014 10:38:36 Microsoft Visual C++ 2005 Redistributable wird installiert

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {10B2C341-E3F4-4D1B-AEBB-90126320E5A7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {5024C8F2-6B90-4D8E-AB70-050C40C95B9B} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2014-05-28] (Overwolf LTD)
Task: {51BFF22E-92E6-4629-8D5B-207F9F17ABFD} - System32\Tasks\{52251F40-3A0D-43B1-A50F-8E2ABA88F1DD} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1618
Task: {601A8DC2-96F8-42F8-9E93-F6484769EB0C} - System32\Tasks\{0FD356A7-1D21-4194-9CF5-CD56D437EB9F} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1618
Task: {75CC7E8F-8720-4A06-91A9-55B456F2675A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-12] (Google Inc.)
Task: {A9483F99-E54B-4D62-868F-1DFA782DA899} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-12] (AVAST Software)
Task: {BE5D5D06-082A-40F0-9569-DB523FE43B52} - System32\Tasks\{787E45DE-6A0F-4BB6-8F08-43338C8AF2EB} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1618
Task: {CA41FCBC-AE4C-464D-AF1A-63000DFA1868} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-12] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-06-13 14:28 - 2014-06-13 14:27 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2014-06-14 16:23 - 2014-06-14 16:23 - 00050477 _____ () G:\Kunng\Downloads\Defogger.exe
2014-06-14 08:22 - 2014-06-14 08:22 - 02776064 _____ () C:\Program Files\AVAST Software\Avast\defs\14061301\algo.dll
2014-06-14 11:54 - 2014-06-14 11:54 - 02776064 _____ () C:\Program Files\AVAST Software\Avast\defs\14061400\algo.dll
2014-06-14 11:53 - 2014-06-14 11:53 - 00043008 _____ () c:\users\kunng\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpigoier.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Kunng\AppData\Roaming\Dropbox\bin\libcef.dll
2014-06-12 13:21 - 2014-06-12 13:21 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-12 14:54 - 2014-06-06 06:38 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-06-12 14:03 - 2014-06-12 14:03 - 17024688 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll
2014-06-12 13:31 - 2014-04-30 02:08 - 01135104 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll
2014-06-12 13:31 - 2014-04-30 02:08 - 00471552 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll
2014-06-12 13:31 - 2014-04-30 02:08 - 00404992 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll
2014-06-12 13:31 - 2014-04-30 02:08 - 00340992 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-06-12 13:31 - 2014-05-17 03:36 - 00756224 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-06-12 13:31 - 2014-05-29 19:37 - 02139840 _____ () C:\Program Files (x86)\Steam\video.dll
2014-06-12 13:31 - 2014-04-29 02:37 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll
2014-06-12 13:31 - 2014-05-29 19:36 - 01116864 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-06-12 13:31 - 2014-05-02 01:35 - 20628160 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-06-12 13:31 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2014-06-12 13:31 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2014-06-12 13:31 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2014-06-12 13:32 - 2014-04-24 19:51 - 03019888 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-06-12 13:32 - 2014-04-24 19:51 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-06-12 13:32 - 2014-04-24 19:51 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/14/2014 02:11:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DarkSoulsII.exe, Version: 1.0.3.0, Zeitstempel: 0x538e8cbf
Name des fehlerhaften Moduls: DarkSoulsII.exe, Version: 1.0.3.0, Zeitstempel: 0x538e8cbf
Ausnahmecode: 0x40000015
Fehleroffset: 0x00a141d5
ID des fehlerhaften Prozesses: 0x1724
Startzeit der fehlerhaften Anwendung: 0xDarkSoulsII.exe0
Pfad der fehlerhaften Anwendung: DarkSoulsII.exe1
Pfad des fehlerhaften Moduls: DarkSoulsII.exe2
Berichtskennung: DarkSoulsII.exe3

Error: (06/14/2014 09:32:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DarkSoulsII.exe, Version: 1.0.3.0, Zeitstempel: 0x538e8cbf
Name des fehlerhaften Moduls: DarkSoulsII.exe, Version: 1.0.3.0, Zeitstempel: 0x538e8cbf
Ausnahmecode: 0x40000015
Fehleroffset: 0x00a141d5
ID des fehlerhaften Prozesses: 0xbd4
Startzeit der fehlerhaften Anwendung: 0xDarkSoulsII.exe0
Pfad der fehlerhaften Anwendung: DarkSoulsII.exe1
Pfad des fehlerhaften Moduls: DarkSoulsII.exe2
Berichtskennung: DarkSoulsII.exe3

Error: (06/13/2014 10:59:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DarkSoulsII.exe, Version: 1.0.3.0, Zeitstempel: 0x538e8cbf
Name des fehlerhaften Moduls: DarkSoulsII.exe, Version: 1.0.3.0, Zeitstempel: 0x538e8cbf
Ausnahmecode: 0x40000015
Fehleroffset: 0x00a141d5
ID des fehlerhaften Prozesses: 0x8dc
Startzeit der fehlerhaften Anwendung: 0xDarkSoulsII.exe0
Pfad der fehlerhaften Anwendung: DarkSoulsII.exe1
Pfad des fehlerhaften Moduls: DarkSoulsII.exe2
Berichtskennung: DarkSoulsII.exe3

Error: (06/13/2014 02:07:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DarkSoulsII.exe, Version: 1.0.3.0, Zeitstempel: 0x538e8cbf
Name des fehlerhaften Moduls: DarkSoulsII.exe, Version: 1.0.3.0, Zeitstempel: 0x538e8cbf
Ausnahmecode: 0x40000015
Fehleroffset: 0x00a141d5
ID des fehlerhaften Prozesses: 0xdb0
Startzeit der fehlerhaften Anwendung: 0xDarkSoulsII.exe0
Pfad der fehlerhaften Anwendung: DarkSoulsII.exe1
Pfad des fehlerhaften Moduls: DarkSoulsII.exe2
Berichtskennung: DarkSoulsII.exe3

Error: (06/13/2014 01:28:52 PM) (Source: MsiInstaller) (EventID: 11721) (User: Kunng-PC)
Description: Produkt: Borderlands: Zombie Island of Dr. Ned -- Fehler 1721. Es liegt ein dieses Windows Installer-Paket betreffendes Problem vor. Ein für den Abschluss der Installation erforderliches Programm konnte nicht ausgeführt werden. Wenden Sie sich an das Supportpersonal oder den Hersteller des Pakets. Aktion: Activation, Pfad: G:\Programme\Borderlands\Gearbox Software\Borderlands\Binaries\DLCSetup\DLCSetup.exe, Befehl:

Error: (06/13/2014 00:53:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DarkSoulsII.exe, Version: 1.0.3.0, Zeitstempel: 0x538e8cbf
Name des fehlerhaften Moduls: DarkSoulsII.exe, Version: 1.0.3.0, Zeitstempel: 0x538e8cbf
Ausnahmecode: 0x40000015
Fehleroffset: 0x00a141d5
ID des fehlerhaften Prozesses: 0x76c
Startzeit der fehlerhaften Anwendung: 0xDarkSoulsII.exe0
Pfad der fehlerhaften Anwendung: DarkSoulsII.exe1
Pfad des fehlerhaften Moduls: DarkSoulsII.exe2
Berichtskennung: DarkSoulsII.exe3

Error: (06/13/2014 00:47:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DarkSoulsII.exe, Version: 1.0.3.0, Zeitstempel: 0x538e8cbf
Name des fehlerhaften Moduls: DarkSoulsII.exe, Version: 1.0.3.0, Zeitstempel: 0x538e8cbf
Ausnahmecode: 0x40000015
Fehleroffset: 0x00a141d5
ID des fehlerhaften Prozesses: 0xb6c
Startzeit der fehlerhaften Anwendung: 0xDarkSoulsII.exe0
Pfad der fehlerhaften Anwendung: DarkSoulsII.exe1
Pfad des fehlerhaften Moduls: DarkSoulsII.exe2
Berichtskennung: DarkSoulsII.exe3

Error: (06/13/2014 00:44:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DarkSoulsII.exe, Version: 1.0.3.0, Zeitstempel: 0x538e8cbf
Name des fehlerhaften Moduls: DarkSoulsII.exe, Version: 1.0.3.0, Zeitstempel: 0x538e8cbf
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0091352a
ID des fehlerhaften Prozesses: 0x1718
Startzeit der fehlerhaften Anwendung: 0xDarkSoulsII.exe0
Pfad der fehlerhaften Anwendung: DarkSoulsII.exe1
Pfad des fehlerhaften Moduls: DarkSoulsII.exe2
Berichtskennung: DarkSoulsII.exe3

Error: (06/13/2014 11:16:54 AM) (Source: MsiInstaller) (EventID: 11311) (User: Kunng-PC)
Description: Produkt: Dungeons And Dragons Anthology - The Master Collection -- Fehler 1311. Die Quelldatei (CAB-Datei) wurde nicht gefunden: I:\Setup_10.cab. Überprüfen Sie, ob die Datei vorhanden ist, und ob Sie darauf zugreifen können.

Error: (06/12/2014 05:48:58 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (06/13/2014 11:27:26 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Server" wurde mit folgendem Fehler beendet: 
%%1062

Error: (06/13/2014 09:57:42 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 4.5.1 unter Windows 7, Vista, Server 2008 und Server 2008 R2 für x64-basierte Systeme (KB2901126)

Error: (06/13/2014 00:03:34 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 4.5 unter Windows 7, Vista, Windows Server 2008 und Windows Server 2008 R2 für x64 (KB2861208)

Error: (06/12/2014 07:28:43 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (06/12/2014 06:09:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: 
%%16405

Error: (06/12/2014 06:00:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800706ba fehlgeschlagen: Windows-Tool zum Entfernen bösartiger Software x64 - Juni 2014 (KB890830)

Error: (06/12/2014 06:00:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800706ba fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2563227)

Error: (06/12/2014 06:00:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800706ba fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2769369)

Error: (06/12/2014 06:00:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800706ba fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2560656)

Error: (06/12/2014 06:00:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800706ba fehlgeschlagen: Sicherheitsupdate für Windows*7 für x64-basierte Systeme (KB979482)


Microsoft Office Sessions:
=========================
Error: (06/14/2014 02:11:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DarkSoulsII.exe1.0.3.0538e8cbfDarkSoulsII.exe1.0.3.0538e8cbf4000001500a141d5172401cf87c463dccd68G:\Programme\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exeG:\Programme\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe0e6c1afb-f3bd-11e3-867b-90e6bacc960a

Error: (06/14/2014 09:32:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: DarkSoulsII.exe1.0.3.0538e8cbfDarkSoulsII.exe1.0.3.0538e8cbf4000001500a141d5bd401cf879d59fa9c0dG:\Programme\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exeG:\Programme\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe1402b5de-f396-11e3-83d5-90e6bacc960a

Error: (06/13/2014 10:59:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DarkSoulsII.exe1.0.3.0538e8cbfDarkSoulsII.exe1.0.3.0538e8cbf4000001500a141d58dc01cf874698c0e7fdG:\Programme\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exeG:\Programme\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe8af9ba2d-f33d-11e3-876b-90e6bacc960a

Error: (06/13/2014 02:07:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DarkSoulsII.exe1.0.3.0538e8cbfDarkSoulsII.exe1.0.3.0538e8cbf4000001500a141d5db001cf86fb84b09d53G:\Programme\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exeG:\Programme\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe558e6963-f2f3-11e3-a1ea-90e6bacc960a

Error: (06/13/2014 01:28:52 PM) (Source: MsiInstaller) (EventID: 11721) (User: Kunng-PC)
Description: Produkt: Borderlands: Zombie Island of Dr. Ned -- Fehler 1721. Es liegt ein dieses Windows Installer-Paket betreffendes Problem vor. Ein für den Abschluss der Installation erforderliches Programm konnte nicht ausgeführt werden. Wenden Sie sich an das Supportpersonal oder den Hersteller des Pakets. Aktion: Activation, Pfad: G:\Programme\Borderlands\Gearbox Software\Borderlands\Binaries\DLCSetup\DLCSetup.exe, Befehl:  (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/13/2014 00:53:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DarkSoulsII.exe1.0.3.0538e8cbfDarkSoulsII.exe1.0.3.0538e8cbf4000001500a141d576c01cf86f4fbf9000cG:\Programme\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exeG:\Programme\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exeea75e18c-f2e8-11e3-8d01-90e6bacc960a

Error: (06/13/2014 00:47:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DarkSoulsII.exe1.0.3.0538e8cbfDarkSoulsII.exe1.0.3.0538e8cbf4000001500a141d5b6c01cf86f497a9e3a2G:\Programme\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exeG:\Programme\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe2a855009-f2e8-11e3-8d01-90e6bacc960a

Error: (06/13/2014 00:44:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DarkSoulsII.exe1.0.3.0538e8cbfDarkSoulsII.exe1.0.3.0538e8cbfc00000050091352a171801cf86f45eb45f40G:\Programme\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exeG:\Programme\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exea94d935b-f2e7-11e3-8d01-90e6bacc960a

Error: (06/13/2014 11:16:54 AM) (Source: MsiInstaller) (EventID: 11311) (User: Kunng-PC)
Description: Produkt: Dungeons And Dragons Anthology - The Master Collection -- Fehler 1311. Die Quelldatei (CAB-Datei) wurde nicht gefunden: I:\Setup_10.cab. Überprüfen Sie, ob die Datei vorhanden ist, und ob Sie darauf zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/12/2014 05:48:58 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


==================== Memory info =========================== 

Percentage of memory in use: 42%
Total physical RAM: 8183.05 MB
Available physical RAM: 4688.31 MB
Total Pagefile: 16364.29 MB
Available Pagefile: 12951.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (SSD) (Fixed) (Total:232.79 GB) (Free:113.78 GB) NTFS
Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Extend) (Fixed) (Total:465.66 GB) (Free:82.35 GB) NTFS
Drive f: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Fixed) (Total:1862.92 GB) (Free:1265.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 85614FE0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-198731366400) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 2127DB33)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: B0E540E9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Tubalcain · 14.06.2014, 17:28

Gmer teil 1:

