Win7- Systemstart und programme brauchen ewig beim laden

iParanoid · 01.05.2015, 10:33

Guten Morgen,

Mein System:

Windows: Win7 Professional(Original)Service Pack 1 ist installiert
Prozessor: AMD FX(tm)-8350 Eigght-Core Processor 4,07 GHz
Arbeitsspeicher: 16 GB RAM
Grafikkarte: GeForce GTX 650 Ti
Laufwerke: SAMSUNG HD105SI SATA Disk Device, ST310005 24AS SATA Disk Device, ST375064 0AS SATA Disk Device
Antiware: Bitdefender (Gekaufte Version) (Problem war auch vor BitDefender)

Mein Problem ist wie folgt:
(Pc wurde erst neu aufgesetzt)
Es beginnt alles beim starten des Pc's.. Nach dem winlogo hab ich erstmal ca 2-4 min ein schwarzes Bild kann aber meine Maus bewegen. Nach diesen genannten 2-4 min bin ich auf meinem Desktop dieser brauch auch wieder ca 3-4 min um alles zu laden obwohl ich alles aus dem Autostart herraus genommen habe!!! Nach der ganzen Zeit die schon verstrichen ist laeuft alles sehr viel langsamer ob ich jz ein Spiel starte oder im inet musik hoeren moechte egal was es braucht immer so seine 60 sec zum laden .....

Ich hoffe ihr koennt mir hiermit iwie helfen !!!

Da die FRST.txt zu gross ist habe ich alle Logfiles als Archiv hochgeladen ..!!

schrauber · 01.05.2015, 15:12

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

iParanoid · 01.05.2015, 15:50

Vielen Dank fuer deine schnelle Antwort hier nochmals die Logs =)

Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2015 01
Ran by iParanoid at 2015-05-01 10:35:22
Running from C:\Users\iParanoid\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3222174732-2686061832-2192769455-500 - Administrator - Disabled)
Gast (S-1-5-21-3222174732-2686061832-2192769455-501 - Limited - Disabled)
iParanoid (S-1-5-21-3222174732-2686061832-2192769455-1000 - Administrator - Enabled) => C:\Users\iParanoid

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.01 - ASUSTeK Computer Inc.)
AMD Catalyst Install Manager (HKLM\...\{5DDB9EF7-1BC0-C9C1-9829-6B9CF68AC357}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Anno 2070 (HKLM-x32\...\Steam App 48240) (Version:  - BlueByte)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
ASUS Boot Setting (HKLM-x32\...\{7AAE9187-C24F-4073-A951-36C370E7A3A5}) (Version: 1.00.09 - ASUSTeK Computer Inc.)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.2.6.0 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.2.6.0 - ASUSTek COMPUTER INC.) Hidden
ASUS Product Register Program (HKLM-x32\...\{C0B16F2E-3980-44F8-8CF4-F84696541FF7}) (Version: 1.0.018 - ASUSTek Computer Inc.)
ASUS_ROG_THEME (HKLM-x32\...\ASUS_ROG_THEME) (Version: 1.00.14 - ASUSTeK Computer Inc.)
Bitdefender Internet Security 2015 (HKLM\...\Bitdefender) (Version: 18.22.0.1521 - Bitdefender)
Evolve (HKLM-x32\...\Steam App 273350) (Version:  - Turtle Rock Studios)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
Intel(R) Network Connections 17.3.63.0 (HKLM\...\PROSetDX) (Version: 17.3.63.0 - Intel)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version:  - 4A Games)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 349.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 349.95 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 350.12 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Grafiktreiber 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.25502 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.12.23 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.41459 - TeamViewer)
The Darkness II (HKLM-x32\...\Steam App 67370) (Version:  - Digital Extremes)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Uplay (HKLM-x32\...\Uplay) (Version: 5.2 - Ubisoft)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

24-04-2015 22:41:41 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
24-04-2015 22:42:20 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
24-04-2015 22:43:56 DirectX wurde installiert
27-04-2015 11:40:33 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
27-04-2015 11:41:32 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
27-04-2015 11:44:28 OpenOffice 4.1.1 wird installiert

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {13910B4E-95DC-4CA2-805F-D4B172D44774} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {4919E234-C6C6-4252-820C-41D0FFFC0A76} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {637E507D-045D-4A68-9931-FE4DCB439294} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {8590287A-3A9A-418D-81DC-C29F67A1AEC4} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {92A541DA-C93E-4948-A6ED-208C831BA940} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe [2012-08-14] (ASUSTeK Computer Inc.)
Task: {AAD881DA-B8B5-4D3D-BFA5-4B998FCCA16A} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-09] ()
Task: {B52999BF-EEBA-47EB-8CFD-1B74D3690AFB} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {C86C283D-5BAE-444D-9DDF-3F72F64196A4} - System32\Tasks\ASUS\Easy Update => C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe [2012-10-29] ()
Task: {FFB511B0-4714-4C12-A79C-E58B095A5153} - System32\Tasks\{04CE8BB4-84F8-47EC-A302-AF796863BC9F} => pcalua.exe -a C:\Users\iParanoid\Downloads\LeagueofLegends_EUW_Installer_9_15_2014.exe -d C:\Windows\SysWOW64 -c /groupsextract:100;101;102; /out:"C:\Users\iParanoid\AppData\Roaming\Riot Games\League of Legends\prerequisites" /callbackid:5452

==================== Loaded Modules (whitelisted) ==============

2015-04-20 18:59 - 2014-08-27 16:31 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2015-04-20 18:59 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2015-04-20 18:59 - 2015-04-01 18:05 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2015-04-20 18:59 - 2012-10-29 14:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2015-04-20 19:04 - 2015-04-20 19:04 - 00789856 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00250_002\ashttpbr.mdl
2015-04-20 19:04 - 2015-04-20 19:04 - 00710016 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00250_002\ashttpdsp.mdl
2015-04-20 19:04 - 2015-04-20 19:04 - 02683008 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00250_002\ashttpph.mdl
2015-04-20 19:04 - 2015-04-20 19:04 - 01325480 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00250_002\ashttprbl.mdl
2012-06-01 11:42 - 2012-06-01 11:42 - 00920736 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2015-04-20 16:50 - 2015-04-08 23:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-04-20 18:36 - 2012-10-29 12:45 - 01405312 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe
2012-01-17 11:24 - 2012-01-17 11:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2015-03-14 07:49 - 2015-03-14 07:49 - 00291840 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2014-01-21 16:54 - 2015-04-20 19:17 - 01294336 _____ () F:\Riot\RADS\system\rads_user_kernel.exe
2015-04-29 17:29 - 2015-04-29 17:29 - 02323448 _____ () F:\Riot\RADS\projects\lol_launcher\releases\0.0.0.244\deploy\LoLLauncher.exe
2015-04-29 17:29 - 2015-04-29 17:29 - 03797496 _____ () F:\Riot\RADS\projects\lol_patcher\releases\0.0.0.28\deploy\LoLPatcher.exe
2015-04-20 19:25 - 2015-04-15 22:25 - 00074752 _____ () F:\Riot\RADS\projects\lol_air_client\releases\0.0.1.141\deploy\LolClient.exe
2015-04-20 18:35 - 2015-05-01 10:12 - 00039424 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2015-04-20 18:35 - 2010-06-29 04:58 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2015-04-20 18:36 - 2012-10-25 14:16 - 05766344 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzULIB.dll
2015-04-20 18:36 - 2010-06-21 15:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\ImageHelper.dll
2015-04-24 00:41 - 2015-04-09 02:58 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-04-20 18:38 - 2012-08-03 10:41 - 00043520 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2015-04-20 18:38 - 2012-08-03 16:40 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2015-04-20 18:35 - 2011-07-12 19:14 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2015-04-20 18:35 - 2010-10-05 08:22 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2015-04-20 18:36 - 2011-09-26 19:36 - 00869376 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll
2015-04-20 18:35 - 2012-03-21 12:07 - 00972288 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2015-04-20 18:36 - 2012-08-01 10:51 - 01040896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EasyUpdt.dll
2015-04-20 18:37 - 2012-06-19 12:56 - 01305600 _____ () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
2015-04-20 18:37 - 2012-07-20 09:39 - 01047040 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
2015-04-20 18:35 - 2012-05-25 10:33 - 00883712 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2015-04-20 18:35 - 2012-05-28 21:27 - 01622528 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2015-04-20 18:35 - 2011-09-19 20:18 - 01243136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2015-04-20 18:35 - 2011-07-21 09:06 - 00846848 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2015-04-20 18:35 - 2011-10-14 20:03 - 00885248 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2015-04-20 18:35 - 2010-08-23 04:17 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll
2015-04-20 18:35 - 2010-10-05 08:22 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2015-04-20 18:39 - 2012-01-19 09:39 - 00028672 _____ () C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\PEInfo.dll
2015-04-20 18:39 - 2010-09-23 11:51 - 00114688 _____ () C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\AsIdxParser.dll
2015-04-20 18:39 - 2010-02-25 14:01 - 00139264 _____ () C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\Aszip.dll
2015-04-20 18:35 - 2009-08-12 20:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll
2015-02-02 09:52 - 2015-02-02 09:52 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2015-04-21 12:53 - 2014-11-26 03:12 - 40622592 _____ () C:\Users\iParanoid\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2015-04-21 12:53 - 2014-11-26 03:12 - 00911360 _____ () C:\Users\iParanoid\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2015-04-21 12:53 - 2014-11-26 03:12 - 00134144 _____ () C:\Users\iParanoid\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2013-10-22 10:24 - 2013-10-22 10:24 - 24978944 _____ () C:\ProgramData\Razer\SwitchBlade\Resources\CEF1\libcef.dll
2013-10-22 10:24 - 2013-10-22 10:24 - 00736256 _____ () C:\ProgramData\Razer\SwitchBlade\Resources\CEF1\libglesv2.dll
2013-10-22 10:24 - 2013-10-22 10:24 - 00130048 _____ () C:\ProgramData\Razer\SwitchBlade\Resources\CEF1\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\iParanoid\Downloads\350.12-desktop-win8-win7-winvista-64bit-international-whql.exe:BDU
AlternateDataStreams: C:\Users\iParanoid\Downloads\adwcleaner_4.202.exe:BDU
AlternateDataStreams: C:\Users\iParanoid\Downloads\Defogger.exe:BDU
AlternateDataStreams: C:\Users\iParanoid\Downloads\esetsmartinstaller_deu.exe:BDU
AlternateDataStreams: C:\Users\iParanoid\Downloads\Gmer-19357.exe:BDU
AlternateDataStreams: C:\Users\iParanoid\Downloads\JRT.exe:BDU
AlternateDataStreams: C:\Users\iParanoid\Downloads\mbam-setup-2.1.4.1018.exe:BDU
AlternateDataStreams: C:\Users\iParanoid\Downloads\OpenOffice - CHIP-Installer.exe:BDU
AlternateDataStreams: C:\Users\iParanoid\Downloads\Razer_Synapse_Framework_V1.18.19.24735.exe:BDU
AlternateDataStreams: C:\Users\iParanoid\Downloads\SkypeSetup.exe:BDU
AlternateDataStreams: C:\Users\iParanoid\Downloads\TeamSpeak3-Client-win64-3.0.16.exe:BDU
AlternateDataStreams: C:\Users\iParanoid\Downloads\TeamViewer_Setup_de.exe:BDU
AlternateDataStreams: C:\Users\iParanoid\Downloads\TFC.exe:BDU
AlternateDataStreams: C:\Users\iParanoid\Downloads\UplayInstaller.exe:BDU
AlternateDataStreams: C:\Users\iParanoid\Downloads\winrar-x64-521d.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3222174732-2686061832-2192769455-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\iParanoid\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{79084306-FAAA-48BD-BBD0-7D511ACC0690}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [{9A9C09EC-6132-4F4B-B903-205D9C3A012F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{32D04E45-8F3B-4050-9787-B9D9B3F1B2AC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{08CA8813-86EA-49BF-980A-C67C2875E6B5}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{84D072FD-FEEF-477E-BA9B-34B1150F8E1D}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{A85D363E-CF71-4DB8-B316-A087312ADAD2}] => (Allow) F:\Steam\Steam.exe
FirewallRules: [{3AA58566-7A70-48A4-9B84-DA403726828E}] => (Allow) F:\Steam\Steam.exe
FirewallRules: [{662BE523-E960-45A5-B1AE-1FB6C0EA9C00}] => (Allow) F:\Steam\bin\steamwebhelper.exe
FirewallRules: [{1588C02F-2B16-4ED8-95C6-A06CC1BCE78E}] => (Allow) F:\Steam\bin\steamwebhelper.exe
FirewallRules: [{B7A672FA-59E5-4501-BFCE-9D30A0894A5A}] => (Allow) F:\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{F3D20BF4-2EE1-463F-BE8D-D4A7903711C2}] => (Allow) F:\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{B8F62CD5-F95A-4684-B84A-7011B90B67C0}] => (Allow) F:\Steam\steamapps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{CD8AA34F-5151-44AF-AD29-5A513D919CE7}] => (Allow) F:\Steam\steamapps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{3F94C014-220A-4720-8E59-E8ADF33373D0}] => (Allow) F:\Steam\steamapps\common\Darkness II\DarknessII.exe
FirewallRules: [{6DF5F2EC-9805-48A1-A94D-2EC795338B78}] => (Allow) F:\Steam\steamapps\common\Darkness II\DarknessII.exe
FirewallRules: [{A6B9F8DC-C7AD-40D9-97B7-BA29B94E52ED}] => (Allow) F:\Steam\steamapps\common\Anno 2070\Anno5.exe
FirewallRules: [{63416AA5-2BC5-404D-AB9F-C994A68FD728}] => (Allow) F:\Steam\steamapps\common\Anno 2070\Anno5.exe
FirewallRules: [{E1BAE11A-BA7D-4D4B-9309-78E86E037396}] => (Allow) F:\Steam\steamapps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{64CDCEB2-559E-48EC-B5B7-962AE028E154}] => (Allow) F:\Steam\steamapps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{5D73B2A7-11F0-4B75-8888-4701A94D1ECE}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{A5ACCB69-30AC-4060-8051-530BE09AD68A}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{B4CDB798-2A9B-4FB4-B546-D78B8DF5FF50}] => (Allow) F:\Steam\steamapps\common\Anno 2070\Anno5.exe
FirewallRules: [{C37EF74A-C0B5-4696-A30B-907955ECD2B3}] => (Allow) F:\Steam\steamapps\common\Anno 2070\Anno5.exe
FirewallRules: [{F3044EE1-7950-436A-8A9B-DE8DA526CD5E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{150EC7A7-D2E2-408D-A714-7332C60E9CAD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{645234A2-3855-4ED5-AD4B-607D226EDEC5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{78CD13AE-FE43-45EF-9506-DCF7D05C2918}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{700AF9B5-34CD-4F25-AFD8-EF7EC218C7F2}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E1C1B0C7-18D9-4703-955A-72E5F8E096B3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CAB63C13-83AF-4383-81FC-B126691347FE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A1EA5AB0-18EA-4236-B2E0-9B8B4786C9B0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{350BFAE9-85D0-4BC5-921F-EED8F35B927B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{6235A71F-A3C4-47A6-8996-09B6BB773B09}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5100020C-2311-432B-949A-6A1B74DCA894}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