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-14 16:33:01
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-4 Samsung_SSD_840_EVO_250GB rev.EXT0BB6Q 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\Kunng\AppData\Local\Temp\fgdoqpog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                              fffff80002e09000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                                              fffff80002e0902f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                         0000000077371360 5 bytes JMP 0000000100040460
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                  00000000773713b0 5 bytes JMP 0000000100040450
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                  0000000077371510 5 bytes JMP 0000000100040370
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                       0000000077371560 5 bytes JMP 0000000100040470
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                             0000000077371570 5 bytes JMP 00000001000403e0
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                  0000000077371620 5 bytes JMP 0000000100040320
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                           0000000077371650 5 bytes JMP 00000001000403b0
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                              0000000077371670 5 bytes JMP 0000000100040390
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                    00000000773716b0 5 bytes JMP 00000001000402e0
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                  0000000077371730 5 bytes JMP 00000001000402d0
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                0000000077371750 5 bytes JMP 0000000100040310
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                 0000000077371790 5 bytes JMP 00000001000403c0
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                              00000000773717e0 5 bytes JMP 00000001000403f0
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                 0000000077371940 5 bytes JMP 0000000100040230
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                      0000000077371b00 5 bytes JMP 0000000100040480
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                     0000000077371b30 5 bytes JMP 00000001000403a0
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                              0000000077371c10 5 bytes JMP 00000001000402f0
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                           0000000077371c20 5 bytes JMP 0000000100040350
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                 0000000077371c80 5 bytes JMP 0000000100040290
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                              0000000077371d10 5 bytes JMP 00000001000402b0
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                               0000000077371d30 5 bytes JMP 00000001000403d0
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                  0000000077371d40 5 bytes JMP 0000000100040330
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                           0000000077371db0 5 bytes JMP 0000000100040410
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                              0000000077371de0 5 bytes JMP 0000000100040240
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                   00000000773720a0 5 bytes JMP 00000001000401e0
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                              0000000077372160 5 bytes JMP 0000000100040250
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                              0000000077372190 5 bytes JMP 0000000100040490
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                     00000000773721a0 5 bytes JMP 00000001000404a0
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                00000000773721d0 5 bytes JMP 0000000100040300
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                             00000000773721e0 5 bytes JMP 0000000100040360
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                   0000000077372240 5 bytes JMP 00000001000402a0
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                0000000077372290 5 bytes JMP 00000001000402c0
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                   00000000773722c0 5 bytes JMP 0000000100040380
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                    00000000773722d0 5 bytes JMP 0000000100040340
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                             00000000773725c0 5 bytes JMP 0000000100040440
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                            00000000773727c0 5 bytes JMP 0000000100040260
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                               00000000773727d0 5 bytes JMP 0000000100040270
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                             00000000773727e0 5 bytes JMP 0000000100040400
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                         00000000773729a0 5 bytes JMP 00000001000401f0
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                          00000000773729b0 5 bytes JMP 0000000100040210
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                               0000000077372a20 5 bytes JMP 0000000100040200
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                               0000000077372a80 5 bytes JMP 0000000100040420
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                0000000077372a90 5 bytes JMP 0000000100040430
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                           0000000077372aa0 5 bytes JMP 0000000100040220
.text     C:\Windows\system32\csrss.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                   0000000077372b80 5 bytes JMP 0000000100040280
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                       0000000077371360 5 bytes JMP 00000000774d0460
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                00000000773713b0 5 bytes JMP 00000000774d0450
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                0000000077371510 5 bytes JMP 00000000774d0370
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                     0000000077371560 5 bytes JMP 00000000774d0470
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                           0000000077371570 5 bytes JMP 00000000774d03e0
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                0000000077371620 5 bytes JMP 00000000774d0320
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                         0000000077371650 5 bytes JMP 00000000774d03b0
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                            0000000077371670 5 bytes JMP 00000000774d0390
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                  00000000773716b0 5 bytes JMP 00000000774d02e0
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                0000000077371730 5 bytes JMP 00000000774d02d0
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                              0000000077371750 5 bytes JMP 00000000774d0310
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                               0000000077371790 5 bytes JMP 00000000774d03c0
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                            00000000773717e0 5 bytes JMP 00000000774d03f0
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                               0000000077371940 5 bytes JMP 00000000774d0230
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                    0000000077371b00 5 bytes JMP 00000000774d0480
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                   0000000077371b30 5 bytes JMP 00000000774d03a0
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                            0000000077371c10 5 bytes JMP 00000000774d02f0
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                         0000000077371c20 5 bytes JMP 00000000774d0350
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                               0000000077371c80 5 bytes JMP 00000000774d0290
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                            0000000077371d10 5 bytes JMP 00000000774d02b0
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                             0000000077371d30 5 bytes JMP 00000000774d03d0
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                0000000077371d40 5 bytes JMP 00000000774d0330
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                         0000000077371db0 5 bytes JMP 00000000774d0410
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                            0000000077371de0 5 bytes JMP 00000000774d0240
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                 00000000773720a0 5 bytes JMP 00000000774d01e0
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                            0000000077372160 5 bytes JMP 00000000774d0250
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                            0000000077372190 5 bytes JMP 00000000774d0490
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                   00000000773721a0 5 bytes JMP 00000000774d04a0
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                              00000000773721d0 5 bytes JMP 00000000774d0300
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                           00000000773721e0 5 bytes JMP 00000000774d0360
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                 0000000077372240 5 bytes JMP 00000000774d02a0
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                              0000000077372290 5 bytes JMP 00000000774d02c0
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                 00000000773722c0 5 bytes JMP 00000000774d0380
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                  00000000773722d0 5 bytes JMP 00000000774d0340
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                           00000000773725c0 5 bytes JMP 00000000774d0440
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                          00000000773727c0 5 bytes JMP 00000000774d0260
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                             00000000773727d0 5 bytes JMP 00000000774d0270
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                           00000000773727e0 5 bytes JMP 00000000774d0400
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                       00000000773729a0 5 bytes JMP 00000000774d01f0
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                        00000000773729b0 5 bytes JMP 00000000774d0210
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                             0000000077372a20 5 bytes JMP 00000000774d0200
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                             0000000077372a80 5 bytes JMP 00000000774d0420
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                              0000000077372a90 5 bytes JMP 00000000774d0430
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                         0000000077372aa0 5 bytes JMP 00000000774d0220
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                 0000000077372b80 5 bytes JMP 00000000774d0280
.text     C:\Windows\system32\wininit.exe[620] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                      000000007725ef8d 1 byte [62]
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                         0000000077371360 5 bytes JMP 000000014a0a0460
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                  00000000773713b0 5 bytes JMP 000000014a0a0450
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                  0000000077371510 5 bytes JMP 000000014a0a0370
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                       0000000077371560 5 bytes JMP 000000014a0a0470
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                             0000000077371570 5 bytes JMP 000000014a0a03e0
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                  0000000077371620 5 bytes JMP 000000014a0a0320
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                           0000000077371650 5 bytes JMP 000000014a0a03b0
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                              0000000077371670 5 bytes JMP 000000014a0a0390
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                    00000000773716b0 5 bytes JMP 000000014a0a02e0
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                  0000000077371730 5 bytes JMP 000000014a0a02d0
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                0000000077371750 5 bytes JMP 000000014a0a0310
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                 0000000077371790 5 bytes JMP 000000014a0a03c0
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                              00000000773717e0 5 bytes JMP 000000014a0a03f0
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                 0000000077371940 5 bytes JMP 000000014a0a0230
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                      0000000077371b00 5 bytes JMP 000000014a0a0480
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                     0000000077371b30 5 bytes JMP 000000014a0a03a0
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                              0000000077371c10 5 bytes JMP 000000014a0a02f0
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                           0000000077371c20 5 bytes JMP 000000014a0a0350
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                 0000000077371c80 5 bytes JMP 000000014a0a0290
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                              0000000077371d10 5 bytes JMP 000000014a0a02b0
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                               0000000077371d30 5 bytes JMP 000000014a0a03d0
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                  0000000077371d40 5 bytes JMP 000000014a0a0330
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                           0000000077371db0 5 bytes JMP 000000014a0a0410
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                              0000000077371de0 5 bytes JMP 000000014a0a0240
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                   00000000773720a0 5 bytes JMP 000000014a0a01e0
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                              0000000077372160 5 bytes JMP 000000014a0a0250
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                              0000000077372190 5 bytes JMP 000000014a0a0490
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                     00000000773721a0 5 bytes JMP 000000014a0a04a0
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                00000000773721d0 5 bytes JMP 000000014a0a0300
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                             00000000773721e0 5 bytes JMP 000000014a0a0360
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                   0000000077372240 5 bytes JMP 000000014a0a02a0
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                0000000077372290 5 bytes JMP 000000014a0a02c0
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                   00000000773722c0 5 bytes JMP 000000014a0a0380
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                    00000000773722d0 5 bytes JMP 000000014a0a0340
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                             00000000773725c0 5 bytes JMP 000000014a0a0440
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                            00000000773727c0 5 bytes JMP 000000014a0a0260
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                               00000000773727d0 5 bytes JMP 000000014a0a0270
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                             00000000773727e0 5 bytes JMP 000000014a0a0400
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                         00000000773729a0 5 bytes JMP 000000014a0a01f0
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                          00000000773729b0 5 bytes JMP 000000014a0a0210
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                               0000000077372a20 5 bytes JMP 000000014a0a0200
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                               0000000077372a80 5 bytes JMP 000000014a0a0420
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                0000000077372a90 5 bytes JMP 000000014a0a0430
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                           0000000077372aa0 5 bytes JMP 000000014a0a0220
.text     C:\Windows\system32\csrss.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                   0000000077372b80 5 bytes JMP 000000014a0a0280
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                      0000000077371360 5 bytes JMP 00000000774d0460
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                               00000000773713b0 5 bytes JMP 00000000774d0450
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                               0000000077371510 5 bytes JMP 00000000774d0370
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                    0000000077371560 5 bytes JMP 00000000774d0470
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                          0000000077371570 5 bytes JMP 00000000774d03e0
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                               0000000077371620 5 bytes JMP 00000000774d0320
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                        0000000077371650 5 bytes JMP 00000000774d03b0
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                           0000000077371670 5 bytes JMP 00000000774d0390
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                 00000000773716b0 5 bytes JMP 00000000774d02e0
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                               0000000077371730 5 bytes JMP 00000000774d02d0
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                             0000000077371750 5 bytes JMP 00000000774d0310
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                              0000000077371790 5 bytes JMP 00000000774d03c0
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                           00000000773717e0 5 bytes JMP 00000000774d03f0
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                              0000000077371940 5 bytes JMP 00000000774d0230
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                   0000000077371b00 5 bytes JMP 00000000774d0480
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                  0000000077371b30 5 bytes JMP 00000000774d03a0
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                           0000000077371c10 5 bytes JMP 00000000774d02f0
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                        0000000077371c20 5 bytes JMP 00000000774d0350
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                              0000000077371c80 5 bytes JMP 00000000774d0290
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                           0000000077371d10 5 bytes JMP 00000000774d02b0
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                            0000000077371d30 5 bytes JMP 00000000774d03d0
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                               0000000077371d40 5 bytes JMP 00000000774d0330
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                        0000000077371db0 5 bytes JMP 00000000774d0410
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                           0000000077371de0 5 bytes JMP 00000000774d0240
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                00000000773720a0 5 bytes JMP 00000000774d01e0
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                           0000000077372160 5 bytes JMP 00000000774d0250
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                           0000000077372190 5 bytes JMP 00000000774d0490
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                  00000000773721a0 5 bytes JMP 00000000774d04a0
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                             00000000773721d0 5 bytes JMP 00000000774d0300
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                          00000000773721e0 5 bytes JMP 00000000774d0360
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                0000000077372240 5 bytes JMP 00000000774d02a0
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                             0000000077372290 5 bytes JMP 00000000774d02c0
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                00000000773722c0 5 bytes JMP 00000000774d0380
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                 00000000773722d0 5 bytes JMP 00000000774d0340
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                          00000000773725c0 5 bytes JMP 00000000774d0440
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                         00000000773727c0 5 bytes JMP 00000000774d0260
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                            00000000773727d0 5 bytes JMP 00000000774d0270
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                          00000000773727e0 5 bytes JMP 00000000774d0400
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                      00000000773729a0 5 bytes JMP 00000000774d01f0
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                       00000000773729b0 5 bytes JMP 00000000774d0210
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                            0000000077372a20 5 bytes JMP 00000000774d0200
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                            0000000077372a80 5 bytes JMP 00000000774d0420
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                             0000000077372a90 5 bytes JMP 00000000774d0430
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                        0000000077372aa0 5 bytes JMP 00000000774d0220
.text     C:\Windows\system32\services.exe[688] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                0000000077372b80 5 bytes JMP 00000000774d0280
.text     C:\Windows\system32\services.exe[688] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                     000000007725ef8d 1 byte [62]
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                         0000000077371360 5 bytes JMP 00000000774d0460
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                  00000000773713b0 5 bytes JMP 00000000774d0450
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                  0000000077371510 5 bytes JMP 00000000774d0370
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                       0000000077371560 5 bytes JMP 00000000774d0470
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                             0000000077371570 5 bytes JMP 00000000774d03e0
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                  0000000077371620 5 bytes JMP 00000000774d0320
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                           0000000077371650 5 bytes JMP 00000000774d03b0
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                              0000000077371670 5 bytes JMP 00000000774d0390
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                    00000000773716b0 5 bytes JMP 00000000774d02e0
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                  0000000077371730 5 bytes JMP 00000000774d02d0
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                0000000077371750 5 bytes JMP 00000000774d0310
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                 0000000077371790 5 bytes JMP 00000000774d03c0
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                              00000000773717e0 5 bytes JMP 00000000774d03f0
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                 0000000077371940 5 bytes JMP 00000000774d0230
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                      0000000077371b00 5 bytes JMP 00000000774d0480
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                     0000000077371b30 5 bytes JMP 00000000774d03a0
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                              0000000077371c10 5 bytes JMP 00000000774d02f0
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                           0000000077371c20 5 bytes JMP 00000000774d0350
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                 0000000077371c80 5 bytes JMP 00000000774d0290
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                              0000000077371d10 5 bytes JMP 00000000774d02b0
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                               0000000077371d30 5 bytes JMP 00000000774d03d0
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                  0000000077371d40 5 bytes JMP 00000000774d0330
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                           0000000077371db0 5 bytes JMP 00000000774d0410
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                              0000000077371de0 5 bytes JMP 00000000774d0240
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                   00000000773720a0 5 bytes JMP 00000000774d01e0
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                              0000000077372160 5 bytes JMP 00000000774d0250
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                              0000000077372190 5 bytes JMP 00000000774d0490
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                     00000000773721a0 5 bytes JMP 00000000774d04a0
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                00000000773721d0 5 bytes JMP 00000000774d0300
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                             00000000773721e0 5 bytes JMP 00000000774d0360
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                   0000000077372240 5 bytes JMP 00000000774d02a0
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                0000000077372290 5 bytes JMP 00000000774d02c0
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                   00000000773722c0 5 bytes JMP 00000000774d0380
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                    00000000773722d0 5 bytes JMP 00000000774d0340
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                             00000000773725c0 5 bytes JMP 00000000774d0440
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                            00000000773727c0 5 bytes JMP 00000000774d0260
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                               00000000773727d0 5 bytes JMP 00000000774d0270
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                             00000000773727e0 5 bytes JMP 00000000774d0400
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                         00000000773729a0 5 bytes JMP 00000000774d01f0
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                          00000000773729b0 5 bytes JMP 00000000774d0210
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                               0000000077372a20 5 bytes JMP 00000000774d0200
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                               0000000077372a80 5 bytes JMP 00000000774d0420
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                0000000077372a90 5 bytes JMP 00000000774d0430
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                           0000000077372aa0 5 bytes JMP 00000000774d0220
.text     C:\Windows\system32\lsass.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                   0000000077372b80 5 bytes JMP 00000000774d0280
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                           0000000077371360 5 bytes JMP 00000000774d0460
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                    00000000773713b0 5 bytes JMP 00000000774d0450
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                    0000000077371510 5 bytes JMP 00000000774d0370
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                         0000000077371560 5 bytes JMP 00000000774d0470
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                               0000000077371570 5 bytes JMP 00000000774d03e0
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                    0000000077371620 5 bytes JMP 00000000774d0320
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                             0000000077371650 5 bytes JMP 00000000774d03b0
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                0000000077371670 5 bytes JMP 00000000774d0390
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                      00000000773716b0 5 bytes JMP 00000000774d02e0
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                    0000000077371730 5 bytes JMP 00000000774d02d0
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                  0000000077371750 5 bytes JMP 00000000774d0310
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                   0000000077371790 5 bytes JMP 00000000774d03c0
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                00000000773717e0 5 bytes JMP 00000000774d03f0
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                   0000000077371940 5 bytes JMP 00000000774d0230
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                        0000000077371b00 5 bytes JMP 00000000774d0480
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                       0000000077371b30 5 bytes JMP 00000000774d03a0
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                0000000077371c10 5 bytes JMP 00000000774d02f0
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                             0000000077371c20 5 bytes JMP 00000000774d0350