==================== Faulty Device Manager Devices =============

Name: High Definition Audio-Controller
Description: High Definition Audio-Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/30/2015 00:47:46 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhost (2192) WebCacheLocal: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -543 auf.

Error: (04/30/2015 00:47:46 PM) (Source: ESENT) (EventID: 452) (User: )
Description: taskhost (2192) WebCacheLocal: Datenbank C:\Users\iParanoid\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat benötigt die Protokolldateien 20-22 für eine erfolgreiche Wiederherstellung. Es wurden nur Protokolldateien ab 22 gefunden.

Error: (04/29/2015 01:34:37 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/28/2015 07:20:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 37.0.2.5583, Zeitstempel: 0x552ef76c
Name des fehlerhaften Moduls: mozalloc.dll, Version: 37.0.2.5583, Zeitstempel: 0x552ee9ae
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0x1658
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (04/28/2015 00:50:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SynTPEnh.exe, Version: 16.2.12.23, Zeitstempel: 0x506d0b1f
Name des fehlerhaften Moduls: SynTPEnh.exe, Version: 16.2.12.23, Zeitstempel: 0x506d0b1f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000a0df5
ID des fehlerhaften Prozesses: 0xb44
Startzeit der fehlerhaften Anwendung: 0xSynTPEnh.exe0
Pfad der fehlerhaften Anwendung: SynTPEnh.exe1
Pfad des fehlerhaften Moduls: SynTPEnh.exe2
Berichtskennung: SynTPEnh.exe3

Error: (04/27/2015 01:22:50 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/26/2015 11:12:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Name des fehlerhaften Moduls: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000004e920f
ID des fehlerhaften Prozesses: 0xe70
Startzeit der fehlerhaften Anwendung: 0xNvStreamNetworkService.exe0
Pfad der fehlerhaften Anwendung: NvStreamNetworkService.exe1
Pfad des fehlerhaften Moduls: NvStreamNetworkService.exe2
Berichtskennung: NvStreamNetworkService.exe3

Error: (04/25/2015 05:08:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Name des fehlerhaften Moduls: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000004e920f
ID des fehlerhaften Prozesses: 0xf68
Startzeit der fehlerhaften Anwendung: 0xNvStreamNetworkService.exe0
Pfad der fehlerhaften Anwendung: NvStreamNetworkService.exe1
Pfad des fehlerhaften Moduls: NvStreamNetworkService.exe2
Berichtskennung: NvStreamNetworkService.exe3

Error: (04/24/2015 10:19:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Name des fehlerhaften Moduls: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000004e920f
ID des fehlerhaften Prozesses: 0xe7c
Startzeit der fehlerhaften Anwendung: 0xNvStreamNetworkService.exe0
Pfad der fehlerhaften Anwendung: NvStreamNetworkService.exe1
Pfad des fehlerhaften Moduls: NvStreamNetworkService.exe2
Berichtskennung: NvStreamNetworkService.exe3

Error: (04/24/2015 00:42:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Name des fehlerhaften Moduls: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000004e920f
ID des fehlerhaften Prozesses: 0xeb8
Startzeit der fehlerhaften Anwendung: 0xNvStreamNetworkService.exe0
Pfad der fehlerhaften Anwendung: NvStreamNetworkService.exe1
Pfad des fehlerhaften Moduls: NvStreamNetworkService.exe2
Berichtskennung: NvStreamNetworkService.exe3


System errors:
=============
Error: (05/01/2015 10:13:52 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "AsusFanControlService" wurde nicht richtig gestartet.

Error: (05/01/2015 06:02:12 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (04/30/2015 08:51:20 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "AsusFanControlService" wurde nicht richtig gestartet.

Error: (04/30/2015 00:56:32 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 80.

Error: (04/30/2015 00:49:39 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "AsusFanControlService" wurde nicht richtig gestartet.

Error: (04/30/2015 00:45:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/30/2015 00:45:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/30/2015 00:45:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) PROSet Monitoring Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/30/2015 00:45:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "DTSAudioSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/30/2015 00:45:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AsusFanControlService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (04/30/2015 00:47:46 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhost2192WebCacheLocal: -543

Error: (04/30/2015 00:47:46 PM) (Source: ESENT) (EventID: 452) (User: )
Description: taskhost2192WebCacheLocal: C:\Users\iParanoid\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat202222

Error: (04/29/2015 01:34:37 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\users\iparanoid\downloads\esetsmartinstaller_deu.exe

Error: (04/28/2015 07:20:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.2.5583552ef76cmozalloc.dll37.0.2.5583552ee9ae8000000300001aa1165801d081382e7934d8C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlle156052d-edca-11e4-b7d2-60a44c63cc89

Error: (04/28/2015 00:50:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SynTPEnh.exe16.2.12.23506d0b1fSynTPEnh.exe16.2.12.23506d0b1fc000000500000000000a0df5b4401d080bb1d30cfe5C:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exec44b8ba4-ed2f-11e4-b7d2-60a44c63cc89

Error: (04/27/2015 01:22:50 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\iParanoid\Downloads\esetsmartinstaller_deu.exe

Error: (04/26/2015 11:12:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvStreamNetworkService.exe4.1.1943.6202551399beNvStreamNetworkService.exe4.1.1943.6202551399bec000000500000000004e920fe7001d08000d272db6eC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe5032ded6-ebf4-11e4-81f6-60a44c63cc89

Error: (04/25/2015 05:08:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvStreamNetworkService.exe4.1.1943.6202551399beNvStreamNetworkService.exe4.1.1943.6202551399bec000000500000000004e920ff6801d07f69757631ebC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exef82b560f-eb5c-11e4-bee9-60a44c63cc89

Error: (04/24/2015 10:19:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvStreamNetworkService.exe4.1.1943.6202551399beNvStreamNetworkService.exe4.1.1943.6202551399bec000000500000000004e920fe7c01d07ecbbda06466C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe422e2b91-eabf-11e4-8a30-60a44c63cc89

Error: (04/24/2015 00:42:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvStreamNetworkService.exe4.1.1943.6202551399beNvStreamNetworkService.exe4.1.1943.6202551399bec000000500000000004e920feb801d07e7b1f4a04afC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exea3ceb2e5-ea6e-11e4-920e-60a44c63cc89


CodeIntegrity Errors:
===================================
  Date: 2015-05-01 10:13:20.310
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-01 03:11:13.078
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-30 21:16:29.925
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-30 20:50:46.403
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-30 12:48:57.737
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-29 17:07:09.738
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-29 16:56:45.937
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-29 13:23:32.831
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-28 00:19:12.606
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-27 09:55:44.743
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: AMD FX(tm)-8350 Eight-Core Processor 
Percentage of memory in use: 18%
Total physical RAM: 15785.62 MB
Available physical RAM: 12854.45 MB
Total Pagefile: 31569.43 MB
Available Pagefile: 28277.08 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.29 GB) (Free:861.95 GB) NTFS
Drive d: (Externe) (Fixed) (Total:698.64 GB) (Free:127.46 GB) NTFS
Drive f: () (Fixed) (Total:931.51 GB) (Free:821.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 51E47A7A)
Partition 1: (Active) - (Size=698.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 632F95AC)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 5AF30A24)

Partition: GPT Partition Type.

==================== End Of Log ============================

FRST.txt Teil 1 da die txt leider zu lang ist

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015 01
Ran by iParanoid (administrator) on IPARANOID-PC on 01-05-2015 10:33:55
Running from C:\Users\iParanoid\Downloads
Loaded Profiles: iParanoid (Available profiles: iParanoid)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
() C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
() C:\Windows\SysWOW64\ASGT.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\iParanoid\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Razer Inc.) C:\ProgramData\Razer\SwitchBlade\DeathStalker\Razer\1068AAE3-6299-4086-A7F6-0600F5F1D1E5\RzHome.exe
(Razer Inc) C:\Program Files (x86)\Razer\SwitchBlade\RzAppManager.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() F:\Riot\RADS\system\rads_user_kernel.exe
() F:\Riot\RADS\projects\lol_launcher\releases\0.0.0.244\deploy\LoLLauncher.exe
() F:\Riot\RADS\projects\lol_patcher\releases\0.0.0.28\deploy\LoLPatcher.exe
() F:\Riot\RADS\projects\lol_air_client\releases\0.0.1.141\deploy\LolClient.exe
(Tweaking.com) C:\Users\iParanoid\Downloads\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\Repair_Windows.exe
(Tweaking.com) C:\Users\iParanoid\Downloads\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\WR_Tray_Icon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2920760 2012-10-03] (Synaptics Incorporated)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1691112 2015-03-12] (Bitdefender)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3222174732-2686061832-2192769455-1000\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-01-15] (Bitdefender)
HKU\S-1-5-21-3222174732-2686061832-2192769455-1000\...\MountPoints2: {17da88f8-e760-11e4-b89f-806e6f6e6963} - E:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-3222174732-2686061832-2192769455-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\ROG_VI~1.SCR [201728 2011-10-26] (ScreenTime Media)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-04-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-04-30] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3222174732-2686061832-2192769455-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3222174732-2686061832-2192769455-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-01-28] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-01-28] (Bitdefender)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\iParanoid\AppData\Roaming\Mozilla\Firefox\Profiles\1mq9xwyq.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-20] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-20] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3222174732-2686061832-2192769455-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-03-27] ()
FF Extension: YouTube Unblocker - C:\Users\iParanoid\AppData\Roaming\Mozilla\Firefox\Profiles\1mq9xwyq.default\Extensions\youtubeunblocker@unblocker.yt [2015-04-20]
FF Extension: Adblock Plus - C:\Users\iParanoid\AppData\Roaming\Mozilla\Firefox\Profiles\1mq9xwyq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-20]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-04-20]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2015-04-20]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx

FRST.txt Teil 2

Code:

ATTFilter

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
U2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe [1457664 2012-06-19] (ASUSTeK Computer Inc.) [File not signed]
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2014-12-09] (Bitdefender)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [233328 2012-01-23] (DTS, Inc)
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-04-09] (NVIDIA Corporation)
S4 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-04-09] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-04-09] (NVIDIA Corporation)
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-10-27] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2015-03-16] (Bitdefender)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2015-01-14] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [262544 2015-01-23] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2015-01-14] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2014-12-15] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2015-01-09] (BitDefender SRL)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160544 2015-02-24] (BitDefender LLC)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-30] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-04-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-04-09] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R3 rzhnet; C:\Windows\System32\Drivers\rzhnet.sys [21160 2014-12-30] (Razer Inc)
R3 rzjstk; C:\Windows\System32\DRIVERS\rzjstk.sys [27816 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-10-15] (BitDefender S.R.L.)

iParanoid · 01.05.2015, 15:53

FRST.txt Teil 3

Code:

ATTFilter

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-01 10:32 - 2015-05-01 10:32 - 00380416 _____ () C:\Users\iParanoid\Downloads\Gmer-19357.exe
2015-05-01 10:30 - 2015-05-01 10:34 - 00013702 _____ () C:\Users\iParanoid\Downloads\FRST.txt
2015-05-01 10:29 - 2015-05-01 10:29 - 00000480 _____ () C:\Users\iParanoid\Downloads\defogger_disable.log
2015-05-01 10:29 - 2015-05-01 10:29 - 00000000 _____ () C:\Users\iParanoid\defogger_reenable
2015-05-01 10:28 - 2015-05-01 10:28 - 00050477 _____ () C:\Users\iParanoid\Downloads\Defogger.exe
2015-05-01 10:20 - 2015-05-01 10:20 - 00000000 ____D () C:\Users\iParanoid\Downloads\tweaking.com_windows_repair_aio
2015-05-01 10:19 - 2015-05-01 10:19 - 10661519 _____ () C:\Users\iParanoid\Downloads\tweaking.com_windows_repair_aio.zip
2015-05-01 10:09 - 2015-05-01 10:09 - 00000000 ____D () C:\Windows\pss
2015-04-30 15:19 - 2015-04-30 15:19 - 00000000 ____D () C:\Users\iParanoid\AppData\Local\RzStats
2015-04-30 12:43 - 2015-04-30 12:43 - 02224640 _____ () C:\Users\iParanoid\Downloads\adwcleaner_4.202.exe
2015-04-30 12:39 - 2015-04-30 09:30 - 02716306 _____ (Thisisu) C:\Users\iParanoid\Downloads\JRT_NEW.exe
2015-04-30 12:33 - 2015-04-30 12:33 - 00000000 ____D () C:\Users\iParanoid\Downloads\FRST-OlderVersion
2015-04-29 22:36 - 2015-04-29 22:37 - 00005912 _____ () C:\Users\iParanoid\Downloads\LOL_OPGG_Observer_2086304976_spectate.bat
2015-04-27 13:22 - 2015-04-27 13:30 - 00015767 _____ () C:\Users\iParanoid\Documents\Andre Bewerbung.odt
2015-04-27 12:23 - 2015-04-27 17:29 - 00019321 _____ () C:\Users\iParanoid\Documents\Andre lebenslauf.odt
2015-04-27 11:45 - 2015-04-27 11:45 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2015-04-27 11:45 - 2015-04-27 11:45 - 00000000 ____D () C:\Users\iParanoid\AppData\Roaming\OpenOffice
2015-04-27 11:44 - 2015-04-27 11:45 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2015-04-27 11:40 - 2015-04-27 11:40 - 00000000 ____D () C:\Users\iParanoid\Downloads\OpenOffice 4.1.1 (de) Installation Files
2015-04-27 11:37 - 2015-04-27 11:38 - 01203488 _____ () C:\Users\iParanoid\Downloads\OpenOffice - CHIP-Installer.exe
2015-04-26 22:30 - 2015-04-26 22:30 - 00007597 _____ () C:\Users\iParanoid\AppData\Local\Resmon.ResmonCfg
2015-04-26 11:31 - 2015-04-26 11:32 - 06489850 _____ () C:\Users\iParanoid\Documents\IPARANOID-PC.arn
2015-04-26 11:27 - 2015-04-26 11:27 - 00588816 _____ () C:\Users\iParanoid\Downloads\14796_Autoruns_13.2.zip
2015-04-26 11:27 - 2015-03-08 11:31 - 00583832 _____ (Sysinternals - www.sysinternals.com) C:\Users\iParanoid\Downloads\autorunsc.exe
2015-04-26 11:27 - 2015-03-08 11:22 - 00670880 _____ (Sysinternals - www.sysinternals.com) C:\Users\iParanoid\Downloads\autoruns.exe
2015-04-26 11:27 - 2015-01-04 16:04 - 00050512 _____ () C:\Users\iParanoid\Downloads\autoruns.chm
2015-04-26 11:27 - 2014-06-28 16:47 - 00002028 _____ () C:\Users\iParanoid\Downloads\Eula.txt
2015-04-24 22:42 - 2015-04-24 22:43 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-24 14:06 - 2015-04-24 14:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-24 12:44 - 2015-04-24 12:44 - 00000000 ____D () C:\Users\iParanoid\Documents\SwitchBlade-UI
2015-04-24 02:39 - 2015-04-24 02:39 - 00000084 _____ () C:\Windows\SysWOW64\prime.txt
2015-04-24 02:39 - 2015-04-24 02:39 - 00000065 _____ () C:\Windows\SysWOW64\local.txt
2015-04-24 00:41 - 2015-04-24 17:03 - 00000000 ____D () C:\Users\iParanoid\AppData\Local\NVIDIA Corporation
2015-04-24 00:41 - 2015-04-09 02:58 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-04-24 00:41 - 2015-04-09 02:58 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-04-24 00:41 - 2015-04-09 02:58 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-04-24 00:41 - 2015-04-09 02:58 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-04-24 00:40 - 2015-04-24 00:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-04-24 00:39 - 2015-04-08 22:32 - 00560968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-04-24 00:36 - 2015-04-09 02:58 - 31570064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-04-24 00:36 - 2015-04-09 02:58 - 30397072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-04-24 00:36 - 2015-04-09 02:58 - 25375048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-04-24 00:36 - 2015-04-09 02:58 - 24053576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-04-24 00:36 - 2015-04-09 02:58 - 15818528 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-04-24 00:36 - 2015-04-09 02:58 - 15716232 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-04-24 00:36 - 2015-04-09 02:58 - 14617288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-04-24 00:36 - 2015-04-09 02:58 - 14006752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-04-24 00:36 - 2015-04-09 02:58 - 12852784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-04-24 00:36 - 2015-04-09 02:58 - 11380728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-04-24 00:36 - 2015-04-09 02:58 - 10423952 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-04-24 00:36 - 2015-04-09 02:58 - 03317344 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-04-24 00:36 - 2015-04-09 02:58 - 02935416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-04-24 00:36 - 2015-04-09 02:58 - 02896528 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-04-24 00:36 - 2015-04-09 02:58 - 02573456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-04-24 00:36 - 2015-04-09 02:58 - 01895568 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435012.dll
2015-04-24 00:36 - 2015-04-09 02:58 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435012.dll
2015-04-24 00:36 - 2015-04-09 02:58 - 01086424 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-04-24 00:36 - 2015-04-09 02:58 - 01047368 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-04-24 00:36 - 2015-04-09 02:58 - 01037640 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-04-24 00:36 - 2015-04-09 02:58 - 00970568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-04-24 00:36 - 2015-04-09 02:58 - 00962192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-04-24 00:36 - 2015-04-09 02:58 - 00927440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-04-24 00:36 - 2015-04-09 02:58 - 00499344 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-04-24 00:36 - 2015-04-09 02:58 - 00402576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-04-24 00:36 - 2015-04-09 02:58 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-04-24 00:36 - 2015-04-09 02:58 - 00346256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-04-24 00:36 - 2015-04-09 02:58 - 00175880 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-04-24 00:36 - 2015-04-09 02:58 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-04-24 00:36 - 2015-04-09 02:58 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-04-24 00:36 - 2015-04-09 02:58 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-04-24 00:36 - 2015-04-09 02:58 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-04-24 00:36 - 2015-04-09 02:58 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-04-24 00:36 - 2015-04-09 02:58 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-04-24 00:27 - 2015-04-24 00:27 - 00000000 ____D () C:\NVIDIA
2015-04-23 20:39 - 2015-04-30 14:23 - 00002555 _____ () C:\Windows\MB.idx
2015-04-23 19:36 - 2015-04-23 19:36 - 00000000 ____D () C:\Users\iParanoid\Tracing
2015-04-23 19:36 - 2015-04-23 19:36 - 00000000 ____D () C:\Users\iParanoid\AppData\Local\Skype
2015-04-23 19:35 - 2015-04-30 23:07 - 00000000 ____D () C:\Users\iParanoid\AppData\Roaming\Skype
2015-04-23 19:35 - 2015-04-23 19:35 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-23 19:35 - 2015-04-23 19:35 - 00000000 ____D () C:\ProgramData\Skype
2015-04-23 19:35 - 2015-04-23 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-23 19:34 - 2015-04-23 19:34 - 01384064 _____ (Skype Technologies S.A.) C:\Users\iParanoid\Downloads\SkypeSetup.exe
2015-04-22 19:16 - 2015-05-01 10:09 - 00000000 ____D () C:\Users\iParanoid\AppData\Roaming\TS3Client
2015-04-22 19:16 - 2015-04-22 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-04-22 19:16 - 2015-04-22 19:16 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2015-04-22 19:14 - 2015-04-22 19:15 - 30014480 _____ (TeamSpeak Systems GmbH) C:\Users\iParanoid\Downloads\TeamSpeak3-Client-win64-3.0.16.exe
2015-04-22 19:12 - 2015-04-22 19:12 - 00000000 ____D () C:\Users\iParanoid\AppData\Roaming\TeamViewer
2015-04-22 18:38 - 2015-04-22 18:38 - 00001047 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-22 18:38 - 2015-04-22 18:38 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-04-22 18:33 - 2015-04-22 18:33 - 07970528 _____ (TeamViewer GmbH) C:\Users\iParanoid\Downloads\TeamViewer_Setup_de.exe
2015-04-22 12:47 - 2015-03-14 05:21 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-04-22 12:47 - 2015-03-14 05:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-04-22 12:47 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-04-22 12:47 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-04-22 12:47 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-04-22 12:47 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-04-21 18:38 - 2015-04-21 18:38 - 00000000 ____D () C:\Users\iParanoid\Documents\ANNO 2070
2015-04-21 14:55 - 2015-04-21 14:55 - 00000000 ____D () C:\Users\iParanoid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2015-04-21 14:52 - 2015-04-21 14:53 - 46299456 _____ (Ubisoft) C:\Users\iParanoid\Downloads\UplayInstaller.exe
2015-04-21 14:46 - 2015-04-21 14:49 - 283201840 _____ (NVIDIA Corporation) C:\Users\iParanoid\Downloads\350.12-desktop-win8-win7-winvista-64bit-international-whql.exe
2015-04-21 14:41 - 2015-04-21 15:14 - 00000000 ____D () C:\Users\iParanoid\AppData\Local\Ubisoft Game Launcher
2015-04-21 14:40 - 2015-04-21 14:40 - 00000000 ____D () C:\ProgramData\Solidshield
2015-04-21 14:39 - 2015-04-21 14:39 - 00000000 ____D () C:\Users\iParanoid\AppData\Roaming\Ubisoft
2015-04-21 14:37 - 2015-04-21 14:37 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2015-04-21 14:36 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-04-21 14:36 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-04-21 14:36 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-04-21 14:36 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-04-21 14:36 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-04-21 14:36 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-04-21 14:36 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-04-21 14:36 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-04-21 14:36 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-04-21 14:36 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-04-21 14:36 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-04-21 14:36 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-04-21 14:36 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-04-21 14:36 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2015-04-21 14:36 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2015-04-21 14:36 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-04-21 14:36 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-04-21 14:36 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2015-04-21 14:36 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-04-21 14:36 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2015-04-21 14:36 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-04-21 14:36 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2015-04-21 14:36 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2015-04-21 14:36 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-04-21 14:36 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-04-21 14:36 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2015-04-21 14:36 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-04-21 14:36 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2015-04-21 14:36 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-04-21 14:36 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-04-21 14:36 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-04-21 14:36 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-04-21 14:36 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-04-21 14:36 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2015-04-21 14:36 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-04-21 14:36 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2015-04-21 14:36 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-04-21 14:36 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2015-04-21 14:36 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2015-04-21 14:36 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-04-21 14:36 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-04-21 14:36 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2015-04-21 14:36 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-04-21 14:36 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2015-04-21 14:36 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-04-21 14:36 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2015-04-21 14:36 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-04-21 14:36 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2015-04-21 14:36 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-04-21 14:36 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2015-04-21 14:36 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2015-04-21 14:36 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-04-21 14:36 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-04-21 14:36 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2015-04-21 14:36 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-04-21 14:36 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2015-04-21 14:36 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-04-21 14:36 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-04-21 14:36 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-04-21 14:36 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-04-21 14:36 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-04-21 14:36 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2015-04-21 14:36 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2015-04-21 14:36 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-04-21 14:36 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-04-21 14:36 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-04-21 14:36 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-04-21 14:36 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-04-21 14:36 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-04-21 14:36 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-04-21 14:36 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2015-04-21 14:36 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2015-04-21 14:36 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-04-21 14:36 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-04-21 14:36 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2015-04-21 14:36 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2015-04-21 14:36 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-04-21 14:36 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-04-21 14:36 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2015-04-21 14:36 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-04-21 14:36 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2015-04-21 14:36 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-04-21 14:36 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2015-04-21 14:36 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-04-21 14:36 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2015-04-21 14:36 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2015-04-21 14:36 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-04-21 14:36 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-04-21 14:36 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2015-04-21 14:36 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-04-21 14:36 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2015-04-21 14:36 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-04-21 14:36 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2015-04-21 14:36 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-04-21 14:36 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2015-04-21 14:35 