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                   0000000077371c80 5 bytes JMP 00000000774d0290
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                0000000077371d10 5 bytes JMP 00000000774d02b0
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                 0000000077371d30 5 bytes JMP 00000000774d03d0
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                    0000000077371d40 5 bytes JMP 00000000774d0330
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                             0000000077371db0 5 bytes JMP 00000000774d0410
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                0000000077371de0 5 bytes JMP 00000000774d0240
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                     00000000773720a0 5 bytes JMP 00000000774d01e0
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                0000000077372160 5 bytes JMP 00000000774d0250
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                0000000077372190 5 bytes JMP 00000000774d0490
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                       00000000773721a0 5 bytes JMP 00000000774d04a0
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                  00000000773721d0 5 bytes JMP 00000000774d0300
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                               00000000773721e0 5 bytes JMP 00000000774d0360
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                     0000000077372240 5 bytes JMP 00000000774d02a0
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                  0000000077372290 5 bytes JMP 00000000774d02c0
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                     00000000773722c0 5 bytes JMP 00000000774d0380
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                      00000000773722d0 5 bytes JMP 00000000774d0340
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                               00000000773725c0 5 bytes JMP 00000000774d0440
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                              00000000773727c0 5 bytes JMP 00000000774d0260
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                 00000000773727d0 5 bytes JMP 00000000774d0270
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                               00000000773727e0 5 bytes JMP 00000000774d0400
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                           00000000773729a0 5 bytes JMP 00000000774d01f0
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                            00000000773729b0 5 bytes JMP 00000000774d0210
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                 0000000077372a20 5 bytes JMP 00000000774d0200
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                 0000000077372a80 5 bytes JMP 00000000774d0420
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                  0000000077372a90 5 bytes JMP 00000000774d0430
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                             0000000077372aa0 5 bytes JMP 00000000774d0220
.text     C:\Windows\system32\lsm.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                     0000000077372b80 5 bytes JMP 00000000774d0280
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                      0000000077371360 5 bytes JMP 00000000774d0460
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                               00000000773713b0 5 bytes JMP 00000000774d0450
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                               0000000077371510 5 bytes JMP 00000000774d0370
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                    0000000077371560 5 bytes JMP 00000000774d0470
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                          0000000077371570 5 bytes JMP 00000000774d03e0
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                               0000000077371620 5 bytes JMP 00000000774d0320
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                        0000000077371650 5 bytes JMP 00000000774d03b0
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                           0000000077371670 5 bytes JMP 00000000774d0390
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                 00000000773716b0 5 bytes JMP 00000000774d02e0
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                               0000000077371730 5 bytes JMP 00000000774d02d0
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                             0000000077371750 5 bytes JMP 00000000774d0310
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                              0000000077371790 5 bytes JMP 00000000774d03c0
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                           00000000773717e0 5 bytes JMP 00000000774d03f0
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                              0000000077371940 5 bytes JMP 00000000774d0230
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                   0000000077371b00 5 bytes JMP 00000000774d0480
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                  0000000077371b30 5 bytes JMP 00000000774d03a0
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                           0000000077371c10 5 bytes JMP 00000000774d02f0
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                        0000000077371c20 5 bytes JMP 00000000774d0350
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                              0000000077371c80 5 bytes JMP 00000000774d0290
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                           0000000077371d10 5 bytes JMP 00000000774d02b0
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                            0000000077371d30 5 bytes JMP 00000000774d03d0
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                               0000000077371d40 5 bytes JMP 00000000774d0330
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                        0000000077371db0 5 bytes JMP 00000000774d0410
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                           0000000077371de0 5 bytes JMP 00000000774d0240
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                00000000773720a0 5 bytes JMP 00000000774d01e0
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                           0000000077372160 5 bytes JMP 00000000774d0250
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                           0000000077372190 5 bytes JMP 00000000774d0490
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                  00000000773721a0 5 bytes JMP 00000000774d04a0
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                             00000000773721d0 5 bytes JMP 00000000774d0300
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                          00000000773721e0 5 bytes JMP 00000000774d0360
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                0000000077372240 5 bytes JMP 00000000774d02a0
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                             0000000077372290 5 bytes JMP 00000000774d02c0
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                00000000773722c0 5 bytes JMP 00000000774d0380
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                 00000000773722d0 5 bytes JMP 00000000774d0340
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                          00000000773725c0 5 bytes JMP 00000000774d0440
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                         00000000773727c0 5 bytes JMP 00000000774d0260
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                            00000000773727d0 5 bytes JMP 00000000774d0270
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                          00000000773727e0 5 bytes JMP 00000000774d0400
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                      00000000773729a0 5 bytes JMP 00000000774d01f0
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                       00000000773729b0 5 bytes JMP 00000000774d0210
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                            0000000077372a20 5 bytes JMP 00000000774d0200
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                            0000000077372a80 5 bytes JMP 00000000774d0420
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                             0000000077372a90 5 bytes JMP 00000000774d0430
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                        0000000077372aa0 5 bytes JMP 00000000774d0220
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                0000000077372b80 5 bytes JMP 00000000774d0280
.text     C:\Windows\system32\winlogon.exe[768] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                     000000007725ef8d 1 byte [62]
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                       0000000077371360 5 bytes JMP 00000000774d0460
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                00000000773713b0 5 bytes JMP 00000000774d0450
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                0000000077371510 5 bytes JMP 00000000774d0370
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                     0000000077371560 5 bytes JMP 00000000774d0470
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                           0000000077371570 5 bytes JMP 00000000774d03e0
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                0000000077371620 5 bytes JMP 00000000774d0320
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                         0000000077371650 5 bytes JMP 00000000774d03b0
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                            0000000077371670 5 bytes JMP 00000000774d0390
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                  00000000773716b0 5 bytes JMP 00000000774d02e0
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                0000000077371730 5 bytes JMP 00000000774d02d0
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                              0000000077371750 5 bytes JMP 00000000774d0310
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                               0000000077371790 5 bytes JMP 00000000774d03c0
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                            00000000773717e0 5 bytes JMP 00000000774d03f0
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                               0000000077371940 5 bytes JMP 00000000774d0230
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                    0000000077371b00 5 bytes JMP 00000000774d0480
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                   0000000077371b30 5 bytes JMP 00000000774d03a0
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                            0000000077371c10 5 bytes JMP 00000000774d02f0
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                         0000000077371c20 5 bytes JMP 00000000774d0350
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                               0000000077371c80 5 bytes JMP 00000000774d0290
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                            0000000077371d10 5 bytes JMP 00000000774d02b0
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                             0000000077371d30 5 bytes JMP 00000000774d03d0
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                0000000077371d40 5 bytes JMP 00000000774d0330
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                         0000000077371db0 5 bytes JMP 00000000774d0410
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                            0000000077371de0 5 bytes JMP 00000000774d0240
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                 00000000773720a0 5 bytes JMP 00000000774d01e0
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                            0000000077372160 5 bytes JMP 00000000774d0250
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                            0000000077372190 5 bytes JMP 00000000774d0490
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                   00000000773721a0 5 bytes JMP 00000000774d04a0
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                              00000000773721d0 5 bytes JMP 00000000774d0300
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                           00000000773721e0 5 bytes JMP 00000000774d0360
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                 0000000077372240 5 bytes JMP 00000000774d02a0
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                              0000000077372290 5 bytes JMP 00000000774d02c0
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                 00000000773722c0 5 bytes JMP 00000000774d0380
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                  00000000773722d0 5 bytes JMP 00000000774d0340
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                           00000000773725c0 5 bytes JMP 00000000774d0440
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                          00000000773727c0 5 bytes JMP 00000000774d0260
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                             00000000773727d0 5 bytes JMP 00000000774d0270
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                           00000000773727e0 5 bytes JMP 00000000774d0400
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                       00000000773729a0 5 bytes JMP 00000000774d01f0
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                        00000000773729b0 5 bytes JMP 00000000774d0210
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                             0000000077372a20 5 bytes JMP 00000000774d0200
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                             0000000077372a80 5 bytes JMP 00000000774d0420
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                              0000000077372a90 5 bytes JMP 00000000774d0430
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                         0000000077372aa0 5 bytes JMP 00000000774d0220
.text     C:\Windows\system32\svchost.exe[852] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                 0000000077372b80 5 bytes JMP 00000000774d0280
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                       0000000077371360 5 bytes JMP 00000000774d0460
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                00000000773713b0 5 bytes JMP 00000000774d0450
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                0000000077371510 5 bytes JMP 00000000774d0370
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                     0000000077371560 5 bytes JMP 00000000774d0470
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                           0000000077371570 5 bytes JMP 00000000774d03e0
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                0000000077371620 5 bytes JMP 00000000774d0320
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                         0000000077371650 5 bytes JMP 00000000774d03b0
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                            0000000077371670 5 bytes JMP 00000000774d0390
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                  00000000773716b0 5 bytes JMP 00000000774d02e0
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                0000000077371730 5 bytes JMP 00000000774d02d0
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                              0000000077371750 5 bytes JMP 00000000774d0310
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                               0000000077371790 5 bytes JMP 00000000774d03c0
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                            00000000773717e0 5 bytes JMP 00000000774d03f0
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                               0000000077371940 5 bytes JMP 00000000774d0230
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                    0000000077371b00 5 bytes JMP 00000000774d0480
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                   0000000077371b30 5 bytes JMP 00000000774d03a0
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                            0000000077371c10 5 bytes JMP 00000000774d02f0
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                         0000000077371c20 5 bytes JMP 00000000774d0350
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                               0000000077371c80 5 bytes JMP 00000000774d0290
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                            0000000077371d10 5 bytes JMP 00000000774d02b0
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                             0000000077371d30 5 bytes JMP 00000000774d03d0
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                0000000077371d40 5 bytes JMP 00000000774d0330
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                         0000000077371db0 5 bytes JMP 00000000774d0410
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                            0000000077371de0 5 bytes JMP 00000000774d0240
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                 00000000773720a0 5 bytes JMP 00000000774d01e0
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                            0000000077372160 5 bytes JMP 00000000774d0250
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                            0000000077372190 5 bytes JMP 00000000774d0490
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                   00000000773721a0 5 bytes JMP 00000000774d04a0
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                              00000000773721d0 5 bytes JMP 00000000774d0300
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                           00000000773721e0 5 bytes JMP 00000000774d0360
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                 0000000077372240 5 bytes JMP 00000000774d02a0
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                              0000000077372290 5 bytes JMP 00000000774d02c0
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                 00000000773722c0 5 bytes JMP 00000000774d0380
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                  00000000773722d0 5 bytes JMP 00000000774d0340
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                           00000000773725c0 5 bytes JMP 00000000774d0440
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                          00000000773727c0 5 bytes JMP 00000000774d0260
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                             00000000773727d0 5 bytes JMP 00000000774d0270
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                           00000000773727e0 5 bytes JMP 00000000774d0400
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                       00000000773729a0 5 bytes JMP 00000000774d01f0
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                        00000000773729b0 5 bytes JMP 00000000774d0210
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                             0000000077372a20 5 bytes JMP 00000000774d0200
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                             0000000077372a80 5 bytes JMP 00000000774d0420
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                              0000000077372a90 5 bytes JMP 00000000774d0430
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                         0000000077372aa0 5 bytes JMP 00000000774d0220
.text     C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                 0000000077372b80 5 bytes JMP 00000000774d0280
.text     C:\Windows\system32\atiesrxx.exe[1016] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                    000000007725ef8d 1 byte [62]
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                       0000000077371360 5 bytes JMP 00000000774d0460
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                00000000773713b0 5 bytes JMP 00000000774d0450
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                0000000077371510 5 bytes JMP 00000000774d0370
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                     0000000077371560 5 bytes JMP 00000000774d0470
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                           0000000077371570 5 bytes JMP 00000000774d03e0
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                0000000077371620 5 bytes JMP 00000000774d0320
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                         0000000077371650 5 bytes JMP 00000000774d03b0
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                            0000000077371670 5 bytes JMP 00000000774d0390
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                  00000000773716b0 5 bytes JMP 00000000774d02e0
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                0000000077371730 5 bytes JMP 00000000774d02d0
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                              0000000077371750 5 bytes JMP 00000000774d0310
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                               0000000077371790 5 bytes JMP 00000000774d03c0
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                            00000000773717e0 5 bytes JMP 00000000774d03f0
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                               0000000077371940 5 bytes JMP 00000000774d0230
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                    0000000077371b00 5 bytes JMP 00000000774d0480
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                   0000000077371b30 5 bytes JMP 00000000774d03a0
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                            0000000077371c10 5 bytes JMP 00000000774d02f0
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                         0000000077371c20 5 bytes JMP 00000000774d0350
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                               0000000077371c80 5 bytes JMP 00000000774d0290
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                            0000000077371d10 5 bytes JMP 00000000774d02b0
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                             0000000077371d30 5 bytes JMP 00000000774d03d0
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                0000000077371d40 5 bytes JMP 00000000774d0330
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                         0000000077371db0 5 bytes JMP 00000000774d0410
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                            0000000077371de0 5 bytes JMP 00000000774d0240
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                 00000000773720a0 5 bytes JMP 00000000774d01e0
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                            0000000077372160 5 bytes JMP 00000000774d0250
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                            0000000077372190 5 bytes JMP 00000000774d0490
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                   00000000773721a0 5 bytes JMP 00000000774d04a0
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                              00000000773721d0 5 bytes JMP 00000000774d0300
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                           00000000773721e0 5 bytes JMP 00000000774d0360
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                 0000000077372240 5 bytes JMP 00000000774d02a0
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                              0000000077372290 5 bytes JMP 00000000774d02c0
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                 00000000773722c0 5 bytes JMP 00000000774d0380
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                  00000000773722d0 5 bytes JMP 00000000774d0340
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                           00000000773725c0 5 bytes JMP 00000000774d0440
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                          00000000773727c0 5 bytes JMP 00000000774d0260
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                             00000000773727d0 5 bytes JMP 00000000774d0270
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                           00000000773727e0 5 bytes JMP 00000000774d0400
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                       00000000773729a0 5 bytes JMP 00000000774d01f0
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                        00000000773729b0 5 bytes JMP 00000000774d0210
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                             0000000077372a20 5 bytes JMP 00000000774d0200
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                             0000000077372a80 5 bytes JMP 00000000774d0420
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                              0000000077372a90 5 bytes JMP 00000000774d0430
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                         0000000077372aa0 5 bytes JMP 00000000774d0220
.text     C:\Windows\System32\svchost.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                 0000000077372b80 5 bytes JMP 00000000774d0280
.text     C:\Windows\System32\svchost.exe[628] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                      000000007725ef8d 1 byte [62]
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                       0000000077371360 5 bytes JMP 00000000774d0460
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                00000000773713b0 5 bytes JMP 00000000774d0450
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                0000000077371510 5 bytes JMP 00000000774d0370
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                     0000000077371560 5 bytes JMP 00000000774d0470
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                           0000000077371570 5 bytes JMP 00000000774d03e0
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                0000000077371620 5 bytes JMP 00000000774d0320
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                         0000000077371650 5 bytes JMP 00000000774d03b0
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                            0000000077371670 5 bytes JMP 00000000774d0390
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                  00000000773716b0 5 bytes JMP 00000000774d02e0
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                0000000077371730 5 bytes JMP 00000000774d02d0
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                              0000000077371750 5 bytes JMP 00000000774d0310
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                               0000000077371790 5 bytes JMP 00000000774d03c0
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                            00000000773717e0 5 bytes JMP 00000000774d03f0
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                               0000000077371940 5 bytes JMP 00000000774d0230
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                    0000000077371b00 5 bytes JMP 00000000774d0480
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                   0000000077371b30 5 bytes JMP 00000000774d03a0
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                            0000000077371c10 5 bytes JMP 00000000774d02f0
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                         0000000077371c20 5 bytes JMP 00000000774d0350
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                               0000000077371c80 5 bytes JMP 00000000774d0290
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                            0000000077371d10 5 bytes JMP 00000000774d02b0
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                             0000000077371d30 5 bytes JMP 00000000774d03d0
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                0000000077371d40 5 bytes JMP 00000000774d0330
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                         0000000077371db0 5 bytes JMP 00000000774d0410
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                            0000000077371de0 5 bytes JMP 00000000774d0240
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                 00000000773720a0 5 bytes JMP 00000000774d01e0
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                            0000000077372160 5 bytes JMP 00000000774d0250
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                            0000000077372190 5 bytes JMP 00000000774d0490
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                   00000000773721a0 5 bytes JMP 00000000774d04a0
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                              00000000773721d0 5 bytes JMP 00000000774d0300
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                           00000000773721e0 5 bytes JMP 00000000774d0360
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                 0000000077372240 5 bytes JMP 00000000774d02a0
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                              0000000077372290 5 bytes JMP 00000000774d02c0
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                 00000000773722c0 5 bytes JMP 00000000774d0380
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                  00000000773722d0 5 bytes JMP 00000000774d0340
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                           00000000773725c0 5 bytes JMP 00000000774d0440
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                          00000000773727c0 5 bytes JMP 00000000774d0260
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                             00000000773727d0 5 bytes JMP 00000000774d0270
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                           00000000773727e0 5 bytes JMP 00000000774d0400
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                       00000000773729a0 5 bytes JMP 00000000774d01f0