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-04-21 14:35 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2015-04-21 14:35 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-04-21 14:35 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2015-04-21 14:35 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-04-21 14:35 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2015-04-21 14:35 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-04-21 14:35 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2015-04-21 14:35 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-04-21 14:35 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2015-04-21 14:35 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-04-21 14:35 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2015-04-21 14:35 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-04-21 14:35 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2015-04-21 14:35 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-04-21 14:35 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2015-04-21 14:35 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-04-21 14:35 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2015-04-21 14:35 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-04-21 14:35 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2015-04-21 14:35 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-04-21 14:35 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2015-04-21 14:35 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-04-21 14:35 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2015-04-21 14:35 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-04-21 14:35 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2015-04-21 14:35 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-04-21 14:35 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2015-04-21 14:35 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-04-21 14:35 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-04-21 14:35 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-04-21 14:35 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2015-04-21 14:35 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-04-21 14:35 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2015-04-21 14:35 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-04-21 14:35 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2015-04-21 14:35 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-04-21 14:35 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-04-21 14:35 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-04-21 14:35 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2015-04-21 14:35 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2015-04-21 14:35 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-04-21 14:35 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-04-21 14:35 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2015-04-21 14:35 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-04-21 14:35 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2015-04-21 14:35 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-04-21 14:35 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-04-21 14:35 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2015-04-21 14:35 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-04-21 14:35 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-04-21 14:35 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-04-21 14:35 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2015-04-21 14:35 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-04-21 14:35 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2015-04-21 14:35 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-04-21 14:35 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-04-21 14:35 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-04-21 14:35 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-04-21 14:35 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-04-21 14:35 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-04-21 14:35 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-04-21 14:35 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-04-21 14:35 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-04-21 14:35 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-04-21 14:35 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-04-21 14:35 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-04-21 14:35 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-04-21 14:35 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-04-21 14:35 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-04-21 14:34 - 2015-04-24 22:46 - 00027750 _____ () C:\Windows\DirectX.log
2015-04-21 14:34 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-04-21 14:34 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-04-21 14:34 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-04-21 14:34 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-04-21 14:34 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-04-21 14:34 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-04-21 14:34 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-04-21 14:34 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-04-21 12:37 - 2015-03-03 19:47 - 00129600 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpnk.sys
2015-04-21 12:37 - 2015-02-05 01:24 - 00037184 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys
2015-04-21 12:17 - 2015-04-21 12:17 - 00000000 ____D () C:\Users\iParanoid\AppData\Roaming\NVIDIA
2015-04-21 12:11 - 2015-04-21 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-04-21 11:47 - 2015-04-21 11:47 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-04-21 11:45 - 2015-04-21 11:45 - 55891792 _____ (Razer Inc.) C:\Users\iParanoid\Downloads\Razer_Synapse_Framework_V1.18.19.24735.exe
2015-04-21 00:59 - 2015-01-09 01:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-04-21 00:59 - 2015-01-09 01:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-04-21 00:51 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-04-21 00:51 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-04-21 00:40 - 2015-04-21 00:40 - 00448512 _____ (OldTimer Tools) C:\Users\iParanoid\Downloads\TFC.exe
2015-04-21 00:31 - 2015-04-30 12:42 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-21 00:31 - 2015-04-21 00:32 - 02347384 _____ (ESET) C:\Users\iParanoid\Downloads\esetsmartinstaller_deu.exe
2015-04-21 00:28 - 2015-04-30 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-21 00:28 - 2015-04-30 12:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-21 00:28 - 2015-04-21 00:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-21 00:28 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-21 00:28 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-21 00:28 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-21 00:27 - 2015-04-21 00:28 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\iParanoid\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-21 00:26 - 2015-05-01 10:33 - 00000000 ____D () C:\FRST
2015-04-21 00:25 - 2015-04-21 00:25 - 00000604 _____ () C:\Users\iParanoid\Downloads\JRT.txt
2015-04-21 00:23 - 2015-04-30 12:33 - 02101248 _____ (Farbar) C:\Users\iParanoid\Downloads\FRST64.exe
2015-04-21 00:22 - 2015-04-21 00:22 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-IPARANOID-PC-Windows-7-Professional-(64-bit).dat
2015-04-21 00:21 - 2015-04-21 00:21 - 00000000 ____D () C:\RegBackup
2015-04-21 00:15 - 2015-04-21 00:15 - 00000000 ____D () C:\Windows\system32\dsc
2015-04-21 00:15 - 2015-04-21 00:15 - 00000000 ____D () C:\Windows\system32\Configuration
2015-04-21 00:15 - 2015-04-21 00:15 - 00000000 ____D () C:\Program Files\WindowsPowerShell
2015-04-21 00:15 - 2015-04-21 00:15 - 00000000 ____D () C:\Program Files (x86)\WindowsPowerShell
2015-04-21 00:12 - 2015-04-30 12:45 - 00000000 ____D () C:\AdwCleaner
2015-04-21 00:12 - 2015-04-21 00:12 - 02684539 _____ (Thisisu) C:\Users\iParanoid\Downloads\JRT.exe
2015-04-21 00:08 - 2013-09-27 05:37 - 00001536 _____ (Microsoft Corporation) C:\Windows\system32\winrsmgr.dll
2015-04-21 00:08 - 2013-09-27 05:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2015-04-21 00:08 - 2013-09-27 05:20 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\mimofcodec.dll
2015-04-21 00:08 - 2013-09-27 05:19 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\ncobjapi.dll
2015-04-21 00:08 - 2013-09-27 05:18 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\mi.dll
2015-04-21 00:08 - 2013-09-27 05:18 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Management.Infrastructure.Native.Unmanaged.dll
2015-04-21 00:08 - 2013-09-27 05:17 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\mibincodec.dll
2015-04-21 00:08 - 2013-09-27 05:16 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\wecapi.dll
2015-04-21 00:08 - 2013-09-27 05:16 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2015-04-21 00:08 - 2013-09-27 05:16 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\winrssrv.dll
2015-04-21 00:08 - 2013-09-27 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\wevtfwd.dll
2015-04-21 00:08 - 2013-09-27 05:03 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Register-CimProvider.exe
2015-04-21 00:08 - 2013-09-27 04:59 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\wecutil.exe
2015-04-21 00:08 - 2013-09-27 04:58 - 00213504 _____ (Microsoft Corporation) C:\Windows\system32\wecsvc.dll
2015-04-21 00:08 - 2013-09-27 04:53 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\wmitomi.dll
2015-04-21 00:08 - 2013-09-27 04:53 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\prvdmofcomp.dll
2015-04-21 00:08 - 2013-09-27 04:50 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\wmidcom.dll
2015-04-21 00:08 - 2013-09-27 04:49 - 00476672 _____ (Microsoft Corporation) C:\Windows\system32\wbemcomn2.dll
2015-04-21 00:08 - 2013-09-27 04:48 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\miutils.dll
2015-04-21 00:08 - 2013-09-27 04:46 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\framedynos.dll
2015-04-21 00:08 - 2013-09-27 04:45 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\framedyn.dll
2015-04-21 00:08 - 2013-09-27 04:40 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\WsmAgent.dll
2015-04-21 00:08 - 2013-09-27 04:34 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\DscCoreConfProv.dll
2015-04-21 00:08 - 2013-09-27 04:27 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\winrshost.exe
2015-04-21 00:08 - 2013-09-27 04:21 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\WsmGCDeps.dll
2015-04-21 00:08 - 2013-09-27 04:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\winrs.exe
2015-04-21 00:08 - 2013-09-27 04:19 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-04-21 00:08 - 2013-09-27 04:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2015-04-21 00:08 - 2013-09-27 04:18 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-04-21 00:08 - 2013-09-27 04:17 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-04-21 00:08 - 2013-09-27 04:17 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\winrscmd.dll
2015-04-21 00:08 - 2013-09-27 04:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\PSModuleDiscoveryProvider.dll
2015-04-21 00:08 - 2013-09-27 04:06 - 02475008 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-04-21 00:08 - 2013-09-27 04:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\pwrshplugin.dll
2015-04-21 00:08 - 2013-09-27 03:53 - 00001536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrsmgr.dll
2015-04-21 00:08 - 2013-09-27 03:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2015-04-21 00:08 - 2013-09-27 03:38 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mimofcodec.dll
2015-04-21 00:08 - 2013-09-27 03:36 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncobjapi.dll
2015-04-21 00:08 - 2013-09-27 03:36 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft.Management.Infrastructure.Native.Unmanaged.dll
2015-04-21 00:08 - 2013-09-27 03:35 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mi.dll
2015-04-21 00:08 - 2013-09-27 03:34 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mibincodec.dll
2015-04-21 00:08 - 2013-09-27 03:34 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wecapi.dll
2015-04-21 00:08 - 2013-09-27 03:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2015-04-21 00:08 - 2013-09-27 03:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrssrv.dll
2015-04-21 00:08 - 2013-09-27 03:31 - 00083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtfwd.dll
2015-04-21 00:08 - 2013-09-27 03:25 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Register-CimProvider.exe
2015-04-21 00:08 - 2013-09-27 03:21 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wecutil.exe
2015-04-21 00:08 - 2013-09-27 03:15 - 00057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prvdmofcomp.dll
2015-04-21 00:08 - 2013-09-27 03:14 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmitomi.dll
2015-04-21 00:08 - 2013-09-27 03:12 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmidcom.dll
2015-04-21 00:08 - 2013-09-27 03:11 - 00371712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wbemcomn2.dll
2015-04-21 00:08 - 2013-09-27 03:11 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\miutils.dll
2015-04-21 00:08 - 2013-09-27 03:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedynos.dll
2015-04-21 00:08 - 2013-09-27 03:08 - 00190464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedyn.dll
2015-04-21 00:08 - 2013-09-27 03:04 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAgent.dll
2015-04-21 00:08 - 2013-09-27 03:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-04-21 00:08 - 2013-09-27 02:54 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrshost.exe
2015-04-21 00:08 - 2013-09-27 02:50 - 00515584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmGCDeps.dll
2015-04-21 00:08 - 2013-09-27 02:49 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrs.exe
2015-04-21 00:08 - 2013-09-27 02:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2015-04-21 00:08 - 2013-09-27 02:48 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-04-21 00:08 - 2013-09-27 02:48 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-04-21 00:08 - 2013-09-27 02:47 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-04-21 00:08 - 2013-09-27 02:47 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrscmd.dll
2015-04-21 00:08 - 2013-09-27 02:47 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PSModuleDiscoveryProvider.dll
2015-04-21 00:08 - 2013-09-27 02:38 - 02026496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-04-21 00:08 - 2013-09-27 02:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pwrshplugin.dll
2015-04-21 00:08 - 2013-09-27 01:52 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-04-21 00:08 - 2013-09-27 00:48 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\DscCore.dll
2015-04-21 00:08 - 2013-09-16 09:34 - 00204105 _____ () C:\Windows\SysWOW64\winrm.vbs
2015-04-21 00:08 - 2013-09-16 09:34 - 00204105 _____ () C:\Windows\system32\winrm.vbs
2015-04-21 00:08 - 2013-09-16 09:34 - 00004675 _____ () C:\Windows\SysWOW64\wsmanconfig_schema.xml
2015-04-21 00:08 - 2013-09-16 09:34 - 00004675 _____ () C:\Windows\system32\wsmanconfig_schema.xml
2015-04-21 00:08 - 2013-09-16 09:33 - 00004148 _____ () C:\Windows\system32\psmodulediscoveryprovider.mof
2015-04-21 00:03 - 2015-01-12 04:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-21 00:02 - 2015-01-31 05:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-04-21 00:02 - 2015-01-31 05:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-04-21 00:02 - 2015-01-31 01:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-04-21 00:02 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-04-21 00:02 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-04-21 00:02 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-04-21 00:02 - 2013-11-23 00:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-04-21 00:02 - 2011-02-25 08:19 - 02871808 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-04-21 00:02 - 2011-02-25 07:30 - 02616320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-04-21 00:01 - 2014-12-11 19:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-04-20 23:59 - 2011-03-11 08:41 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2015-04-20 23:59 - 2011-03-11 08:41 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2015-04-20 23:59 - 2011-03-11 08:41 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2015-04-20 23:59 - 2011-03-11 08:41 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2015-04-20 23:59 - 2011-03-11 08:41 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2015-04-20 23:59 - 2011-03-11 08:33 - 02565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2015-04-20 23:59 - 2011-03-11 08:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2015-04-20 23:59 - 2011-03-11 07:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2015-04-20 23:59 - 2011-03-11 07:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2015-04-20 23:59 - 2011-03-11 06:37 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2015-04-20 23:49 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-04-20 23:49 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-04-20 23:49 - 2014-09-05 04:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-04-20 23:49 - 2014-09-05 03:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-04-20 23:49 - 2012-02-11 08:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2015-04-20 23:49 - 2012-02-11 08:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2015-04-20 23:43 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-04-20 23:43 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-04-20 23:43 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-04-20 23:43 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-04-20 23:43 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-04-20 23:43 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2015-04-20 23:43 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2015-04-20 23:43 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2015-04-20 23:43 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2015-04-20 23:43 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2015-04-20 23:42 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-04-20 23:42 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-04-20 23:18 - 2015-04-20 23:31 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-20 23:18 - 2015-04-20 23:18 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-20 23:06 - 2015-04-20 23:06 - 00000000 ____D () C:\7e99ae6761f82c23c714fdc81af652