Tubalcain · 14.06.2014, 17:29

Gmer teil 2:

Code:

ATTFilter

.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                        00000000773729b0 5 bytes JMP 00000000774d0210
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                             0000000077372a20 5 bytes JMP 00000000774d0200
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                             0000000077372a80 5 bytes JMP 00000000774d0420
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                              0000000077372a90 5 bytes JMP 00000000774d0430
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                         0000000077372aa0 5 bytes JMP 00000000774d0220
.text     C:\Windows\system32\svchost.exe[252] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                 0000000077372b80 5 bytes JMP 00000000774d0280
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                      0000000077371360 5 bytes JMP 0000000100070460
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                               00000000773713b0 5 bytes JMP 0000000100070450
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                               0000000077371510 5 bytes JMP 0000000100070370
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                    0000000077371560 5 bytes JMP 0000000100070470
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                          0000000077371570 5 bytes JMP 00000001000703e0
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                               0000000077371620 5 bytes JMP 0000000100070320
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                        0000000077371650 5 bytes JMP 00000001000703b0
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                           0000000077371670 5 bytes JMP 0000000100070390
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                 00000000773716b0 5 bytes JMP 00000001000702e0
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                               0000000077371730 5 bytes JMP 00000001000702d0
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                             0000000077371750 5 bytes JMP 0000000100070310
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                              0000000077371790 5 bytes JMP 00000001000703c0
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                           00000000773717e0 5 bytes JMP 00000001000703f0
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                              0000000077371940 5 bytes JMP 0000000100070230
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                   0000000077371b00 5 bytes JMP 0000000100070480
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                  0000000077371b30 5 bytes JMP 00000001000703a0
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                           0000000077371c10 5 bytes JMP 00000001000702f0
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                        0000000077371c20 5 bytes JMP 0000000100070350
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                              0000000077371c80 5 bytes JMP 0000000100070290
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                           0000000077371d10 5 bytes JMP 00000001000702b0
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                            0000000077371d30 5 bytes JMP 00000001000703d0
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                               0000000077371d40 5 bytes JMP 0000000100070330
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                        0000000077371db0 5 bytes JMP 0000000100070410
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                           0000000077371de0 5 bytes JMP 0000000100070240
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                00000000773720a0 5 bytes JMP 00000001000701e0
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                           0000000077372160 5 bytes JMP 0000000100070250
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                           0000000077372190 5 bytes JMP 0000000100070490
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                  00000000773721a0 5 bytes JMP 00000001000704a0
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                             00000000773721d0 5 bytes JMP 0000000100070300
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                          00000000773721e0 5 bytes JMP 0000000100070360
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                0000000077372240 5 bytes JMP 00000001000702a0
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                             0000000077372290 5 bytes JMP 00000001000702c0
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                00000000773722c0 5 bytes JMP 0000000100070380
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                 00000000773722d0 5 bytes JMP 0000000100070340
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                          00000000773725c0 5 bytes JMP 0000000100070440
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                         00000000773727c0 5 bytes JMP 0000000100070260
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                            00000000773727d0 5 bytes JMP 0000000100070270
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                          00000000773727e0 5 bytes JMP 0000000100070400
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                      00000000773729a0 5 bytes JMP 00000001000701f0
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                       00000000773729b0 5 bytes JMP 0000000100070210
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                            0000000077372a20 5 bytes JMP 0000000100070200
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                            0000000077372a80 5 bytes JMP 0000000100070420
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                             0000000077372a90 5 bytes JMP 0000000100070430
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                        0000000077372aa0 5 bytes JMP 0000000100070220
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                0000000077372b80 5 bytes JMP 0000000100070280
.text     C:\Windows\system32\svchost.exe[1064] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                     000000007725ef8d 1 byte [62]
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                      0000000077371360 5 bytes JMP 00000000774d0460
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                               00000000773713b0 5 bytes JMP 00000000774d0450
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                               0000000077371510 5 bytes JMP 00000000774d0370
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                    0000000077371560 5 bytes JMP 00000000774d0470
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                          0000000077371570 5 bytes JMP 00000000774d03e0
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                               0000000077371620 5 bytes JMP 00000000774d0320
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                        0000000077371650 5 bytes JMP 00000000774d03b0
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                           0000000077371670 5 bytes JMP 00000000774d0390
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                 00000000773716b0 5 bytes JMP 00000000774d02e0
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                               0000000077371730 5 bytes JMP 00000000774d02d0
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                             0000000077371750 5 bytes JMP 00000000774d0310
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                              0000000077371790 5 bytes JMP 00000000774d03c0
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                           00000000773717e0 5 bytes JMP 00000000774d03f0
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                              0000000077371940 5 bytes JMP 00000000774d0230
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                   0000000077371b00 5 bytes JMP 00000000774d0480
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                  0000000077371b30 5 bytes JMP 00000000774d03a0
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                           0000000077371c10 5 bytes JMP 00000000774d02f0
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                        0000000077371c20 5 bytes JMP 00000000774d0350
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                              0000000077371c80 5 bytes JMP 00000000774d0290
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                           0000000077371d10 5 bytes JMP 00000000774d02b0
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                            0000000077371d30 5 bytes JMP 00000000774d03d0
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                               0000000077371d40 5 bytes JMP 00000000774d0330
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                        0000000077371db0 5 bytes JMP 00000000774d0410
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                           0000000077371de0 5 bytes JMP 00000000774d0240
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                00000000773720a0 5 bytes JMP 00000000774d01e0
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                           0000000077372160 5 bytes JMP 00000000774d0250
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                           0000000077372190 5 bytes JMP 00000000774d0490
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                  00000000773721a0 5 bytes JMP 00000000774d04a0
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                             00000000773721d0 5 bytes JMP 00000000774d0300
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                          00000000773721e0 5 bytes JMP 00000000774d0360
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                0000000077372240 5 bytes JMP 00000000774d02a0
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                             0000000077372290 5 bytes JMP 00000000774d02c0
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                00000000773722c0 5 bytes JMP 00000000774d0380
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                 00000000773722d0 5 bytes JMP 00000000774d0340
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                          00000000773725c0 5 bytes JMP 00000000774d0440
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                         00000000773727c0 5 bytes JMP 00000000774d0260
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                            00000000773727d0 5 bytes JMP 00000000774d0270
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                          00000000773727e0 5 bytes JMP 00000000774d0400
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                      00000000773729a0 5 bytes JMP 00000000774d01f0
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                       00000000773729b0 5 bytes JMP 00000000774d0210
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                            0000000077372a20 5 bytes JMP 00000000774d0200
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                            0000000077372a80 5 bytes JMP 00000000774d0420
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                             0000000077372a90 5 bytes JMP 00000000774d0430
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                        0000000077372aa0 5 bytes JMP 00000000774d0220
.text     C:\Windows\system32\AUDIODG.EXE[1140] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                0000000077372b80 5 bytes JMP 00000000774d0280
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                      0000000077371360 5 bytes JMP 00000000774d0460
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                               00000000773713b0 5 bytes JMP 00000000774d0450
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                               0000000077371510 5 bytes JMP 00000000774d0370
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                    0000000077371560 5 bytes JMP 00000000774d0470
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                          0000000077371570 5 bytes JMP 00000000774d03e0
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                               0000000077371620 5 bytes JMP 00000000774d0320
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                        0000000077371650 5 bytes JMP 00000000774d03b0
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                           0000000077371670 5 bytes JMP 00000000774d0390
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                 00000000773716b0 5 bytes JMP 00000000774d02e0
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                               0000000077371730 5 bytes JMP 00000000774d02d0
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                             0000000077371750 5 bytes JMP 00000000774d0310
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                              0000000077371790 5 bytes JMP 00000000774d03c0
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                           00000000773717e0 5 bytes JMP 00000000774d03f0
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                              0000000077371940 5 bytes JMP 00000000774d0230
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                   0000000077371b00 5 bytes JMP 00000000774d0480
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                  0000000077371b30 5 bytes JMP 00000000774d03a0
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                           0000000077371c10 5 bytes JMP 00000000774d02f0
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                        0000000077371c20 5 bytes JMP 00000000774d0350
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                              0000000077371c80 5 bytes JMP 00000000774d0290
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                           0000000077371d10 5 bytes JMP 00000000774d02b0
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                            0000000077371d30 5 bytes JMP 00000000774d03d0
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                               0000000077371d40 5 bytes JMP 00000000774d0330
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                        0000000077371db0 5 bytes JMP 00000000774d0410
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                           0000000077371de0 5 bytes JMP 00000000774d0240
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                00000000773720a0 5 bytes JMP 00000000774d01e0
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                           0000000077372160 5 bytes JMP 00000000774d0250
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                           0000000077372190 5 bytes JMP 00000000774d0490
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                  00000000773721a0 5 bytes JMP 00000000774d04a0
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                             00000000773721d0 5 bytes JMP 00000000774d0300
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                          00000000773721e0 5 bytes JMP 00000000774d0360
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                0000000077372240 5 bytes JMP 00000000774d02a0
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                             0000000077372290 5 bytes JMP 00000000774d02c0
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                00000000773722c0 5 bytes JMP 00000000774d0380
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                 00000000773722d0 5 bytes JMP 00000000774d0340
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                          00000000773725c0 5 bytes JMP 00000000774d0440
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                         00000000773727c0 5 bytes JMP 00000000774d0260
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                            00000000773727d0 5 bytes JMP 00000000774d0270
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                          00000000773727e0 5 bytes JMP 00000000774d0400
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                      00000000773729a0 5 bytes JMP 00000000774d01f0
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                       00000000773729b0 5 bytes JMP 00000000774d0210
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                            0000000077372a20 5 bytes JMP 00000000774d0200
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                            0000000077372a80 5 bytes JMP 00000000774d0420
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                             0000000077372a90 5 bytes JMP 00000000774d0430
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                        0000000077372aa0 5 bytes JMP 00000000774d0220
.text     C:\Windows\system32\svchost.exe[1276] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                0000000077372b80 5 bytes JMP 00000000774d0280
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                     0000000077371360 5 bytes JMP 00000000774d0460
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                              00000000773713b0 5 bytes JMP 00000000774d0450
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                              0000000077371510 5 bytes JMP 00000000774d0370
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                   0000000077371560 5 bytes JMP 00000000774d0470
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                         0000000077371570 5 bytes JMP 00000000774d03e0
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                              0000000077371620 5 bytes JMP 00000000774d0320
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                       0000000077371650 5 bytes JMP 00000000774d03b0
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                          0000000077371670 5 bytes JMP 00000000774d0390
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                00000000773716b0 5 bytes JMP 00000000774d02e0
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                              0000000077371730 5 bytes JMP 00000000774d02d0
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                            0000000077371750 5 bytes JMP 00000000774d0310
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                             0000000077371790 5 bytes JMP 00000000774d03c0
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                          00000000773717e0 5 bytes JMP 00000000774d03f0
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                             0000000077371940 5 bytes JMP 00000000774d0230
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                  0000000077371b00 5 bytes JMP 00000000774d0480
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                 0000000077371b30 5 bytes JMP 00000000774d03a0
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                          0000000077371c10 5 bytes JMP 00000000774d02f0
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                       0000000077371c20 5 bytes JMP 00000000774d0350
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                             0000000077371c80 5 bytes JMP 00000000774d0290
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                          0000000077371d10 5 bytes JMP 00000000774d02b0
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                           0000000077371d30 5 bytes JMP 00000000774d03d0
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                              0000000077371d40 5 bytes JMP 00000000774d0330
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                       0000000077371db0 5 bytes JMP 00000000774d0410
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                          0000000077371de0 5 bytes JMP 00000000774d0240
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                               00000000773720a0 5 bytes JMP 00000000774d01e0
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                          0000000077372160 5 bytes JMP 00000000774d0250
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                          0000000077372190 5 bytes JMP 00000000774d0490
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                 00000000773721a0 5 bytes JMP 00000000774d04a0
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                            00000000773721d0 5 bytes JMP 00000000774d0300
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                         00000000773721e0 5 bytes JMP 00000000774d0360
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                               0000000077372240 5 bytes JMP 00000000774d02a0
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                            0000000077372290 5 bytes JMP 00000000774d02c0
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                               00000000773722c0 5 bytes JMP 00000000774d0380
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                00000000773722d0 5 bytes JMP 00000000774d0340
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                         00000000773725c0 5 bytes JMP 00000000774d0440
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                        00000000773727c0 5 bytes JMP 00000000774d0260
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                           00000000773727d0 5 bytes JMP 00000000774d0270
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                         00000000773727e0 5 bytes JMP 00000000774d0400
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                     00000000773729a0 5 bytes JMP 00000000774d01f0
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                      00000000773729b0 5 bytes JMP 00000000774d0210
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                           0000000077372a20 5 bytes JMP 00000000774d0200
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                           0000000077372a80 5 bytes JMP 00000000774d0420
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                            0000000077372a90 5 bytes JMP 00000000774d0430
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                       0000000077372aa0 5 bytes JMP 00000000774d0220
.text     C:\Windows\system32\atieclxx.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                               0000000077372b80 5 bytes JMP 00000000774d0280
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                          0000000077371360 5 bytes JMP 00000000774d0460
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                   00000000773713b0 5 bytes JMP 00000000774d0450
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                   0000000077371510 5 bytes JMP 00000000774d0370
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                        0000000077371560 5 bytes JMP 00000000774d0470
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                              0000000077371570 5 bytes JMP 00000000774d03e0
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                   0000000077371620 5 bytes JMP 00000000774d0320
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                            0000000077371650 5 bytes JMP 00000000774d03b0
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                               0000000077371670 5 bytes JMP 00000000774d0390
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                     00000000773716b0 5 bytes JMP 00000000774d02e0
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                   0000000077371730 5 bytes JMP 00000000774d02d0
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                 0000000077371750 5 bytes JMP 00000000774d0310
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                  0000000077371790 5 bytes JMP 00000000774d03c0
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                               00000000773717e0 5 bytes JMP 00000000774d03f0
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                  0000000077371940 5 bytes JMP 00000000774d0230