2015-04-20 23:05 - 2015-04-21 00:00 - 00005590 _____ () C:\Windows\wsusofflineupdate.log
2015-04-20 23:04 - 2015-04-20 23:04 - 00000000 ____D () C:\Users\iParanoid\Downloads\Windows_7_64_Bit_Update_April2015
2015-04-20 23:04 - 2015-04-20 23:04 - 00000000 ____D () C:\Users\iParanoid\AppData\Roaming\WinRAR
2015-04-20 23:02 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2015-04-20 22:54 - 2015-04-20 22:54 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-20 22:54 - 2015-04-20 22:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-20 22:54 - 2015-04-20 22:54 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-20 22:54 - 2015-04-20 22:54 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-20 22:54 - 2015-04-20 22:54 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-20 22:54 - 2015-04-20 22:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2015-04-20 22:54 - 2015-04-20 22:54 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-04-20 22:54 - 2015-04-20 22:54 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-20 22:54 - 2015-04-20 22:54 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-20 22:54 - 2015-04-20 22:54 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-04-20 22:54 - 2015-04-20 22:54 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2015-04-20 22:54 - 2015-04-20 22:54 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-20 22:54 - 2015-04-20 22:54 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-04-20 22:54 - 2015-04-20 22:54 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2015-04-20 22:54 - 2015-04-20 22:54 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-20 22:54 - 2015-04-20 22:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-20 22:54 - 2015-04-20 22:54 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-04-20 22:54 - 2015-04-20 22:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-04-20 22:54 - 2015-04-20 22:54 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-04-20 22:54 - 2015-04-20 22:54 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2015-04-20 22:54 - 2015-04-20 22:54 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-04-20 22:54 - 2015-04-20 22:54 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-04-20 22:54 - 2015-04-20 22:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-04-20 22:54 - 2015-04-20 22:54 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-20 22:54 - 2015-04-20 22:54 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-04-20 22:54 - 2015-04-20 22:54 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-20 22:54 - 2015-04-20 22:54 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-04-20 22:54 - 2015-04-20 22:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-20 22:50 - 2015-04-20 23:02 - 00014020 _____ () C:\Windows\IE11_main.log
2015-04-20 22:40 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-04-20 22:40 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-04-20 22:40 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-04-20 22:40 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-04-20 22:40 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-04-20 22:40 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-04-20 22:40 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-04-20 22:40 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-04-20 22:40 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-04-20 22:40 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-04-20 22:40 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-04-20 22:40 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-04-20 22:40 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-04-20 22:40 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-04-20 22:40 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-04-20 22:31 - 2015-04-20 22:31 - 02060664 _____ () C:\Users\iParanoid\Downloads\winrar-x64-521d.exe
2015-04-20 22:31 - 2015-04-20 22:31 - 00000000 ____D () C:\Users\iParanoid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-20 22:31 - 2015-04-20 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-20 22:31 - 2015-04-20 22:31 - 00000000 ____D () C:\Program Files\WinRAR
2015-04-20 22:29 - 2015-04-20 22:53 - 2345330233 _____ () C:\Users\iParanoid\Downloads\Windows_7_64_Bit_Update_April2015.zip
2015-04-20 22:09 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-04-20 22:09 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-04-20 22:09 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-04-20 21:42 - 2012-07-26 05:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2015-04-20 21:42 - 2012-07-26 05:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2015-04-20 21:42 - 2012-07-26 05:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2015-04-20 21:42 - 2012-07-26 05:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2015-04-20 21:42 - 2012-07-26 05:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2015-04-20 21:42 - 2012-07-26 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2015-04-20 21:42 - 2012-07-26 04:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2015-04-20 21:42 - 2012-06-02 16:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2015-04-20 21:38 - 2013-01-13 23:17 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-04-20 21:38 - 2013-01-13 23:17 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-04-20 21:38 - 2013-01-13 23:16 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-04-20 21:38 - 2013-01-13 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-04-20 21:38 - 2013-01-13 23:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-04-20 21:38 - 2013-01-13 23:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-04-20 21:38 - 2013-01-13 23:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2015-04-20 21:38 - 2013-01-13 23:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2015-04-20 21:38 - 2013-01-13 23:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-04-20 21:38 - 2013-01-13 22:35 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-04-20 21:38 - 2013-01-13 22:35 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-04-20 21:38 - 2013-01-13 22:35 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-04-20 21:38 - 2013-01-13 22:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-04-20 21:38 - 2013-01-13 22:31 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-04-20 21:38 - 2013-01-13 22:31 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-04-20 21:38 - 2013-01-13 22:31 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-04-20 21:38 - 2013-01-13 22:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-04-20 21:38 - 2013-01-13 22:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-04-20 21:38 - 2013-01-13 22:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-04-20 21:38 - 2013-01-13 22:20 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2015-04-20 21:38 - 2013-01-13 22:09 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-04-20 21:38 - 2013-01-13 22:08 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-04-20 21:38 - 2013-01-13 21:59 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-04-20 21:38 - 2013-01-13 21:58 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-04-20 21:38 - 2013-01-13 21:54 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-04-20 21:38 - 2013-01-13 21:53 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2015-04-20 21:38 - 2013-01-13 21:53 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2015-04-20 21:38 - 2013-01-13 21:49 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2015-04-20 21:38 - 2013-01-13 21:48 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-04-20 21:38 - 2013-01-13 21:46 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-04-20 21:38 - 2013-01-13 21:38 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-04-20 21:38 - 2013-01-13 21:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-04-20 21:38 - 2013-01-13 21:25 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2015-04-20 21:38 - 2013-01-13 21:24 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-04-20 21:38 - 2013-01-13 21:24 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2015-04-20 21:38 - 2013-01-13 21:20 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-04-20 21:38 - 2013-01-13 21:20 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-04-20 21:38 - 2013-01-13 20:34 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2015-04-20 21:38 - 2013-01-13 20:09 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2015-04-20 21:38 - 2013-01-13 19:26 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2015-04-20 21:38 - 2013-01-13 19:05 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2015-04-20 21:35 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-20 21:35 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-20 21:35 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-20 21:35 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-20 21:35 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-20 21:35 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-20 21:35 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-20 21:35 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-20 21:35 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-20 21:35 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-20 21:35 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-20 21:35 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-20 21:35 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-20 21:35 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-20 21:35 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-20 21:35 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-20 21:35 - 2013-12-04 04:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2015-04-20 21:35 - 2013-12-04 04:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2015-04-20 21:35 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2015-04-20 21:35 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2015-04-20 21:35 - 2013-12-04 04:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2015-04-20 21:35 - 2013-12-04 04:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2015-04-20 21:35 - 2013-12-04 04:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2015-04-20 21:35 - 2013-12-04 04:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2015-04-20 21:35 - 2013-12-04 04:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2015-04-20 21:35 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2015-04-20 21:35 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2015-04-20 21:35 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2015-04-20 21:35 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2015-04-20 21:35 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2015-04-20 21:35 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2015-04-20 21:35 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2015-04-20 21:35 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2015-04-20 21:35 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2015-04-20 21:34 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-04-20 21:34 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2015-04-20 21:34 - 2012-08-21 23:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2015-04-20 21:33 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-04-20 21:33 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-04-20 21:33 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-04-20 21:33 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-04-20 21:33 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-04-20 21:33 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-04-20 21:33 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-04-20 21:33 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-04-20 21:33 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-04-20 21:33 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-04-20 21:33 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-04-20 21:33 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-04-20 21:33 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-04-20 21:33 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-04-20 21:33 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-04-20 21:33 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-04-20 21:33 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-04-20 21:33 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-04-20 21:33 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-04-20 21:33 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-04-20 21:33 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-04-20 21:33 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-04-20 21:33 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-04-20 21:33 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-04-20 21:33 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-04-20 21:33 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-04-20 21:33 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-04-20 21:33 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-04-20 21:33 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-04-20 21:33 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-04-20 21:33 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-04-20 21:33 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-04-20 21:33 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-04-20 21:33 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-04-20 21:33 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-04-20 21:33 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-04-20 21:33 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-04-20 21:33 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-04-20 21:33 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-04-20 21:33 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-04-20 21:33 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-04-20 21:33 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-04-20 21:33 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-04-20 21:33 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-04-20 21:33 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-04-20 21:33 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-04-20 21:33 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-04-20 21:33 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-04-20 21:33 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-04-20 21:33 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-04-20 21:33 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-04-20 21:33 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-04-20 21:33 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-04-20 21:33 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-04-20 21:33 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-04-20 21:33 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-04-20 21:33 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-04-20 21:33 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-04-20 21:33 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-04-20 21:33 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-04-20 21:33 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-04-20 21:33 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-04-20 21:33 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-04-20 21:33 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-04-20 21:33 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-04-20 21:33 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-04-20 21:33 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-04-20 21:33 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-04-20 21:33 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-04-20 21:33 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-04-20 21:33 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-04-20 21:33 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-04-20 21:33 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-04-20 21:33 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-04-20 21:33 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-04-20 21:33 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-04-20 21:33 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-04-20 21:33 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-04-20 21:33 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-04-20 21:33 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-04-20 21:33 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-04-20 21:32 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-04-20 21:32 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-04-20 21:32 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-04-20 21:32 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-04-20 21:32 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-04-20 21:32 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-04-20 21:32 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-04-20 21:32 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-04-20 21:32 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-04-20 21:32 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-04-20 21:32 - 2014-10-14 04:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-04-20 21:32 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-04-20 21:32 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll

iParanoid · 01.05.2015, 15:53

FRST.txt Teil 4

Code:

ATTFilter

2015-04-20 21:32 - 2012-01-04 12:44 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2015-04-20 21:32 - 2012-01-04 10:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2015-04-20 21:32 - 2010-12-23 12:42 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2015-04-20 21:32 - 2010-12-23 12:42 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2015-04-20 21:32 - 2010-12-23 07:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2015-04-20 21:31 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-20 21:31 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-20 21:31 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-20 21:31 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-20 21:31 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-20 21:31 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-20 21:31 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-20 21:31 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-20 21:31 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-20 21:31 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-20 21:31 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-20 21:31 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-20 21:31 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-20 21:31 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-20 21:31 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-20 21:31 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-20 21:31 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-20 21:31 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-20 21:31 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-20 21:31 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-20 21:31 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-20 21:31 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-20 21:31 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-20 21:31 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-20 21:31 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-20 21:31 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-20 21:31 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-20 21:31 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-20 21:31 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-20 21:31 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-20 21:31 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-20 21:31 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-20 21:31 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-20 21:31 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-20 21:31 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-20 21:31 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-20 21:31 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-20 21:31 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-20 21:31 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-20 21:31 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-20 21:31 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-20 21:31 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-20 21:31 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-20 21:31 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-20 21:31 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-20 21:31 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-20 21:31 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-20 21:31 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-20 21:31 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-20 21:31 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-20 21:31 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-20 21:31 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-20 21:31 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-20 21:31 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-20 21:31 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-20 21:31 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-20 21:31 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-20 21:31 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-20 21:31 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-20 21:31 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-20 21:31 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-20 21:31 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-04-20 21:31 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-04-20 21:31 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-04-20 21:31 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-04-20 21:31 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-04-20 21:31 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-04-20 21:31 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-04-20 21:31 - 2012-10-09 20:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2015-04-20 21:31 - 2012-10-09 20:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2015-04-20 21:31 - 2012-10-09 19:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2015-04-20 21:31 - 2012-10-09 19:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2015-04-20 21:31 - 2010-12-23 12:36 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2015-04-20 21:31 - 2010-12-23 07:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2015-04-20 21:31 - 2010-12-23 07:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2015-04-20 21:30 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2015-04-20 21:30 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2015-04-20 21:30 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2015-04-20 21:30 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2015-04-20 21:30 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2015-04-20 21:30 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2015-04-20 21:30 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2015-04-20 21:30 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2015-04-20 21:30 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2015-04-20 21:30 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2015-04-20 21:30 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2015-04-20 21:30 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2015-04-20 21:30 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2015-04-20 21:30 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2015-04-20 21:29 - 2015-01-09 05:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-04-20 21:29 - 2015-01-09 05:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-04-20 21:29 - 2015-01-09 05:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-04-20 21:29 - 2015-01-09 04:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-04-20 21:29 - 2014-11-11 05:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-20 21:29 - 2014-11-11 04:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-20 21:29 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-04-20 21:29 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-04-20 21:29 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-04-20 21:29 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-04-20 21:29 - 2013-10-19 04:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2015-04-20 21:29 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2015-04-20 21:29 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-04-20 21:29 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-04-20 21:29 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-04-20 21:29 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-04-20 21:29 - 2012-12-07 15:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2015-04-20 21:29 - 2012-12-07 15:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2015-04-20 21:29 - 2012-12-07 14:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2015-04-20 21:29 - 2012-12-07 14:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2015-04-20 21:29 - 2012-12-07 13:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2015-04-20 21:29 - 2012-12-07 13:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2015-04-20 21:29 - 2012-12-07 13:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2015-04-20 21:29 - 2012-12-07 13:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2015-04-20 21:29 - 2012-12-07 13:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2015-04-20 21:29 - 2012-12-07 13:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2015-04-20 21:29 - 2012-12-07 13:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2015-04-20 21:29 - 2012-12-07 13:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2015-04-20 21:29 - 2012-12-07 13:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2015-04-20 21:29 - 2012-12-07 13:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2015-04-20 21:29 - 2012-12-07 13:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2015-04-20 21:29 - 2012-12-07 13:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2015-04-20 21:29 - 2012-12-07 13:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2015-04-20 21:29 - 2012-12-07 13:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2015-04-20 21:29 - 2012-12-07 12:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2015-04-20 21:29 - 2012-12-07 12:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2015-04-20 21:29 - 2012-12-07 12:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2015-04-20 21:29 - 2012-12-07 12:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2015-04-20 21:29 - 2012-12-07 12:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2015-04-20 21:29 - 2012-12-07 12:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2015-04-20 21:29 - 2012-12-07 12:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2015-04-20 21:29 - 2012-12-07 12:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2015-04-20 21:29 - 2012-12-07 12:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2015-04-20 21:29 - 2012-12-07 12:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2015-04-20 21:29 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2015-04-20 21:29 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2015-04-20 21:29 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2015-04-20 21:29 - 2012-12-07 12:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2015-04-20 21:29 - 2012-10-03 19:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2015-04-20 21:29 - 2012-10-03 19:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-04-20 21:29 - 2012-10-03 19:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-04-20 21:29 - 2012-10-03 19:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2015-04-20 21:29 - 2012-10-03 19:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2015-04-20 21:29 - 2012-10-03 18:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2015-04-20 21:29 - 2012-10-03 18:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2015-04-20 21:29 - 2012-10-03 18:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2015-04-20 21:29 - 2012-08-22 20:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-04-20 21:29 - 2012-07-04 22:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2015-04-20 21:29 - 2011-06-15 12:02 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll
2015-04-20 21:29 - 2011-06-15 12:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll
2015-04-20 21:29 - 2011-06-15 12:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll
2015-04-20 21:29 - 2011-06-15 12:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll
2015-04-20 21:29 - 2011-06-15 10:55 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2015-04-20 21:29 - 2011-06-15 10:55 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2015-04-20 21:29 - 2011-06-15 10:55 - 00122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2015-04-20 21:29 - 2011-06-15 10:55 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2015-04-20 21:29 - 2011-06-15 10:55 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2015-04-20 21:29 - 2011-05-04 07:25 - 02315776 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-04-20 21:29 - 2011-05-04 07:22 - 02223616 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-04-20 21:29 - 2011-05-04 07:22 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-04-20 21:29 - 2011-05-04 07:22 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-04-20 21:29 - 2011-05-04 07:22 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-04-20 21:29 - 2011-05-04 07:22 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2015-04-20 21:29 - 2011-05-04 07:19 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-04-20 21:29 - 2011-05-04 07:19 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-04-20 21:29 - 2011-05-04 07:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2015-04-20 21:29 - 2011-05-04 06:34 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-04-20 21:29 - 2011-05-04 06:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-04-20 21:29 - 2011-05-04 06:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-04-20 21:29 - 2011-05-04 06:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-04-20 21:29 - 2011-05-04 06:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2015-04-20 21:29 - 2011-05-04 06:28 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-04-20 21:29 - 2011-05-04 06:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-04-20 21:29 - 2011-05-04 06:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2015-04-20 21:28 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2015-04-20 21:28 - 2013-10-30 04:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2015-04-20 21:28 - 2013-10-30 04:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2015-04-20 21:28 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-04-20 21:28 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-04-20 21:28 - 2013-03-19 07:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2015-04-20 21:28 - 2011-06-16 07:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2015-04-20 21:28 - 2011-06-16 06:33 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2015-04-20 21:28 - 2011-05-04 06:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2015-04-20 21:27 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-04-20 21:27 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-04-20 21:27 - 2011-11-17 08:35 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2015-04-20 21:27 - 2011-11-17 07:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2015-04-20 21:27 - 2011-07-09 04:46 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-04-20 21:27 - 2011-04-27 04:40 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-04-20 21:27 - 2011-04-27 04:39 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-04-20 21:26 - 2014-12-19 05:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-04-20 21:25 - 2014-12-06 06:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-04-20 21:25 - 2014-12-06 05:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-04-20 21:25 - 2014-12-06 05:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-04-20 21:25 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-04-20 21:25 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-04-20 21:25 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-04-20 21:25 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-04-20 21:25 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-04-20 21:25 - 2013-10-12 04:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2015-04-20 21:25 - 2013-10-12 04:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2015-04-20 21:25 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2015-04-20 21:25 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2015-04-20 21:25 - 2013-10-12 03:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2015-04-20 21:25 - 2013-10-12 03:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2015-04-20 21:25 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2015-04-20 21:25 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2015-04-20 21:24 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-20 21:24 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-20 21:24 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-20 21:24 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-20 21:24 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-20 21:24 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-20 21:24 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-20 21:24 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-20 21:24 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-04-20 21:24 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-04-20 21:24 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-04-20 21:24 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-04-20 21:24 - 2014-12-19 03:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-04-20 21:24 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-04-20 21:24 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2015-04-20 21:24 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-04-20 21:24 - 2013-11-27 03:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-04-20 21:24 - 2013-11-27 03:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-04-20 21:24 - 2013-11-27 03:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2015-04-20 21:24 - 2013-11-27 03:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-04-20 21:24 - 2013-11-27 03:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2015-04-20 21:24 - 2013-11-27 03:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2015-04-20 21:24 - 2013-11-27 03:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-04-20 21:24 - 2013-10-04 04:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2015-04-20 21:24 - 2013-10-04 04:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2015-04-20 21:24 - 2013-10-04 04:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2015-04-20 21:24 - 2013-10-04 03:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2015-04-20 21:24 - 2013-10-04 03:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2015-04-20 21:24 - 2013-10-04 03:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2015-04-20 21:24 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2015-04-20 21:24 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-04-20 21:24 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2015-04-20 21:24 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2015-04-20 21:24 - 2013-07-12 12:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2015-04-20 21:24 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2015-04-20 21:24 - 2013-04-26 01:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2015-04-20 21:24 - 2013-04-01 00:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2015-04-20 21:24 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-04-20 21:24 - 2012-11-29 00:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2015-04-20 21:24 - 2012-11-29 00:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2015-04-20 21:24 - 2012-11-29 00:56 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2015-04-20 21:24 - 2011-12-30 08:26 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2015-04-20 21:24 - 2011-12-30 07:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2015-04-20 21:24 - 2011-03-11 08:34 - 01395712 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-04-20 21:24 - 2011-03-11 08:34 - 01359872 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-04-20 21:24 - 2011-03-11 07:33 - 01164288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2015-04-20 21:24 - 2011-03-11 07:33 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2015-04-20 21:23 - 2014-11-11 03:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-04-20 21:23 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-04-20 21:23 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-04-20 21:23 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-04-20 21:23 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-04-20 21:23 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2015-04-20 21:23 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2015-04-20 21:23 - 2011-03-03 08:24 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-04-20 21:23 - 2011-03-03 08:24 - 00183296 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2015-04-20 21:23 - 2011-03-03 08:21 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2015-04-20 21:23 - 2011-03-03 07:38 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-04-20 21:23 - 2011-03-03 07:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2015-04-20 21:22 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-20 21:22 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-20 21:22 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-04-20 21:22 - 2013-04-10 08:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2015-04-20 21:22 - 2012-11-02 07:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2015-04-20 21:22 - 2012-11-02 07:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2015-04-20 21:22 - 2011-02-03 13:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-04-20 21:20 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-20 21:20 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-20 21:20 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-20 21:20 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-20 21:20 - 2014-08-12 04:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-04-20 21:20 - 2014-08-12 03:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-04-20 21:20 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2015-04-20 21:20 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2015-04-20 21:20 - 2011-08-17 07:26 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2015-04-20 21:20 - 2011-08-17 07:25 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2015-04-20 21:20 - 2011-08-17 06:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2015-04-20 21:20 - 2011-08-17 06:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2015-04-20 21:20 - 2011-04-29 05:06 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-04-20 21:20 - 2011-04-29 05:05 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2015-04-20 21:20 - 2011-04-29 05:05 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2015-04-20 21:19 - 2012-03-17 09:58 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2015-04-20 21:19 - 2011-02-05 19:10 - 00020352 _____ (Microsoft Corporation) C:\Windows\system32\kdusb.dll