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                       0000000077371b00 5 bytes JMP 00000000774d0480
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                      0000000077371b30 5 bytes JMP 00000000774d03a0
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                               0000000077371c10 5 bytes JMP 00000000774d02f0
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                            0000000077371c20 5 bytes JMP 00000000774d0350
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                  0000000077371c80 5 bytes JMP 00000000774d0290
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                               0000000077371d10 5 bytes JMP 00000000774d02b0
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                0000000077371d30 5 bytes JMP 00000000774d03d0
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                   0000000077371d40 5 bytes JMP 00000000774d0330
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                            0000000077371db0 5 bytes JMP 00000000774d0410
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                               0000000077371de0 5 bytes JMP 00000000774d0240
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                    00000000773720a0 5 bytes JMP 00000000774d01e0
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                               0000000077372160 5 bytes JMP 00000000774d0250
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                               0000000077372190 5 bytes JMP 00000000774d0490
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                      00000000773721a0 5 bytes JMP 00000000774d04a0
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                 00000000773721d0 5 bytes JMP 00000000774d0300
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                              00000000773721e0 5 bytes JMP 00000000774d0360
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                    0000000077372240 5 bytes JMP 00000000774d02a0
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                 0000000077372290 5 bytes JMP 00000000774d02c0
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                    00000000773722c0 5 bytes JMP 00000000774d0380
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                     00000000773722d0 5 bytes JMP 00000000774d0340
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                              00000000773725c0 5 bytes JMP 00000000774d0440
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                             00000000773727c0 5 bytes JMP 00000000774d0260
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                00000000773727d0 5 bytes JMP 00000000774d0270
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                              00000000773727e0 5 bytes JMP 00000000774d0400
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                          00000000773729a0 5 bytes JMP 00000000774d01f0
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                           00000000773729b0 5 bytes JMP 00000000774d0210
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                0000000077372a20 5 bytes JMP 00000000774d0200
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                0000000077372a80 5 bytes JMP 00000000774d0420
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                 0000000077372a90 5 bytes JMP 00000000774d0430
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                            0000000077372aa0 5 bytes JMP 00000000774d0220
.text     C:\Windows\system32\Dwm.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                    0000000077372b80 5 bytes JMP 00000000774d0280
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                              0000000077371360 5 bytes JMP 00000000774d0460
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                                       00000000773713b0 5 bytes JMP 00000000774d0450
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                       0000000077371510 5 bytes JMP 00000000774d0370
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                            0000000077371560 5 bytes JMP 00000000774d0470
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                  0000000077371570 5 bytes JMP 00000000774d03e0
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                       0000000077371620 5 bytes JMP 00000000774d0320
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                0000000077371650 5 bytes JMP 00000000774d03b0
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                   0000000077371670 5 bytes JMP 00000000774d0390
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                         00000000773716b0 5 bytes JMP 00000000774d02e0
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                                       0000000077371730 5 bytes JMP 00000000774d02d0
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                     0000000077371750 5 bytes JMP 00000000774d0310
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                      0000000077371790 5 bytes JMP 00000000774d03c0
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                   00000000773717e0 5 bytes JMP 00000000774d03f0
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                                      0000000077371940 5 bytes JMP 00000000774d0230
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                           0000000077371b00 5 bytes JMP 00000000774d0480
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                          0000000077371b30 5 bytes JMP 00000000774d03a0
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                                   0000000077371c10 5 bytes JMP 00000000774d02f0
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                                0000000077371c20 5 bytes JMP 00000000774d0350
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                      0000000077371c80 5 bytes JMP 00000000774d0290
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                                   0000000077371d10 5 bytes JMP 00000000774d02b0
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                    0000000077371d30 5 bytes JMP 00000000774d03d0
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                                       0000000077371d40 5 bytes JMP 00000000774d0330
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                                0000000077371db0 5 bytes JMP 00000000774d0410
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                                   0000000077371de0 5 bytes JMP 00000000774d0240
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                        00000000773720a0 5 bytes JMP 00000000774d01e0
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                                   0000000077372160 5 bytes JMP 00000000774d0250
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                                   0000000077372190 5 bytes JMP 00000000774d0490
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                          00000000773721a0 5 bytes JMP 00000000774d04a0
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                                     00000000773721d0 5 bytes JMP 00000000774d0300
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                                  00000000773721e0 5 bytes JMP 00000000774d0360
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                        0000000077372240 5 bytes JMP 00000000774d02a0
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                                     0000000077372290 5 bytes JMP 00000000774d02c0
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                        00000000773722c0 5 bytes JMP 00000000774d0380
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                         00000000773722d0 5 bytes JMP 00000000774d0340
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                                  00000000773725c0 5 bytes JMP 00000000774d0440
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                                 00000000773727c0 5 bytes JMP 00000000774d0260
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                                    00000000773727d0 5 bytes JMP 00000000774d0270
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                  00000000773727e0 5 bytes JMP 00000000774d0400
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                              00000000773729a0 5 bytes JMP 00000000774d01f0
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                               00000000773729b0 5 bytes JMP 00000000774d0210
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                    0000000077372a20 5 bytes JMP 00000000774d0200
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                    0000000077372a80 5 bytes JMP 00000000774d0420
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                     0000000077372a90 5 bytes JMP 00000000774d0430
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                0000000077372aa0 5 bytes JMP 00000000774d0220
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                        0000000077372b80 5 bytes JMP 00000000774d0280
.text     C:\Windows\Explorer.EXE[1620] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                             000000007725ef8d 1 byte [62]
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                      0000000077371360 5 bytes JMP 00000000774d0460
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                               00000000773713b0 5 bytes JMP 00000000774d0450
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                               0000000077371510 5 bytes JMP 00000000774d0370
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                    0000000077371560 5 bytes JMP 00000000774d0470
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                          0000000077371570 5 bytes JMP 00000000774d03e0
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                               0000000077371620 5 bytes JMP 00000000774d0320
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                        0000000077371650 5 bytes JMP 00000000774d03b0
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                           0000000077371670 5 bytes JMP 00000000774d0390
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                 00000000773716b0 5 bytes JMP 00000000774d02e0
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                               0000000077371730 5 bytes JMP 00000000774d02d0
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                             0000000077371750 5 bytes JMP 00000000774d0310
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                              0000000077371790 5 bytes JMP 00000000774d03c0
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                           00000000773717e0 5 bytes JMP 00000000774d03f0
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                              0000000077371940 5 bytes JMP 00000000774d0230
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                   0000000077371b00 5 bytes JMP 00000000774d0480
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                  0000000077371b30 5 bytes JMP 00000000774d03a0
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                           0000000077371c10 5 bytes JMP 00000000774d02f0
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                        0000000077371c20 5 bytes JMP 00000000774d0350
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                              0000000077371c80 5 bytes JMP 00000000774d0290
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                           0000000077371d10 5 bytes JMP 00000000774d02b0
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                            0000000077371d30 5 bytes JMP 00000000774d03d0
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                               0000000077371d40 5 bytes JMP 00000000774d0330
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                        0000000077371db0 5 bytes JMP 00000000774d0410
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                           0000000077371de0 5 bytes JMP 00000000774d0240
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                00000000773720a0 5 bytes JMP 00000000774d01e0
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                           0000000077372160 5 bytes JMP 00000000774d0250
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                           0000000077372190 5 bytes JMP 00000000774d0490
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                  00000000773721a0 5 bytes JMP 00000000774d04a0
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                             00000000773721d0 5 bytes JMP 00000000774d0300
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                          00000000773721e0 5 bytes JMP 00000000774d0360
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                0000000077372240 5 bytes JMP 00000000774d02a0
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                             0000000077372290 5 bytes JMP 00000000774d02c0
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                00000000773722c0 5 bytes JMP 00000000774d0380
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                 00000000773722d0 5 bytes JMP 00000000774d0340
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                          00000000773725c0 5 bytes JMP 00000000774d0440
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                         00000000773727c0 5 bytes JMP 00000000774d0260
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                            00000000773727d0 5 bytes JMP 00000000774d0270
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                          00000000773727e0 5 bytes JMP 00000000774d0400
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                      00000000773729a0 5 bytes JMP 00000000774d01f0
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                       00000000773729b0 5 bytes JMP 00000000774d0210
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                            0000000077372a20 5 bytes JMP 00000000774d0200
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                            0000000077372a80 5 bytes JMP 00000000774d0420
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                             0000000077372a90 5 bytes JMP 00000000774d0430
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                        0000000077372aa0 5 bytes JMP 00000000774d0220
.text     C:\Windows\System32\spoolsv.exe[1784] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                0000000077372b80 5 bytes JMP 00000000774d0280
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                     0000000077371360 5 bytes JMP 00000000774d0460
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                              00000000773713b0 5 bytes JMP 00000000774d0450
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                              0000000077371510 5 bytes JMP 00000000774d0370
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                   0000000077371560 5 bytes JMP 00000000774d0470
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                         0000000077371570 5 bytes JMP 00000000774d03e0
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                              0000000077371620 5 bytes JMP 00000000774d0320
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                       0000000077371650 5 bytes JMP 00000000774d03b0
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                          0000000077371670 5 bytes JMP 00000000774d0390
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                00000000773716b0 5 bytes JMP 00000000774d02e0
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                              0000000077371730 5 bytes JMP 00000000774d02d0
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                            0000000077371750 5 bytes JMP 00000000774d0310
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                             0000000077371790 5 bytes JMP 00000000774d03c0
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                          00000000773717e0 5 bytes JMP 00000000774d03f0
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                             0000000077371940 5 bytes JMP 00000000774d0230
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                  0000000077371b00 5 bytes JMP 00000000774d0480
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                 0000000077371b30 5 bytes JMP 00000000774d03a0
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                          0000000077371c10 5 bytes JMP 00000000774d02f0
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                       0000000077371c20 5 bytes JMP 00000000774d0350
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                             0000000077371c80 5 bytes JMP 00000000774d0290
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                          0000000077371d10 5 bytes JMP 00000000774d02b0
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                           0000000077371d30 5 bytes JMP 00000000774d03d0
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                              0000000077371d40 5 bytes JMP 00000000774d0330
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                       0000000077371db0 5 bytes JMP 00000000774d0410
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                          0000000077371de0 5 bytes JMP 00000000774d0240
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                               00000000773720a0 5 bytes JMP 00000000774d01e0
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                          0000000077372160 5 bytes JMP 00000000774d0250
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                          0000000077372190 5 bytes JMP 00000000774d0490
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                 00000000773721a0 5 bytes JMP 00000000774d04a0
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                            00000000773721d0 5 bytes JMP 00000000774d0300
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                         00000000773721e0 5 bytes JMP 00000000774d0360
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                               0000000077372240 5 bytes JMP 00000000774d02a0
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                            0000000077372290 5 bytes JMP 00000000774d02c0
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                               00000000773722c0 5 bytes JMP 00000000774d0380
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                00000000773722d0 5 bytes JMP 00000000774d0340
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                         00000000773725c0 5 bytes JMP 00000000774d0440
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                        00000000773727c0 5 bytes JMP 00000000774d0260
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                           00000000773727d0 5 bytes JMP 00000000774d0270
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                         00000000773727e0 5 bytes JMP 00000000774d0400
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                     00000000773729a0 5 bytes JMP 00000000774d01f0
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                      00000000773729b0 5 bytes JMP 00000000774d0210
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                           0000000077372a20 5 bytes JMP 00000000774d0200
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                           0000000077372a80 5 bytes JMP 00000000774d0420
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                            0000000077372a90 5 bytes JMP 00000000774d0430
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                       0000000077372aa0 5 bytes JMP 00000000774d0220
.text     C:\Windows\system32\taskhost.exe[1796] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                               0000000077372b80 5 bytes JMP 00000000774d0280
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                      0000000077371360 5 bytes JMP 00000000774d0460
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                               00000000773713b0 5 bytes JMP 00000000774d0450
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                               0000000077371510 5 bytes JMP 00000000774d0370
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                    0000000077371560 5 bytes JMP 00000000774d0470
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                          0000000077371570 5 bytes JMP 00000000774d03e0
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                               0000000077371620 5 bytes JMP 00000000774d0320
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                        0000000077371650 5 bytes JMP 00000000774d03b0
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                           0000000077371670 5 bytes JMP 00000000774d0390
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                 00000000773716b0 5 bytes JMP 00000000774d02e0
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                               0000000077371730 5 bytes JMP 00000000774d02d0
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                             0000000077371750 5 bytes JMP 00000000774d0310
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                              0000000077371790 5 bytes JMP 00000000774d03c0
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                           00000000773717e0 5 bytes JMP 00000000774d03f0
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                              0000000077371940 5 bytes JMP 00000000774d0230
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                   0000000077371b00 5 bytes JMP 00000000774d0480
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                  0000000077371b30 5 bytes JMP 00000000774d03a0
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                           0000000077371c10 5 bytes JMP 00000000774d02f0
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                        0000000077371c20 5 bytes JMP 00000000774d0350
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                              0000000077371c80 5 bytes JMP 00000000774d0290
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                           0000000077371d10 5 bytes JMP 00000000774d02b0
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                            0000000077371d30 5 bytes JMP 00000000774d03d0
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                               0000000077371d40 5 bytes JMP 00000000774d0330
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                        0000000077371db0 5 bytes JMP 00000000774d0410
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                           0000000077371de0 5 bytes JMP 00000000774d0240
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                00000000773720a0 5 bytes JMP 00000000774d01e0
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                           0000000077372160 5 bytes JMP 00000000774d0250
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                           0000000077372190 5 bytes JMP 00000000774d0490
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                  00000000773721a0 5 bytes JMP 00000000774d04a0
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                             00000000773721d0 5 bytes JMP 00000000774d0300
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                          00000000773721e0 5 bytes JMP 00000000774d0360
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                0000000077372240 5 bytes JMP 00000000774d02a0
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                             0000000077372290 5 bytes JMP 00000000774d02c0
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                00000000773722c0 5 bytes JMP 00000000774d0380
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                 00000000773722d0 5 bytes JMP 00000000774d0340
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx

Tubalcain · 14.06.2014, 17:30

Gmer teil 3:

Code:

ATTFilter

00000000773725c0 5 bytes JMP 00000000774d0440
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                         00000000773727c0 5 bytes JMP 00000000774d0260
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                            00000000773727d0 5 bytes JMP 00000000774d0270
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                          00000000773727e0 5 bytes JMP 00000000774d0400
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                      00000000773729a0 5 bytes JMP 00000000774d01f0
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                       00000000773729b0 5 bytes JMP 00000000774d0210
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                            0000000077372a20 5 bytes JMP 00000000774d0200
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                            0000000077372a80 5 bytes JMP 00000000774d0420
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                             0000000077372a90 5 bytes JMP 00000000774d0430
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                        0000000077372aa0 5 bytes JMP 00000000774d0220
.text     C:\Windows\system32\svchost.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                0000000077372b80 5 bytes JMP 00000000774d0280
.text     C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe[1996] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                  0000000074f9a2fd 1 byte [62]
.text     C:\Windows\system32\PnkBstrA.exe[1132] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                    0000000074f9a2fd 1 byte [62]
.text     C:\Windows\system32\PnkBstrA.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                  0000000075621465 2 bytes [62, 75]
.text     C:\Windows\system32\PnkBstrA.exe[1132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                 00000000756214bb 2 bytes [62, 75]
.text     ...                                                                                                                                                             * 2
.text     C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe[2216] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112  0000000074f9a2fd 1 byte [62]
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[2244] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                            0000000074f78791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[2244] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                   0000000074f9a2fd 1 byte [62]
.text     C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[2308] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                              0000000074f9a2fd 1 byte [62]
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                      0000000077371360 5 bytes JMP 00000000774d0460
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                               00000000773713b0 5 bytes JMP 00000000774d0450
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                               0000000077371510 5 bytes JMP 00000000774d0370
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                    0000000077371560 5 bytes JMP 00000000774d0470
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                          0000000077371570 5 bytes JMP 00000000774d03e0
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                               0000000077371620 5 bytes JMP 00000000774d0320
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                        0000000077371650 5 bytes JMP 00000000774d03b0
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                           0000000077371670 5 bytes JMP 00000000774d0390
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                 00000000773716b0 5 bytes JMP 00000000774d02e0
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                               0000000077371730 5 bytes JMP 00000000774d02d0
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                             0000000077371750 5 bytes JMP 00000000774d0310
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                              0000000077371790 5 bytes JMP 00000000774d03c0
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                           00000000773717e0 5 bytes JMP 00000000774d03f0
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                              0000000077371940 5 bytes JMP 00000000774d0230
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                   0000000077371b00 5 bytes JMP 00000000774d0480
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                  0000000077371b30 5 bytes JMP 00000000774d03a0
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                           0000000077371c10 5 bytes JMP 00000000774d02f0
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                        0000000077371c20 5 bytes JMP 00000000774d0350
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                              0000000077371c80 5 bytes JMP 00000000774d0290
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                           0000000077371d10 5 bytes JMP 00000000774d02b0
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                            0000000077371d30 5 bytes JMP 00000000774d03d0
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                               0000000077371d40 5 bytes JMP 00000000774d0330
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                        0000000077371db0 5 bytes JMP 00000000774d0410
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                           0000000077371de0 5 bytes JMP 00000000774d0240
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                00000000773720a0 5 bytes JMP 00000000774d01e0
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                           0000000077372160 5 bytes JMP 00000000774d0250
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                           0000000077372190 5 bytes JMP 00000000774d0490
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                  00000000773721a0 5 bytes JMP 00000000774d04a0
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                             00000000773721d0 5 bytes JMP 00000000774d0300
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                          00000000773721e0 5 bytes JMP 00000000774d0360
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                0000000077372240 5 bytes JMP 00000000774d02a0
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                             0000000077372290 5 bytes JMP 00000000774d02c0
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                00000000773722c0 5 bytes JMP 00000000774d0380
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                 00000000773722d0 5 bytes JMP 00000000774d0340
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                          00000000773725c0 5 bytes JMP 00000000774d0440
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                         00000000773727c0 5 bytes JMP 00000000774d0260
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                            00000000773727d0 5 bytes JMP 00000000774d0270
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                          00000000773727e0 5 bytes JMP 00000000774d0400
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                      00000000773729a0 5 bytes JMP 00000000774d01f0
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                       00000000773729b0 5 bytes JMP 00000000774d0210
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                            0000000077372a20 5 bytes JMP 00000000774d0200
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                            0000000077372a80 5 bytes JMP 00000000774d0420
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                             0000000077372a90 5 bytes JMP 00000000774d0430
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                        0000000077372aa0 5 bytes JMP 00000000774d0220
.text     C:\Windows\system32\svchost.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                0000000077372b80 5 bytes JMP 00000000774d0280
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                0000000077371360 5 bytes JMP 00000000774d0460
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                         00000000773713b0 5 bytes JMP 00000000774d0450
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                         0000000077371510 5 bytes JMP 00000000774d0370
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                              0000000077371560 5 bytes JMP 00000000774d0470
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                    0000000077371570 5 bytes JMP 00000000774d03e0
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                         0000000077371620 5 bytes JMP 00000000774d0320
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                  0000000077371650 5 bytes JMP 00000000774d03b0
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                     0000000077371670 5 bytes JMP 00000000774d0390
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                           00000000773716b0 5 bytes JMP 00000000774d02e0
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                         0000000077371730 5 bytes JMP 00000000774d02d0
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                       0000000077371750 5 bytes JMP 00000000774d0310
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                        0000000077371790 5 bytes JMP 00000000774d03c0
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                     00000000773717e0 5 bytes JMP 00000000774d03f0
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                        0000000077371940 5 bytes JMP 00000000774d0230
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                             0000000077371b00 5 bytes JMP 00000000774d0480
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                            0000000077371b30 5 bytes JMP 00000000774d03a0
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                     0000000077371c10 5 bytes JMP 00000000774d02f0
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                  0000000077371c20 5 bytes JMP 00000000774d0350
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                        0000000077371c80 5 bytes JMP 00000000774d0290
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                     0000000077371d10 5 bytes JMP 00000000774d02b0
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                      0000000077371d30 5 bytes JMP 00000000774d03d0
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                         0000000077371d40 5 bytes JMP 00000000774d0330
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                  0000000077371db0 5 bytes JMP 00000000774d0410
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                     0000000077371de0 5 bytes JMP 00000000774d0240
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                          00000000773720a0 5 bytes JMP 00000000774d01e0
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                     0000000077372160 5 bytes JMP 00000000774d0250
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                     0000000077372190 5 bytes JMP 00000000774d0490
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                            00000000773721a0 5 bytes JMP 00000000774d04a0
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                       00000000773721d0 5 bytes JMP 00000000774d0300
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                    00000000773721e0 5 bytes JMP 00000000774d0360
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                          0000000077372240 5 bytes JMP 00000000774d02a0
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                       0000000077372290 5 bytes JMP 00000000774d02c0
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                          00000000773722c0 5 bytes JMP 00000000774d0380
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                           00000000773722d0 5 bytes JMP 00000000774d0340
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                    00000000773725c0 5 bytes JMP 00000000774d0440
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                   00000000773727c0 5 bytes JMP 00000000774d0260
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                      00000000773727d0 5 bytes JMP 00000000774d0270
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                    00000000773727e0 5 bytes JMP 00000000774d0400
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                00000000773729a0 5 bytes JMP 00000000774d01f0
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                 00000000773729b0 5 bytes JMP 00000000774d0210
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                      0000000077372a20 5 bytes JMP 00000000774d0200
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                      0000000077372a80 5 bytes JMP 00000000774d0420
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                       0000000077372a90 5 bytes JMP 00000000774d0430
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                  0000000077372aa0 5 bytes JMP 00000000774d0220
.text     C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                          0000000077372b80 5 bytes JMP 00000000774d0280
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[3792] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                  000000007725ef8d 1 byte [62]
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                      0000000077371360 5 bytes JMP 00000000774d0460
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                               00000000773713b0 5 bytes JMP 00000000774d0450
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                               0000000077371510 5 bytes JMP 00000000774d0370
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                    0000000077371560 5 bytes JMP 00000000774d0470
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                          0000000077371570 5 bytes JMP 00000000774d03e0
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                               0000000077371620 5 bytes JMP 00000000774d0320
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                        0000000077371650 5 bytes JMP 00000000774d03b0
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                           0000000077371670 5 bytes JMP 00000000774d0390
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                 00000000773716b0 5 bytes JMP 00000000774d02e0
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                               0000000077371730 5 bytes JMP 00000000774d02d0
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                             0000000077371750 5 bytes JMP 00000000774d0310
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                              0000000077371790 5 bytes JMP 00000000774d03c0
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                           00000000773717e0 5 bytes JMP 00000000774d03f0
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                              0000000077371940 5 bytes JMP 00000000774d0230
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                   0000000077371b00 5 bytes JMP 00000000774d0480
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                  0000000077371b30 5 bytes JMP 00000000774d03a0
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                           0000000077371c10 5 bytes JMP 00000000774d02f0
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                        0000000077371c20 5 bytes JMP 00000000774d0350
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                              0000000077371c80 5 bytes JMP 00000000774d0290
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                           0000000077371d10 5 bytes JMP 00000000774d02b0
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                            0000000077371d30 5 bytes JMP 00000000774d03d0
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                               0000000077371d40 5 bytes JMP 00000000774d0330
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                        0000000077371db0 5 bytes JMP 00000000774d0410
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                           0000000077371de0 5 bytes JMP 00000000774d0240
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                00000000773720a0 5 bytes JMP 00000000774d01e0
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                           0000000077372160 5 bytes JMP 00000000774d0250
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                           0000000077372190 5 bytes JMP 00000000774d0490
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                  00000000773721a0 5 bytes JMP 00000000774d04a0
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                             00000000773721d0 5 bytes JMP 00000000774d0300
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                          00000000773721e0 5 bytes JMP 00000000774d0360
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                                0000000077372240 5 bytes JMP 00000000774d02a0
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                             0000000077372290 5 bytes JMP 00000000774d02c0
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                                00000000773722c0 5 bytes JMP 00000000774d0380
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                 00000000773722d0 5 bytes JMP 00000000774d0340
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                          00000000773725c0 5 bytes JMP 00000000774d0440
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                         00000000773727c0 5 bytes JMP 00000000774d0260
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                            00000000773727d0 5 bytes JMP 00000000774d0270
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                          00000000773727e0 5 bytes JMP 00000000774d0400
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                      00000000773729a0 5 bytes JMP 00000000774d01f0
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                       00000000773729b0 5 bytes JMP 00000000774d0210
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                            0000000077372a20 5 bytes JMP 00000000774d0200
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                            0000000077372a80 5 bytes JMP 00000000774d0420
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                             0000000077372a90 5 bytes JMP 00000000774d0430
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                        0000000077372aa0 5 bytes JMP 00000000774d0220
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                0000000077372b80 5 bytes JMP 00000000774d0280
.text     C:\Windows\System32\svchost.exe[4668] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                     000000007725ef8d 1 byte [62]
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                     0000000077371360 5 bytes JMP 00000000774d0460
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                                              00000000773713b0 5 bytes JMP 00000000774d0450
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                              0000000077371510 5 bytes JMP 00000000774d0370
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                   0000000077371560 5 bytes JMP 00000000774d0470
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                         0000000077371570 5 bytes JMP 00000000774d03e0
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                              0000000077371620 5 bytes JMP 00000000774d0320
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                       0000000077371650 5 bytes JMP 00000000774d03b0
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                          0000000077371670 5 bytes JMP 00000000774d0390
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                                00000000773716b0 5 bytes JMP 00000000774d02e0
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                                              0000000077371730 5 bytes JMP 00000000774d02d0
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                            0000000077371750 5 bytes JMP 00000000774d0310
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                             0000000077371790 5 bytes JMP 00000000774d03c0
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                          00000000773717e0 5 bytes JMP 00000000774d03f0
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                                             0000000077371940 5 bytes JMP 00000000774d0230
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                  0000000077371b00 5 bytes JMP 00000000774d0480
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                                                 0000000077371b30 5 bytes JMP 00000000774d03a0
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                                          0000000077371c10 5 bytes JMP 00000000774d02f0
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                                       0000000077371c20 5 bytes JMP 00000000774d0350
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                             0000000077371c80 5 bytes JMP 00000000774d0290
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                                          0000000077371d10 5 bytes JMP 00000000774d02b0
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                           0000000077371d30 5 bytes JMP 00000000774d03d0
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                                              0000000077371d40 5 bytes JMP 00000000774d0330
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                                       0000000077371db0 5 bytes JMP 00000000774d0410
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                                          0000000077371de0 5 bytes JMP 00000000774d0240
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                               00000000773720a0 5 bytes JMP 00000000774d01e0
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                                          0000000077372160 5 bytes JMP 00000000774d0250
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                                          0000000077372190 5 bytes JMP 00000000774d0490
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                                                 00000000773721a0 5 bytes JMP 00000000774d04a0
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                                            00000000773721d0 5 bytes JMP 00000000774d0300
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                                         00000000773721e0 5 bytes JMP 00000000774d0360
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                               0000000077372240 5 bytes JMP 00000000774d02a0
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                                            0000000077372290 5 bytes JMP 00000000774d02c0
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                                               00000000773722c0 5 bytes JMP 00000000774d0380
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                                                00000000773722d0 5 bytes JMP 00000000774d0340
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                                         00000000773725c0 5 bytes JMP 00000000774d0440
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                                        00000000773727c0 5 bytes JMP 00000000774d0260
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                                           00000000773727d0 5 bytes JMP 00000000774d0270
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                         00000000773727e0 5 bytes JMP 00000000774d0400
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                     00000000773729a0 5 bytes JMP 00000000774d01f0
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                                      00000000773729b0 5 bytes JMP 00000000774d0210
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                           0000000077372a20 5 bytes JMP 00000000774d0200
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                           0000000077372a80 5 bytes JMP 00000000774d0420
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                            0000000077372a90 5 bytes JMP 00000000774d0430
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                       0000000077372aa0 5 bytes JMP 00000000774d0220
.text     C:\Windows\system32\taskhost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                               0000000077372b80 5 bytes JMP 00000000774d0280
.text     G:\Kunng\Downloads\Gmer-19357.exe[6120] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                   0000000074f9a2fd 1 byte [62]

---- EOF - GMER 2.1 ----

cosinus · 14.06.2014, 17:46

Die Logs von Avast bräuchte ich auch, damit man überhaupt weiß, was genau denn gefunden wurde.

Tubalcain · 14.06.2014, 17:59

Das Problem ist, im Log Ordner von Avast sind ziemlich viele logdateien drin. Hab leider keine Ahnung welche davon die Richtige ist.

cosinus · 14.06.2014, 18:01

Bitte sichte die und poste die relevanten Zeilen mit den Dropper-gen[Drp] Funden

Tubalcain · 14.06.2014, 18:22

Konnte leider in den Logdateien nichts finden, hab aber das hier:

cosinus · 14.06.2014, 18:35

Das reicht doch schon.
Wenn du dir mal die letzten beiden Funden anschaust müsstest du zu der Erkenntnis kommen, dass man sich keine Software mehr über chip.de lädt. Es sei du stehst drauf, dass dein Rechner mit Werbung zugeballert wird. Also einfach mal etwas mehr Zeit nehmen und nicht auf den erstbesten Link klicken wenn man Software sucht.

Adware/Junkware/Toolbars entfernen

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Tubalcain · 14.06.2014, 19:01

AdwCleaner:

Code:

ATTFilter

# AdwCleaner v3.212 - Bericht erstellt am 14/06/2014 um 19:45:26
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Kunng - KUNNG-PC
# Gestartet von : G:\Kunng\Downloads\adwcleaner_3.212.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Kunng\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Kunng\AppData\Roaming\Mozilla\Firefox\Profiles\uqrgtf3x.default\Conduit
Ordner Gelöscht : C:\Users\Kunng\AppData\Roaming\Mozilla\Firefox\Profiles\uqrgtf3x.default\FoxTab
Ordner Gelöscht : C:\Users\Kunng\AppData\Roaming\Mozilla\Firefox\Profiles\uqrgtf3x.default\ICQToolbarData
Datei Gelöscht : C:\Users\Kunng\AppData\Roaming\Mozilla\Firefox\Profiles\uqrgtf3x.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Kunng\AppData\Roaming\Mozilla\Firefox\Profiles\uqrgtf3x.default\prefs.js ]