2015-04-20 21:19 - 2011-02-05 19:10 - 00019328 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll
2015-04-20 21:19 - 2011-02-05 19:10 - 00017792 _____ (Microsoft Corporation) C:\Windows\system32\kdcom.dll
2015-04-20 21:17 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-20 21:17 - 2014-11-26 05:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-04-20 21:17 - 2014-11-26 05:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-04-20 21:17 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-04-20 21:17 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-04-20 21:17 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2015-04-20 21:17 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2015-04-20 21:16 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-04-20 21:16 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-04-20 21:16 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-04-20 21:16 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-04-20 21:16 - 2012-04-26 07:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2015-04-20 21:16 - 2012-04-26 07:34 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2015-04-20 21:14 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-04-20 21:06 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2015-04-20 21:06 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2015-04-20 21:06 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2015-04-20 21:06 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2015-04-20 21:05 - 2014-12-08 05:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-04-20 21:05 - 2014-12-08 04:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-04-20 21:05 - 2013-05-10 07:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2015-04-20 21:05 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2015-04-20 21:05 - 2011-05-24 13:42 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2015-04-20 21:05 - 2011-05-24 12:40 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2015-04-20 21:05 - 2011-05-24 12:40 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2015-04-20 21:05 - 2011-05-24 12:39 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2015-04-20 21:05 - 2011-05-24 12:37 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2015-04-20 21:04 - 2014-10-14 04:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-04-20 21:04 - 2014-10-14 03:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-04-20 21:04 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-04-20 21:04 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-04-20 21:04 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-04-20 21:04 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-04-20 21:04 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-04-20 21:04 - 2013-02-27 07:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-04-20 21:02 - 2011-12-16 10:46 - 00634880 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2015-04-20 21:02 - 2011-12-16 09:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2015-04-20 21:01 - 2011-02-12 13:34 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe
2015-04-20 20:58 - 2012-03-01 08:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2015-04-20 20:58 - 2012-03-01 08:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2015-04-20 20:58 - 2012-03-01 07:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2015-04-20 20:57 - 2012-07-05 00:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2015-04-20 20:57 - 2012-07-05 00:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2015-04-20 20:57 - 2012-07-05 00:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2015-04-20 20:57 - 2012-07-04 23:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2015-04-20 20:57 - 2012-07-04 23:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2015-04-20 20:55 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2015-04-20 20:55 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2015-04-20 20:55 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2015-04-20 20:55 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2015-04-20 20:55 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2015-04-20 20:55 - 2011-05-03 07:29 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-04-20 20:55 - 2011-05-03 06:30 - 00741376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-04-20 20:54 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-04-20 20:54 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2015-04-20 20:52 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-20 20:52 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-20 20:52 - 2014-11-08 05:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-04-20 20:52 - 2014-11-08 04:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-04-20 20:52 - 2014-09-04 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-04-20 20:52 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-04-20 20:52 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 20:52 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 20:52 - 2013-01-24 08:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2015-04-20 20:51 - 2014-10-30 04:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-04-20 20:51 - 2014-10-30 03:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-04-20 20:51 - 2014-10-25 03:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-04-20 20:51 - 2014-10-25 03:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-04-20 20:51 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-04-20 20:51 - 2012-11-23 05:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2015-04-20 20:51 - 2012-09-26 00:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2015-04-20 20:51 - 2012-09-26 00:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2015-04-20 20:51 - 2012-05-14 07:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-04-20 20:51 - 2011-02-18 12:51 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
2015-04-20 20:51 - 2011-02-18 07:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2015-04-20 20:50 - 2011-10-15 08:31 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2015-04-20 20:50 - 2011-10-15 07:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2015-04-20 20:50 - 2011-08-27 07:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2015-04-20 20:50 - 2011-08-27 06:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2015-04-20 20:50 - 2011-02-23 06:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2015-04-20 20:49 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-20 20:49 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-20 20:49 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-20 20:49 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-04-20 20:49 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-04-20 20:49 - 2013-10-12 04:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-04-20 20:49 - 2013-10-12 04:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-04-20 20:49 - 2013-10-12 04:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-04-20 20:49 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-04-20 20:49 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-04-20 20:49 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2015-04-20 20:49 - 2012-06-06 08:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2015-04-20 20:49 - 2012-06-06 07:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2015-04-20 20:33 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-04-20 20:33 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-04-20 20:33 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-04-20 20:33 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-04-20 20:33 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-04-20 20:33 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-04-20 20:32 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-04-20 20:32 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-04-20 20:28 - 2012-02-17 08:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2015-04-20 20:28 - 2012-02-17 07:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2015-04-20 20:28 - 2012-02-17 06:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2015-04-20 20:19 - 2015-04-20 20:19 - 00000202 _____ () C:\Users\iParanoid\Desktop\Evolve.url
2015-04-20 19:51 - 2015-04-20 19:51 - 00000202 _____ () C:\Users\iParanoid\Desktop\FTL Faster Than Light.url
2015-04-20 19:51 - 2015-04-20 19:51 - 00000201 _____ () C:\Users\iParanoid\Desktop\The Darkness II.url
2015-04-20 19:51 - 2015-04-20 19:51 - 00000201 _____ () C:\Users\iParanoid\Desktop\Metro Last Light.url
2015-04-20 19:51 - 2015-04-20 19:51 - 00000201 _____ () C:\Users\iParanoid\Desktop\Anno 2070.url
2015-04-20 19:51 - 2015-04-20 19:51 - 00000000 ____D () C:\Users\iParanoid\Documents\4a games
2015-04-20 19:47 - 2015-04-20 19:47 - 00000000 ____D () C:\Users\iParanoid\Documents\my games
2015-04-20 19:32 - 2015-04-21 11:56 - 00221656 _____ () C:\Windows\PFRO.log
2015-04-20 19:27 - 2015-04-20 19:27 - 00000000 ____D () C:\Users\iParanoid\AppData\Roaming\LolClient
2015-04-20 19:23 - 2015-04-20 19:23 - 00000000 ____D () C:\Windows\system32\SPReview
2015-04-20 19:22 - 2015-04-20 19:22 - 00000000 ____D () C:\Windows\system32\EventProviders
2015-04-20 19:21 - 2010-11-20 15:39 - 05066752 _____ (Microsoft Corporation) C:\Windows\system32\AuthFWSnapin.dll
2015-04-20 19:21 - 2010-11-20 15:34 - 00215936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2015-04-20 19:21 - 2010-11-20 15:34 - 00199552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbus.sys
2015-04-20 19:21 - 2010-11-20 15:33 - 00366976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2015-04-20 19:21 - 2010-11-20 15:33 - 00299392 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-04-20 19:21 - 2010-11-20 15:29 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2015-04-20 19:21 - 2010-11-20 15:28 - 00298104 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 03860992 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 03650560 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 03027968 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2015-04-20 19:21 - 2010-11-20 15:27 - 03008000 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 02652160 _____ (Microsoft Corporation) C:\Windows\system32\netshell.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 02262528 _____ (Microsoft Corporation) C:\Windows\system32\SyncCenter.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 02086912 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 02072576 _____ (Microsoft Corporation) C:\Windows\system32\WMPEncEn.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 01900544 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 01808384 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 01753088 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 01646080 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 01556992 _____ (Microsoft Corporation) C:\Windows\system32\RacEngn.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 01509888 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\wlanpref.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 01326080 _____ (Microsoft Corporation) C:\Windows\system32\NaturalLanguage6.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 01281024 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 01243136 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 01212416 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 01197056 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 01158656 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 01098240 _____ (Microsoft Corporation) C:\Windows\system32\Vault.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 01082880 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 01024512 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 01008128 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\sqlsrv32.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 00867840 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 00849920 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\odbc32.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 00605696 _____ (Microsoft Corporation) C:\Windows\system32\wmpeffects.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 00582656 _____ (Microsoft Corporation) C:\Windows\system32\sxs.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 00577536 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\wmicmiplugin.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\WinSATAPI.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 00481280 _____ (Microsoft Corporation) C:\Windows\system32\wmpps.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\QAGENTRT.DLL
2015-04-20 19:21 - 2010-11-20 15:27 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 00409600 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\shsvcs.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\netdiagfx.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 00299520 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\QAGENT.DLL
2015-04-20 19:21 - 2010-11-20 15:27 - 00263168 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 00263168 _____ (Microsoft Corporation) C:\Windows\system32\spwizui.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\sqmapi.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 00236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 00214528 _____ (Microsoft Corporation) C:\Windows\system32\umrdp.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\tscfgwmi.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\prncache.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2015-04-20 19:21 - 2010-11-20 15:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2015-04-20 19:21 - 2010-11-20 15:26 - 03391488 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-04-20 19:21 - 2010-11-20 15:26 - 03205120 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll
2015-04-20 19:21 - 2010-11-20 15:26 - 02067456 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2015-04-20 19:21 - 2010-11-20 15:26 - 01866240 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-04-20 19:21 - 2010-11-20 15:26 - 01340416 _____ (Microsoft Corporation) C:\Windows\system32\diagperf.dll
2015-04-20 19:21 - 2010-11-20 15:26 - 01244160 _____ (Microsoft Corporation) C:\Windows\system32\imapi2fs.dll
2015-04-20 19:21 - 2010-11-20 15:26 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2015-04-20 19:21 - 2010-11-20 15:26 - 00828416 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2015-04-20 19:21 - 2010-11-20 15:26 - 00784896 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2015-04-20 19:21 - 2010-11-20 15:26 - 00777728 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2015-04-20 19:21 - 2010-11-20 15:26 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\ipsmsnap.dll
2015-04-20 19:21 - 2010-11-20 15:26 - 00551936 _____ (Microsoft Corporation) C:\Windows\system32\localsec.dll
2015-04-20 19:21 - 2010-11-20 15:26 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\imapi2.dll
2015-04-20 19:21 - 2010-11-20 15:26 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2015-04-20 19:21 - 2010-11-20 15:26 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\drvstore.dll
2015-04-20 19:21 - 2010-11-20 15:26 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2015-04-20 19:21 - 2010-11-20 15:26 - 00317952 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2015-04-20 19:21 - 2010-11-20 15:26 - 00281600 _____ (Microsoft) C:\Windows\system32\DShowRdpFilter.dll
2015-04-20 19:21 - 2010-11-20 15:26 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2015-04-20 19:21 - 2010-11-20 15:26 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\hgprint.dll
2015-04-20 19:21 - 2010-11-20 15:26 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\fde.dll
2015-04-20 19:21 - 2010-11-20 15:26 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\dot3api.dll
2015-04-20 19:21 - 2010-11-20 15:25 - 03957760 _____ (Microsoft Corporation) C:\Windows\system32\WinSAT.exe
2015-04-20 19:21 - 2010-11-20 15:25 - 01975296 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2015-04-20 19:21 - 2010-11-20 15:25 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\certmgr.dll
2015-04-20 19:21 - 2010-11-20 15:25 - 01600512 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2015-04-20 19:21 - 2010-11-20 15:25 - 01504256 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
2015-04-20 19:21 - 2010-11-20 15:25 - 00958464 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-04-20 19:21 - 2010-11-20 15:25 - 00897536 _____ (Microsoft Corporation) C:\Windows\system32\azroles.dll
2015-04-20 19:21 - 2010-11-20 15:25 - 00705024 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-04-20 19:21 - 2010-11-20 15:25 - 00692224 _____ (Microsoft Corporation) C:\Windows\system32\cscsvc.dll
2015-04-20 19:21 - 2010-11-20 15:25 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\spinstall.exe
2015-04-20 19:21 - 2010-11-20 15:25 - 00594432 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2015-04-20 19:21 - 2010-11-20 15:25 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\appmgr.dll
2015-04-20 19:21 - 2010-11-20 15:25 - 00464384 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2015-04-20 19:21 - 2010-11-20 15:25 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-04-20 19:21 - 2010-11-20 15:25 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\spreview.exe
2015-04-20 19:21 - 2010-11-20 15:25 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
2015-04-20 19:21 - 2010-11-20 15:25 - 00240640 _____ (Microsoft Corporation) C:\Windows\system32\cscobj.dll
2015-04-20 19:21 - 2010-11-20 15:25 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2015-04-20 19:21 - 2010-11-20 15:25 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\PushPrinterConnections.exe
2015-04-20 19:21 - 2010-11-20 15:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\FXSSVC.exe
2015-04-20 19:21 - 2010-11-20 15:24 - 00653312 _____ (Microsoft Corporation) C:\Windows\system32\lpksetup.exe
2015-04-20 19:21 - 2010-11-20 15:24 - 00345088 _____ (Microsoft Corporation) C:\Windows\system32\cmd.exe
2015-04-20 19:21 - 2010-11-20 15:24 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\lsm.exe
2015-04-20 19:21 - 2010-11-20 15:24 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax
2015-04-20 19:21 - 2010-11-20 15:24 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\mcbuilder.exe
2015-04-20 19:21 - 2010-11-20 14:32 - 05066752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthFWSnapin.dll
2015-04-20 19:21 - 2010-11-20 14:21 - 01712640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsservices.dll
2015-04-20 19:21 - 2010-11-20 14:21 - 01667584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll
2015-04-20 19:21 - 2010-11-20 14:21 - 01363456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2015-04-20 19:21 - 2010-11-20 14:21 - 01128448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
2015-04-20 19:21 - 2010-11-20 14:21 - 01115136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RacEngn.dll
2015-04-20 19:21 - 2010-11-20 14:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2015-04-20 19:21 - 2010-11-20 14:21 - 00505856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
2015-04-20 19:21 - 2010-11-20 14:21 - 00351232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2015-04-20 19:21 - 2010-11-20 14:21 - 00350208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shlwapi.dll
2015-04-20 19:21 - 2010-11-20 14:21 - 00270848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
2015-04-20 19:21 - 2010-11-20 14:21 - 00269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2015-04-20 19:21 - 2010-11-20 14:21 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnp.dll
2015-04-20 19:21 - 2010-11-20 14:21 - 00140800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp.dll
2015-04-20 19:21 - 2010-11-20 14:21 - 00113664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2015-04-20 19:21 - 2010-11-20 14:21 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2015-04-20 19:21 - 2010-11-20 14:20 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-04-20 19:21 - 2010-11-20 14:20 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2015-04-20 19:21 - 2010-11-20 14:20 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbc32.dll
2015-04-20 19:21 - 2010-11-20 14:20 - 00563712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2015-04-20 19:21 - 2010-11-20 14:20 - 00547840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceApi.dll