Zeile gelöscht : user_pref("CT2062418.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Zeile gelöscht : user_pref("CT2062418.AllowNonPrivacy", false);
Zeile gelöscht : user_pref("CT2062418.CTID", "CT2062418");
Zeile gelöscht : user_pref("CT2062418.CTPBaseServerUrl", "hxxp://grouping.services.conduit.com/");
Zeile gelöscht : user_pref("CT2062418.CommunityChanged", false);
Zeile gelöscht : user_pref("CT2062418.DialogsAlignMode", "LTR");
Zeile gelöscht : user_pref("CT2062418.EMailNotifierCheckInterval", "5");
Zeile gelöscht : user_pref("CT2062418.EMailNotifierPollDate", "Wed Apr 15 2009 16:17:12 GMT+0200");
Zeile gelöscht : user_pref("CT2062418.EMailNotifierSound", "DEFAULT");
Zeile gelöscht : user_pref("CT2062418.EnableClickToSearchBox", true);
Zeile gelöscht : user_pref("CT2062418.EnableSearchHistory", true);
Zeile gelöscht : user_pref("CT2062418.EnableSearchSuggest", true);
Zeile gelöscht : user_pref("CT2062418.EnableUsage", false);
Zeile gelöscht : user_pref("CT2062418.FirstTime", true);
Zeile gelöscht : user_pref("CT2062418.FirstTimeFF3", true);
Zeile gelöscht : user_pref("CT2062418.FixPageNotFoundErrors", false);
Zeile gelöscht : user_pref("CT2062418.Initialize", true);
Zeile gelöscht : user_pref("CT2062418.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("CT2062418.IsGrouping", false);
Zeile gelöscht : user_pref("CT2062418.IsMulticommunity", false);
Zeile gelöscht : user_pref("CT2062418.IsOpenThankYouPage", true);
Zeile gelöscht : user_pref("CT2062418.IsOpenUninstallPage", true);
Zeile gelöscht : user_pref("CT2062418.LanguagePackLastCheckTime", "Tue Apr 14 2009 17:28:36 GMT+0200");
Zeile gelöscht : user_pref("CT2062418.LanguagePackReloadInterval", "24");
Zeile gelöscht : user_pref("CT2062418.LastLogin", "Wed Apr 15 2009 09:56:54 GMT+0200");
Zeile gelöscht : user_pref("CT2062418.Locale", "de");
Zeile gelöscht : user_pref("CT2062418.LoginCache", "4");
Zeile gelöscht : user_pref("CT2062418.MCDetectTooltipHeight", "83");
Zeile gelöscht : user_pref("CT2062418.MCDetectTooltipShow", true);
Zeile gelöscht : user_pref("CT2062418.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gelöscht : user_pref("CT2062418.MCDetectTooltipWidth", "295");
Zeile gelöscht : user_pref("CT2062418.MyGadgetsServerUrl", "hxxp://services.MyStuff.u-page.com/MyStuffService.asmx/LegacyLogin");
Zeile gelöscht : user_pref("CT2062418.MyGadgetsTrustedDomains", "u-page.com");
Zeile gelöscht : user_pref("CT2062418.SHRINK_TOOLBAR", 1);
Zeile gelöscht : user_pref("CT2062418.SearchBackToDefaultEngine", false);
Zeile gelöscht : user_pref("CT2062418.SearchBoxWidth", 173);
Zeile gelöscht : user_pref("CT2062418.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("CT2062418.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2062418&SearchSource=2&q=");
Zeile gelöscht : user_pref("CT2062418.Server", "hxxp://users.conduit.com");
Zeile gelöscht : user_pref("CT2062418.SettingsLastUpdate", "1237710990");
Zeile gelöscht : user_pref("CT2062418.ThirdPartyComponentsInterval", "24");
Zeile gelöscht : user_pref("CT2062418.ThirdPartyComponentsLastCheck", "Wed Jan 07 2009 17:50:24 GMT+0100");
Zeile gelöscht : user_pref("CT2062418.ThirdPartyComponentsLastUpdate", "1228385537");
Zeile gelöscht : user_pref("CT2062418.ToolbarAlignMode", "SYSTEM");
Zeile gelöscht : user_pref("CT2062418.ToolbarName", "Browser-Plus CBE");
Zeile gelöscht : user_pref("CT2062418.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Zeile gelöscht : user_pref("CT2062418.UserID", "UN20090107175005138");
Zeile gelöscht : user_pref("CT2062418.VusualLastUpdateTime", "1228385537");
Zeile gelöscht : user_pref("CT2062418.WeatherNetwork", "");
Zeile gelöscht : user_pref("CT2062418.WeatherPollDate", "Wed Apr 15 2009 16:17:12 GMT+0200");
Zeile gelöscht : user_pref("CT2062418.WeatherUnit", "C");
Zeile gelöscht : user_pref("CT2062418.components.1000", false);
Zeile gelöscht : user_pref("CT2062418.components.1000034", true);
Zeile gelöscht : user_pref("CT2062418.components.1000048", true);
Zeile gelöscht : user_pref("CT2062418.components.1000080", false);
Zeile gelöscht : user_pref("CT2062418.components.1000082", false);
Zeile gelöscht : user_pref("CT2062418.components.1000234", true);
Zeile gelöscht : user_pref("CT2062418.components.1001", false);
Zeile gelöscht : user_pref("CT2062418.components.1002", true);
Zeile gelöscht : user_pref("CT2062418.components.1006", false);
Zeile gelöscht : user_pref("CT2062418.components.1007", false);
Zeile gelöscht : user_pref("CT2062418.components.1008", true);
Zeile gelöscht : user_pref("CT2062418.components.1009", false);
Zeile gelöscht : user_pref("CT2062418.components.1012", false);
Zeile gelöscht : user_pref("CT2062418.components.128722598309775807", true);
Zeile gelöscht : user_pref("CT2062418.components.128722742359306827", true);
Zeile gelöscht : user_pref("CT2062418.components.128722742402744525", true);
Zeile gelöscht : user_pref("CT2062418.components.128722743934462868", false);
Zeile gelöscht : user_pref("CT2062418.components.128722767537744115", true);
Zeile gelöscht : user_pref("CT2062418.components.128728589045688213", true);
Zeile gelöscht : user_pref("CT2304157.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Zeile gelöscht : user_pref("CT2304157.CTID", "CT2304157");
Zeile gelöscht : user_pref("CT2304157.CurrentServerDate", "2-1-2011");
Zeile gelöscht : user_pref("CT2304157.DialogsAlignMode", "LTR");
Zeile gelöscht : user_pref("CT2304157.DownloadReferralCookieData", "");
Zeile gelöscht : user_pref("CT2304157.FeedLastCount129078895246717929", 40);
Zeile gelöscht : user_pref("CT2304157.FeedLastCount129095439763593837", 20);
Zeile gelöscht : user_pref("CT2304157.FeedPollDate129078895250311712", "Sun Jan 02 2011 17:49:14 GMT+0100");
Zeile gelöscht : user_pref("CT2304157.FeedPollDate129095439763593837", "Sun Jan 02 2011 17:49:14 GMT+0100");
Zeile gelöscht : user_pref("CT2304157.FeedTTL129078895250311712", 40);
Zeile gelöscht : user_pref("CT2304157.FirstServerDate", "31-3-2010");
Zeile gelöscht : user_pref("CT2304157.FirstTime", true);
Zeile gelöscht : user_pref("CT2304157.FirstTimeFF3", true);
Zeile gelöscht : user_pref("CT2304157.FirstTimeSettingsDone", true);
Zeile gelöscht : user_pref("CT2304157.GroupingServerCheckInterval", 1440);
Zeile gelöscht : user_pref("CT2304157.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Zeile gelöscht : user_pref("CT2304157.Initialize", true);
Zeile gelöscht : user_pref("CT2304157.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("CT2304157.InstallationAndCookieDataSentCount", 1);
Zeile gelöscht : user_pref("CT2304157.InstalledDate", "Wed Mar 31 2010 18:43:47 GMT+0200");
Zeile gelöscht : user_pref("CT2304157.IsGrouping", false);
Zeile gelöscht : user_pref("CT2304157.IsMulticommunity", false);
Zeile gelöscht : user_pref("CT2304157.IsOpenThankYouPage", true);
Zeile gelöscht : user_pref("CT2304157.IsOpenUninstallPage", true);
Zeile gelöscht : user_pref("CT2304157.LanguagePackLastCheckTime", "Sun Jan 02 2011 17:49:24 GMT+0100");
Zeile gelöscht : user_pref("CT2304157.LanguagePackReloadIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2304157.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Zeile gelöscht : user_pref("CT2304157.LastLogin_2.5.8.6", "Thu Apr 01 2010 09:36:02 GMT+0200");
Zeile gelöscht : user_pref("CT2304157.LastLogin_2.7.2.0", "Sun Jan 02 2011 17:49:14 GMT+0100");
Zeile gelöscht : user_pref("CT2304157.LatestVersion", "3.2.5.2");
Zeile gelöscht : user_pref("CT2304157.Locale", "en");
Zeile gelöscht : user_pref("CT2304157.LoginCache", 4);
Zeile gelöscht : user_pref("CT2304157.MCDetectTooltipHeight", "83");
Zeile gelöscht : user_pref("CT2304157.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gelöscht : user_pref("CT2304157.MCDetectTooltipWidth", "295");
Zeile gelöscht : user_pref("CT2304157.SHRINK_TOOLBAR", 1);
Zeile gelöscht : user_pref("CT2304157.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2304157&octid=EB_ORIGINAL_CTID&SearchSource=1");
Zeile gelöscht : user_pref("CT2304157.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("CT2304157.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&q=");
Zeile gelöscht : user_pref("CT2304157.SearchInNewTabEnabled", true);
Zeile gelöscht : user_pref("CT2304157.SearchInNewTabIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2304157.SearchInNewTabLastCheckTime", "Sun Jan 02 2011 17:49:14 GMT+0100");
Zeile gelöscht : user_pref("CT2304157.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2304157.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2304157.SettingsCheckIntervalMin", 120);
Zeile gelöscht : user_pref("CT2304157.SettingsLastCheckTime", "Sun Jan 02 2011 17:49:13 GMT+0100");
Zeile gelöscht : user_pref("CT2304157.SettingsLastUpdate", "1292989441");
Zeile gelöscht : user_pref("CT2304157.ThirdPartyComponentsInterval", 504);
Zeile gelöscht : user_pref("CT2304157.ThirdPartyComponentsLastCheck", "Sun Jan 02 2011 17:49:13 GMT+0100");
Zeile gelöscht : user_pref("CT2304157.ThirdPartyComponentsLastUpdate", "1269988129");
Zeile gelöscht : user_pref("CT2304157.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Zeile gelöscht : user_pref("CT2304157.Uninstall", true);
Zeile gelöscht : user_pref("CT2304157.UserID", "UN67932151338011949");
Zeile gelöscht : user_pref("CT2304157.ValidationData_Toolbar", 2);
Zeile gelöscht : user_pref("CT2304157.alertChannelId", "700614");
Zeile gelöscht : user_pref("CT2304157.backendstorage.appbuttondisablenull", "30");
Zeile gelöscht : user_pref("CT2304157.clientLogIsEnabled", true);
Zeile gelöscht : user_pref("CT2304157.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Zeile gelöscht : user_pref("CT2304157.myStuffEnabled", true);
Zeile gelöscht : user_pref("CT2304157.myStuffPublihserMinWidth", 400);
Zeile gelöscht : user_pref("CT2304157.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Zeile gelöscht : user_pref("CT2304157.myStuffServiceIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2304157.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Zeile gelöscht : user_pref("CT2304157.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Zeile gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://www.xfire.com/toolbar/gamehistory", "320x398");
Zeile gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.theast.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=gDZrbh8T&q=");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2304157");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2304157");
Zeile gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.alert.userId", "{3f4d4234-4349-4f64-bc63-f65d57981739}");
Zeile gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Jan 10 2011 17:24:17 GMT+0100");
Zeile gelöscht : user_pref("CommunityToolbar.twitter.user_21817319.LastCheckTime", "Sun Jan 02 2011 17:49:16 GMT+0100");
Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "Max-TV Europe Customized Web Search");
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2272697&SearchSource=3&q={searchTerms}");
Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Zeile gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Zeile gelöscht : user_pref("icqtoolbar.engineVerified", true);
Zeile gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
Zeile gelöscht : user_pref("icqtoolbar.history", "2%20partitionen%20in%20einer%20partition||eigenes%20radio%20machen||radio%20streamen||Juan%20Carlos%20Antonio%20Galliano%20Guill%C3%A9n)||2%20partitionen%20in%20einen|[...]
Zeile gelöscht : user_pref("icqtoolbar.installsource", "1");
Zeile gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Zeile gelöscht : user_pref("icqtoolbar.previousFFVersion", "3.0.11");
Zeile gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Zeile gelöscht : user_pref("icqtoolbar.suggestions", false);
Zeile gelöscht : user_pref("icqtoolbar.uniqueID", "120938348912093834891209470617771");
Zeile gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1225293607);
Zeile gelöscht : user_pref("icqtoolbar.version", "1.1.4");
Zeile gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Zeile gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");

-\\ Google Chrome v35.0.1916.153

[ Datei : C:\Users\Kunng\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [15021 octets] - [14/06/2014 19:44:32]
AdwCleaner[S0].txt - [14895 octets] - [14/06/2014 19:45:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14956 octets] ##########

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Kunng on 14.06.2014 at 19:49:58,33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\Kunng\AppData\Roaming\mozilla\firefox\profiles\uqrgtf3x.default\invalidprefs.js
Successfully deleted: [Folder] C:\Users\Kunng\AppData\Roaming\mozilla\firefox\profiles\uqrgtf3x.default\extensions\{ef522540-89f5-46b9-b6fe-1829e2b572c6}
Successfully deleted the following from C:\Users\Kunng\AppData\Roaming\mozilla\firefox\profiles\uqrgtf3x.default\prefs.js

user_pref("extensions.irc.ceip.userid", "A746pHJoWdCrEfgi3V9BPZJwp2P5n3Py");
Emptied folder: C:\Users\Kunng\AppData\Roaming\mozilla\firefox\profiles\uqrgtf3x.default\minidumps [4 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.06.2014 at 19:56:05,84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST teil 1:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 02
Ran by Kunng (administrator) on KUNNG-PC on 14-06-2014 19:56:29
Running from G:\Kunng\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
() C:\Windows\System32\PnkBstrA.exe
(Dropbox, Inc.) C:\Users\Kunng\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(EJIE Technology) C:\Program Files (x86)\Clover\clover.exe
(Thisisu) G:\Kunng\Downloads\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-12] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
Startup: C:\Users\Kunng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Kunng\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO: ExplorerWatcher Class - {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} - C:\Program Files (x86)\Clover\TabHelper64.dll (EJIE Technology)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Kunng\AppData\Roaming\Mozilla\Firefox\Profiles\uqrgtf3x.default
FF SelectedSearchEngine: GoogIe
FF Homepage: hxxp://www.google.de/|hxxp://www.youtube.com/?gl=DE&hl=de|hxxp://www.gamestar.de/|hxxp://www.battlefield-4.net/index.html|hxxp://www.chip.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: YouTube Unblocker - C:\Users\Kunng\AppData\Roaming\Mozilla\Firefox\Profiles\uqrgtf3x.default\Extensions\youtubeunblocker@unblocker.yt [2014-06-12]
FF Extension: DownloadHelper - C:\Users\Kunng\AppData\Roaming\Mozilla\Firefox\Profiles\uqrgtf3x.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-06-12]
FF Extension: Ghostery - C:\Users\Kunng\AppData\Roaming\Mozilla\Firefox\Profiles\uqrgtf3x.default\Extensions\firefox@ghostery.com.xpi [2014-06-12]
FF Extension: Tab Scope - C:\Users\Kunng\AppData\Roaming\Mozilla\Firefox\Profiles\uqrgtf3x.default\Extensions\tabscope@xuldev.org.xpi [2014-06-12]
FF Extension: Flagfox - C:\Users\Kunng\AppData\Roaming\Mozilla\Firefox\Profiles\uqrgtf3x.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-06-12]
FF Extension: NoScript - C:\Users\Kunng\AppData\Roaming\Mozilla\Firefox\Profiles\uqrgtf3x.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-06-12]
FF Extension: Adblock Plus - C:\Users\Kunng\AppData\Roaming\Mozilla\Firefox\Profiles\uqrgtf3x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-12]
FF Extension: Greasemonkey - C:\Users\Kunng\AppData\Roaming\Mozilla\Firefox\Profiles\uqrgtf3x.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-06-12]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-12]

Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "hxxp://battlelog.battlefield.com/bf4/de/"
CHR Extension: (Google Docs) - C:\Users\Kunng\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-12]
CHR Extension: (Google Drive) - C:\Users\Kunng\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-12]
CHR Extension: (YouTube) - C:\Users\Kunng\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-12]
CHR Extension: (Google-Suche) - C:\Users\Kunng\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-12]
CHR Extension: (avast! Online Security) - C:\Users\Kunng\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-13]
CHR Extension: (Better Battlelog (BBLog)) - C:\Users\Kunng\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjlfnjepjdmlppapoikepbaabbghofma [2014-06-12]
CHR Extension: (Google Wallet) - C:\Users\Kunng\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-12]
CHR Extension: (Google Mail) - C:\Users\Kunng\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-12]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-12]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-12] (AVAST Software)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241728 2014-03-11] (Foxit Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1864480 2014-05-28] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-06-13] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2014-06-13] ()

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-12] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-12] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-12] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [102912 2012-03-15] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [220672 2012-03-15] (Renesas Electronics Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-14 19:56 - 2014-06-14 19:56 - 00001233 _____ () C:\Users\Kunng\Desktop\JRT.txt
2014-06-14 19:49 - 2014-06-14 19:49 - 00000000 ____D () C:\Windows\ERUNT
2014-06-14 19:44 - 2014-06-14 19:45 - 00000000 ____D () C:\AdwCleaner
2014-06-14 19:44 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-14 19:18 - 2014-06-14 19:18 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\FastStone
2014-06-14 16:24 - 2014-06-14 19:56 - 00000000 ____D () C:\FRST
2014-06-14 16:23 - 2014-06-14 16:23 - 00000000 _____ () C:\Users\Kunng\defogger_reenable
2014-06-14 13:02 - 2014-06-14 16:17 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\TS3Client
2014-06-14 12:38 - 2014-06-14 12:38 - 00000707 _____ () C:\Users\Public\Desktop\Mass Effect.lnk
2014-06-14 12:38 - 2014-06-14 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect
2014-06-13 18:48 - 2014-06-13 18:48 - 00000000 __SHD () C:\Users\Kunng\AppData\Local\EmieUserList
2014-06-13 18:48 - 2014-06-13 18:48 - 00000000 __SHD () C:\Users\Kunng\AppData\Local\EmieSiteList
2014-06-13 18:01 - 2014-06-13 18:01 - 00000000 ____D () C:\Users\Kunng\.eclipse
2014-06-13 18:00 - 2014-06-13 18:00 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-13 18:00 - 2014-06-13 18:00 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-13 18:00 - 2014-06-13 18:00 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-13 18:00 - 2014-06-13 18:00 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-13 18:00 - 2014-06-13 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-06-13 18:00 - 2014-06-13 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-13 18:00 - 2014-06-13 18:00 - 00000000 ____D () C:\Program Files\Java
2014-06-13 17:59 - 2014-06-13 17:59 - 00000000 ____D () C:\ProgramData\Sun
2014-06-13 17:30 - 2014-06-13 17:30 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\Opera
2014-06-13 17:30 - 2014-06-13 17:30 - 00000000 ____D () C:\Users\Kunng\AppData\Local\Opera
2014-06-13 16:20 - 2014-06-13 16:20 - 00000000 ____D () C:\Users\Public\Documents\TimeGate Studios
2014-06-13 16:20 - 2014-06-13 16:20 - 00000000 ____D () C:\Users\Public\Documents\Monolith Productions
2014-06-13 16:02 - 2014-06-13 20:14 - 00000000 ____D () C:\Users\Kunng\.VirtualBox
2014-06-13 16:02 - 2014-06-13 16:02 - 00000000 ____D () C:\Users\Kunng\VirtualBox VMs
2014-06-13 15:52 - 2014-06-13 15:52 - 00000000 ____D () C:\Users\Public\Documents\WBGames
2014-06-13 15:17 - 2014-06-13 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WB Games
2014-06-13 15:16 - 2014-06-13 15:16 - 00000000 ____D () C:\Program Files (x86)\WB Games
2014-06-13 14:28 - 2014-06-13 14:27 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2014-06-13 14:12 - 2014-06-13 14:12 - 00000000 ____D () C:\Users\Kunng\Documents\4a games
2014-06-13 13:26 - 2014-06-13 13:26 - 00000000 ____D () C:\Program Files (x86)\2K Games
2014-06-13 13:13 - 2014-06-13 13:13 - 00000000 __SHD () C:\ProgramData\SecuROM
2014-06-13 12:56 - 2014-06-13 12:56 - 00000000 ____D () C:\Windows\SysWOW64\AGEIA
2014-06-13 12:56 - 2014-06-13 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-06-13 12:56 - 2014-06-13 12:56 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-06-13 12:43 - 2014-06-13 12:48 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\DarkSoulsII
2014-06-13 11:59 - 2014-06-13 11:59 - 00000000 ____D () C:\Users\Kunng\AppData\Local\Blizzard Entertainment
2014-06-13 11:39 - 2014-06-13 11:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD
2014-06-13 11:32 - 2014-06-13 11:32 - 00000000 ____D () C:\Program Files (x86)\JoWooD
2014-06-13 11:25 - 2014-06-13 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
2014-06-13 10:59 - 2014-06-13 11:04 - 00000000 ____D () C:\Users\Kunng\Documents\BFH.Beta
2014-06-13 10:18 - 2014-06-13 10:55 - 00000184 _____ () C:\Users\Kunng\Desktop\pbuser.htm
2014-06-13 10:18 - 2014-06-13 10:18 - 00011288 _____ () C:\Users\Kunng\Desktop\pbgame.htm
2014-06-13 10:06 - 2014-06-13 10:06 - 00000000 ____D () C:\Users\Kunng\AppData\Roaming\InstallShield
2014-06-13 10:03 - 2014-06-13 10:03 - 00000310 _____ () C:\Windows\game.ini
2014-06-13 10:03 - 2014-06-13 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
2014-06-13 09:45 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-13 09:45 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-13 09:45 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-13 09:45 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-06-13 09:45 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-06-13 09:45 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-06-13 09:45 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-06-13 09:45 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-06-13 09:45 - 2013-12-25 00:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-06-13 09:45 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-06-13 09:45 - 2013-11-23 20:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-06-13 09:45 - 2013-11-23 19:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-06-13 09:45 - 2013-11-23 00:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-06-13 09:45 - 2012-02-11 08:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2014-06-13 09:45 - 2012-02-11 08:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2014-06-13 09:45 - 2011-02-25 08:19 - 02871808 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-06-13 09:45 - 2011-02-25 07:30 - 02616320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2014-06-13 00:04 - 2014-06-13 00:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-13 00:02 - 2013-05-10 07:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-06-13 00:02 - 2013-05-10 06:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-06-13 00:02 - 2013-05-10 06:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-06-13 00:01 - 2013-05-10 07:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-06-12 23:53 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-06-12 23:49 - 2014-06-12 23:49 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 23:49 - 2014-06-12 23:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 23:49 - 2014-06-12 23:49 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 23:49 - 2014-06-12 23:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 23:49 - 2014-06-12 23:49 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-06-12 23:49 - 2014-06-12 23:49 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-06-12 23:49 - 2014-06-12 23:49 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-06-12 23:49 - 2014-06-12 23:49 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-06-12 23:49 - 2014-06-12 23:49 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00266456 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00240856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-06-12 23:49 - 2014-06-12 23:49 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-06-12 23:49 - 2014-06-12 23:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-06-12 23:49 - 2014-06-12 23:49 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-06-12 23:49 - 2014-06-12 23:49 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 23:48 - 2014-06-12 23:54 - 00013275 _____ () C:\Windows\IE11_main.log
2014-06-12 23:45 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-06-12 23:45 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-06-12 23:45 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-06-12 23:45 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-06-12 23:45 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-06-12 23:45 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-06-12 23:45 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-06-12 23:45 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-06-12 23:45 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-06-12 23:45 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-06-12 23:45 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-06-12 23:45 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-06-12 23:45 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-06-12 23:45 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-06-12 23:45 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-06-12 23:45 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-06-12 23:38 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-06-12 23:38 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-06-12 23:38 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-06-12 23:38 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-06-12 23:27 - 2013-01-13 23:17 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-06-12 23:27 - 2013-01-13 23:17 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-06-12 23:27 - 2013-01-13 23:16 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-06-12 23:27 - 2013-01-13 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-06-12 23:27 - 2013-01-13 23:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-06-12 23:27 - 2013-01-13 23:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-06-12 23:27 - 2013-01-13 23:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-06-12 23:27 - 2013-01-13 23:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2014-06-12 23:27 - 2013-01-13 23:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-06-12 23:27 - 2013-01-13 22:35 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-06-12 23:27 - 2013-01-13 22:35 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-06-12 23:27 - 2013-01-13 22:35 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-06-12 23:27 - 2013-01-13 22:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-06-12 23:27 - 2013-01-13 22:31 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-06-12 23:27 - 2013-01-13 22:31 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-06-12 23:27 - 2013-01-13 22:31 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-06-12 23:27 - 2013-01-13 22:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-06-12 23:27 - 2013-01-13 22:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-06-12 23:27 - 2013-01-13 22:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-06-12 23:27 - 2013-01-13 22:20 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-06-12 23:27 - 2013-01-13 22:09 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-06-12 23:27 - 2013-01-13 22:08 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-06-12 23:27 - 2013-01-13 21:59 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-06-12 23:27 - 2013-01-13 21:58 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-06-12 23:27 - 2013-01-13 21:54 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-06-12 23:27 - 2013-01-13 21:53 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-06-12 23:27 - 2013-01-13 21:53 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2014-06-12 23:27 - 2013-01-13 21:49 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-06-12 23:27 - 2013-01-13 21:48 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-06-12 23:27 - 2013-01-13 21:46 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-06-12 23:27 - 2013-01-13 21:38 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-06-12 23:27 - 2013-01-13 21:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-06-12 23:27 - 2013-01-13 21:25 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-06-12 23:27 - 2013-01-13 21:24 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-06-12 23:27 - 2013-01-13 21:24 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-06-12 23:27 - 2013-01-13 21:20 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-06-12 23:27 - 2013-01-13 21:20 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-06-12 23:27 - 2013-01-13 20:34 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-06-12 23:27 - 2013-01-13 20:09 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-06-12 23:27 - 2013-01-13 19:26 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-06-12 23:27 - 2013-01-13 19:05 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-06-12 23:27 - 2013-01-04 08:11 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-06-12 23:27 - 2013-01-04 08:11 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-06-12 23:22 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-06-12 23:22 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-06-12 23:22 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-06-12 23:22 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-06-12 23:22 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-06-12 23:22 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-06-12 23:22 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-06-12 23:22 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-06-12 23:22 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-06-12 23:22 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 23:22 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 23:22 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 23:22 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 23:22 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 23:22 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 23:22 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 23:22 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 23:22 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 23:22 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-12 23:22 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-06-12 23:22 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-06-12 23:22 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-06-12 23:22 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-06-12 23:22 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-06-12 23:22 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-06-12 23:22 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-06-12 23:22 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-06-12 23:22 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-06-12 23:22 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-06-12 23:22 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-06-12 23:22 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-06-12 23:22 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-06-12 23:22 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-06-12 23:22 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-06-12 23:22 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-06-12 23:22 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-06-12 23:22 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-06-12 23:22 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-06-12 23:22 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-06-12 23:22 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-06-12 23:22 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-06-12 23:22 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-06-12 23:22 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-06-12 23:22 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-06-12 23:22 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-06-12 23:22 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-06-12 23:22 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-06-12 23:22 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-06-12 23:22 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-06-12 23:22 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-06-12 23:22 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-06-12 23:22 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-06-12 23:22 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-06-12 23:22 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-12 23:22 - 2014-01-01 01:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-06-12 23:22 - 2014-01-01 01:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-06-12 23:22 - 2013-12-04 04:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-06-12 23:22 - 2013-12-04 04:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-06-12 23:22 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-06-12 23:22 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-06-12 23:22 - 2013-12-04 04:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-06-12 23:22 - 2013-12-04 04:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-06-12 23:22 - 2013-12-04 04:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-06-12 23:22 - 2013-12-04 04:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-06-12 23:22 - 2013-12-04 04:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-06-12 23:22 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-06-12 23:22 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-06-12 23:22 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-06-12 23:22 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-06-12 23:22 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-06-12 23:22 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-06-12 23:22 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-06-12 23:22 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-06-12 23:22 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-06-12 23:22 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-06-12 23:22 - 2013-10-05 22:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-06-12 23:22 - 2013-10-05 21:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-06-12 23:22 - 2013-10-04 04:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-06-12 23:22 - 2013-10-04 04:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-06-12 23:22 - 2013-10-04 04:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-06-12 23:22 - 2013-10-04 03:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2014-06-12 23:22 - 2013-10-04 03:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-06-12 23:22 - 2013-10-04 03:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2014-06-12 23:22 - 2013-09-28 03:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-06-12 23:22 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-06-12 23:22 - 2013-09-25 04:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-06-12 23:22 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-06-12 23:22 - 2013-09-25 03:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-06-12 23:22 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-06-12 23:22 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-06-12 23:22 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-06-12 23:22 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-06-12 23:22 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-06-12 23:22 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-06-12 23:22 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-06-12 23:22 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2014-06-12 23:22 - 2013-07-04 14:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-06-12 23:22 - 2013-02-27 08:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-06-12 23:22 - 2013-02-27 07:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-06-12 23:22 - 2012-10-09 20:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-06-12 23:22 - 2012-10-09 20:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-06-12 23:22 - 2012-10-09 19:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2014-06-12 23:22 - 2012-10-09 19:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2014-06-12 23:22 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-06-12 23:22 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-06-12 23:21 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-12 23:21 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-12 23:21 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 23:21 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 23:21 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-06-12 23:21 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-06-12 23:21 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-06-12 23:21 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-06-12 23:21 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-06-12 23:21 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-06-12 23:21 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-06-12 23:21 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-06-12 23:21 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-06-12 23:21 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-06-12 23:21 - 2013-11-27 03:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-06-12 23:21 - 2013-11-27 03:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-06-12 23:21 - 2013-11-27 03:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-06-12 23:21 - 2013-11-27 03:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-06-12 23:21 - 2013-11-27 03:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-06-12 23:21 - 2013-11-27 03:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-06-12 23:21 - 2013-11-27 03:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-06-12 23:21 - 2013-11-12 04:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-06-12 23:21 - 2013-11-12 04:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-06-12 23:21 - 2013-10-30 04:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-06-12 23:21 - 2013-10-30 04:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-06-12 23:21 - 2013-10-19 04:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-06-12 23:21 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-06-12 23:21 - 2013-10-12 04:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-06-12 23:21 - 2013-10-12 04:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-06-12 23:21 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-06-12 23:21 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-06-12 23:21 - 2013-10-12 03:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-06-12 23:21 - 2013-10-12 03:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-06-12 23:21 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-06-12 23:21 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-06-12 23:21 - 2013-10-04 04:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-06-12 23:21 - 2013-10-04 03:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-06-12 23:21 - 2013-10-03 04:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-06-12 23:21 - 2013-10-03 04:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-06-12 23:21 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-06-12 23:21 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-06-12 23:21 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-06-12 23:21 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-06-12 23:21 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-06-12 23:21 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-06-12 23:21 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-06-12 23:21 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-06-12 23:21 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-06-12 23:21 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2014-06-12 23:21 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-06-12 23:21 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-06-12 23:21 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-06-12 23:21 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-06-12 23:21 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-06-12 23:21 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-06-12 23:21 - 2013-07-12 12:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2014-06-12 23:21 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-06-12 23:21 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-06-12 23:21 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-06-12 23:21 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-06-12 23:21 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-06-12 23:21 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-06-12 23:21 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-06-12 23:21 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-06-12 23:21 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-06-12 23:21 - 2013-07-03 06:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2014-06-12 23:21 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-06-12 23:21 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-06-12 23:21 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-06-12 23:21 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-06-12 23:21 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-06-12 23:21 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-06-12 23:21 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-06-12 23:21 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-06-12 23:21 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2014-06-12 23:21 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

14.06.2014, 17:46	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows 7: Win32: Dropper-gen[Drp] gefunden Die Logs von Avast bräuchte ich auch, damit man überhaupt weiß, was genau denn gefunden wurde. __________________ Logfiles bitte immer in CODE-Tags posten

14.06.2014, 18:01	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows 7: Win32: Dropper-gen[Drp] gefunden Bitte sichte die und poste die relevanten Zeilen mit den Dropper-gen[Drp] Funden __________________ Logfiles bitte immer in CODE-Tags posten

Windows 7: Win32: Dropper-gen[Drp] gefunden

Log-Analyse und Auswertung: Windows 7: Win32: Dropper-gen[Drp] gefunden