2015-04-20 19:21 - 2010-11-20 14:20 - 00406528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2015-04-20 19:21 - 2010-11-20 14:19 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2015-04-20 19:21 - 2010-11-20 14:19 - 02151936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcndmgr.dll
2015-04-20 19:21 - 2010-11-20 14:19 - 01493504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-04-20 19:21 - 2010-11-20 14:19 - 00954752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc40.dll
2015-04-20 19:21 - 2010-11-20 14:19 - 00954288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc40u.dll
2015-04-20 19:21 - 2010-11-20 14:19 - 00732160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imapi2fs.dll
2015-04-20 19:21 - 2010-11-20 14:19 - 00584192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2015-04-20 19:21 - 2010-11-20 14:19 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2015-04-20 19:21 - 2010-11-20 14:18 - 02522624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-04-20 19:21 - 2010-11-20 14:18 - 01828352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2015-04-20 19:21 - 2010-11-20 14:18 - 01555456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certmgr.dll
2015-04-20 19:21 - 2010-11-20 14:18 - 01334272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2015-04-20 19:21 - 2010-11-20 14:18 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2015-04-20 19:21 - 2010-11-20 14:18 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-04-20 19:21 - 2010-11-20 14:18 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvstore.dll
2015-04-20 19:21 - 2010-11-20 14:18 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-04-20 19:21 - 2010-11-20 14:18 - 00252928 _____ (Microsoft) C:\Windows\SysWOW64\DShowRdpFilter.dll
2015-04-20 19:21 - 2010-11-20 14:18 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3api.dll
2015-04-20 19:21 - 2010-11-20 14:17 - 00302592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
2015-04-20 19:21 - 2010-11-20 14:17 - 00220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mcbuilder.exe
2015-04-20 19:21 - 2010-11-20 14:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PushPrinterConnections.exe
2015-04-20 19:21 - 2010-11-20 13:05 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\rdpdd.dll
2015-04-20 19:21 - 2010-11-20 12:44 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys
2015-04-20 19:21 - 2010-11-20 11:58 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\vmicsvc.exe
2015-04-20 19:21 - 2010-11-20 11:27 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys
2015-04-20 19:21 - 2010-11-20 11:27 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2015-04-20 19:21 - 2010-11-20 11:23 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2015-04-20 19:21 - 2010-11-05 04:20 - 00347904 _____ () C:\Windows\system32\systemsf.ebd
2015-04-20 19:21 - 2010-11-05 03:58 - 00297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2015-04-20 19:21 - 2010-11-05 03:58 - 00049488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2015-04-20 19:21 - 2010-11-05 03:57 - 00444752 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2015-04-20 19:21 - 2010-11-05 03:57 - 00048976 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2015-04-20 19:21 - 2010-11-05 03:53 - 00320352 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2015-04-20 19:21 - 2010-11-05 03:53 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2015-04-20 19:21 - 2010-11-05 03:53 - 00109928 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2015-04-20 19:21 - 2010-11-05 03:53 - 00099176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
2015-04-20 19:21 - 2009-07-14 03:16 - 00629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pmcsnap.dll
2015-04-20 19:21 - 2009-07-14 03:16 - 00238080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ppcsnap.dll
2015-04-20 19:21 - 2009-07-14 03:16 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tcpmonui.dll
2015-04-20 19:20 - 2010-11-20 15:44 - 01077248 _____ (Microsoft Corporation) C:\Windows\system32\Narrator.exe
2015-04-20 19:20 - 2010-11-20 15:44 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\NAPHLPR.DLL
2015-04-20 19:20 - 2010-11-20 15:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\NAPCRYPT.DLL
2015-04-20 19:20 - 2010-11-20 15:34 - 00363392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
2015-04-20 19:20 - 2010-11-20 15:34 - 00071552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2015-04-20 19:20 - 2010-11-20 15:34 - 00046464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmstorfl.sys
2015-04-20 19:20 - 2010-11-20 15:34 - 00034688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsc.sys
2015-04-20 19:20 - 2010-11-20 15:33 - 00289664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2015-04-20 19:20 - 2010-11-20 15:33 - 00263040 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2015-04-20 19:20 - 2010-11-20 15:33 - 00213888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2015-04-20 19:20 - 2010-11-20 15:33 - 00184704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2015-04-20 19:20 - 2010-11-20 15:33 - 00171392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys
2015-04-20 19:20 - 2010-11-20 15:33 - 00155008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpio.sys
2015-04-20 19:20 - 2010-11-20 15:33 - 00140672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys
2015-04-20 19:20 - 2010-11-20 15:33 - 00103808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys
2015-04-20 19:20 - 2010-11-20 15:33 - 00078720 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpSAMD.sys
2015-04-20 19:20 - 2010-11-20 15:33 - 00063360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
2015-04-20 19:20 - 2010-11-20 15:33 - 00052096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winhv.sys
2015-04-20 19:20 - 2010-11-20 15:33 - 00031104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys
2015-04-20 19:20 - 2010-11-20 15:33 - 00014720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys
2015-04-20 19:20 - 2010-11-20 15:32 - 02217856 _____ (Microsoft Corporation) C:\Windows\system32\bootres.dll
2015-04-20 19:20 - 2010-11-20 15:32 - 00334208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2015-04-20 19:20 - 2010-11-20 15:32 - 00179072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2015-04-20 19:20 - 2010-11-20 15:28 - 00166784 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 02851840 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 02250752 _____ (Microsoft Corporation) C:\Windows\system32\SensorsCpl.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 02193920 _____ (Microsoft Corporation) C:\Windows\system32\themecpl.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 02146816 _____ (Microsoft Corporation) C:\Windows\system32\networkmap.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 01911808 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\netcenter.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 01672704 _____ (Microsoft Corporation) C:\Windows\system32\networkexplorer.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 01363968 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2015-04-20 19:20 - 2010-11-20 15:27 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2015-04-20 19:20 - 2010-11-20 15:27 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\sdengin2.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 01080320 _____ (Microsoft Corporation) C:\Windows\system32\onexui.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 01050624 _____ (Microsoft Corporation) C:\Windows\system32\printui.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2015-04-20 19:20 - 2010-11-20 15:27 - 00933376 _____ (Microsoft Corporation) C:\Windows\system32\SmiEngine.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00898560 _____ (Microsoft Corporation) C:\Windows\system32\OobeFldr.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00812032 _____ (Microsoft Corporation) C:\Windows\system32\wpccpl.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00799744 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\sud.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\sdcpl.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00691200 _____ (Microsoft Corporation) C:\Windows\system32\VAN.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2015-04-20 19:20 - 2010-11-20 15:27 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\PerfCenterCPL.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00636416 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmdev.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00633344 _____ (Microsoft Corporation) C:\Windows\system32\riched20.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\wiaservc.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\mspbda.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00568832 _____ (Microsoft Corporation) C:\Windows\system32\scrptadm.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\msdri.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00527872 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmnet.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\powercpl.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\wlangpui.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\wiadefui.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\nshipsec.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\shwebsvc.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\sqlcese30.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\spwizeng.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00435712 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceStatus.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00431104 _____ (Microsoft Corporation) C:\Windows\system32\WPDSp.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\termmgr.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00418816 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\prnfldr.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wlanui.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\mtxclu.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00366080 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00358400 _____ (Microsoft Corporation) C:\Windows\system32\wmpdxm.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\sharemediacpl.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\srchadmin.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\raschap.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\tapisrv.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\scansetting.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00300032 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\srrstr.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\MSAC3ENC.DLL
2015-04-20 19:20 - 2010-11-20 15:27 - 00264192 _____ (Microsoft Corporation) C:\Windows\system32\upnp.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\wavemsp.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\tcpipcfg.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\qdv.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\spp.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\taskbarcpl.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00238080 _____ (Microsoft Corporation) C:\Windows\system32\mstask.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\onex.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\scecli.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00232448 _____ (Microsoft Corporation) C:\Windows\system32\sppcomapi.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceSyncProvider.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\wmpsrcwp.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\QSHVHOST.DLL
2015-04-20 19:20 - 2010-11-20 15:27 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00221696 _____ (Microsoft Corporation) C:\Windows\system32\OnLineIDCpl.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00217600 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\netiohlp.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\wpdwcn.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\rasppp.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\sysclass.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\syncui.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\netplwiz.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\vdsbas.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\netjoin.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\provsvc.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\qcap.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\twext.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\sdrsvc.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00165376 _____ (Microsoft Corporation) C:\Windows\system32\netid.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\ocsetapi.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\prntvpt.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00154624 _____ (Microsoft Corporation) C:\Windows\system32\uxlib.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00153088 _____ (Microsoft Corporation) C:\Windows\system32\remotepg.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00148992 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\recovery.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\mydocs.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\wmpshell.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\shsetup.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\ntlanman.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\srvcli.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\wiavideo.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\QSVRMGMT.DLL
2015-04-20 19:20 - 2010-11-20 15:27 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\thumbcache.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\QUTIL.DLL
2015-04-20 19:20 - 2010-11-20 15:27 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\sppnp.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\regapi.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\nci.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\UserAccountControlSettings.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\QCLIPROV.DLL
2015-04-20 19:20 - 2010-11-20 15:27 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\spbcd.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\tlscsp.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\unimdmat.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\napdsnap.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\wkscli.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\vfwwdm32.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\rdpd3d.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\samcli.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\ncryptui.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\RpcRtRemote.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\WavDest.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\vss_ps.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\umb.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\odbcconf.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\rtutils.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\PrintIsolationProxy.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\wshbth.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\msasn1.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\vpnikeapi.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\msvidc32.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\shimgvw.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\wdiasqmmodule.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\msdmo.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\profprov.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\netutils.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\shgina.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\wsdchngr.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\msyuv.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\sisbkup.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\schedcli.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\rdprefdrvapi.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\TRAPI.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\spopk.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\syssetup.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\muifontsetup.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\msrle32.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\nrpsrv.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\tsbyuv.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wshirda.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\shunimpl.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\riched32.dll
2015-04-20 19:20 - 2010-11-20 15:27 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\rdpcfgex.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 01457664 _____ (Microsoft Corporation) C:\Windows\system32\DxpTaskSync.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\DiagCpl.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 01087488 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 01066496 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00934912 _____ (Microsoft Corporation) C:\Windows\system32\FirewallControlPanel.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00861184 _____ (Microsoft Corporation) C:\Windows\system32\fontext.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\dsuiext.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00623104 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCenter.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\DXP.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\FXSTIFF.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00355328 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\MediaMetadataHandler.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\hgcpl.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\dot3ui.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\efscore.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00282624 _____ (Microsoft Corporation) C:\Windows\system32\iTVData.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00281088 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\dxdiagn.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dot3svc.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00240640 _____ (Microsoft Corporation) C:\Windows\system32\MFPlay.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dskquoui.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\defaultlocationcpl.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00232448 _____ (Microsoft Corporation) C:\Windows\system32\ListSvc.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairingFolder.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\mprapi.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\iasrad.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\mprddm.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\iasrecst.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\logoncli.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\ifsutil.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\dps.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\IPHLPAPI.DLL
2015-04-20 19:20 - 2010-11-20 15:26 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\EhStorAPI.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\dwmredir.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00121344 _____ (Microsoft Corporation) C:\Windows\system32\fphc.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\dnscmmc.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00116224 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\fms.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\dot3msm.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\iasacct.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\KMSVC.DLL
2015-04-20 19:20 - 2010-11-20 15:26 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\Mcx2Svc.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\hbaapi.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\fdProxy.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\fdeploy.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\dot3cfg.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\inetmib1.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\iyuv_32.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\lsmproxy.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\luainstall.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\httpapi.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\FXSMON.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\mimefilt.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\mciqtz32.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\iscsium.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dsauth.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\HotStartUserAgent.dll
2015-04-20 19:20 - 2010-11-20 15:26 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\elsTrans.dll
2015-04-20 19:20 - 2010-11-20 15:25 - 03745792 _____ (Microsoft Corporation) C:\Windows\system32\accessibilitycpl.dll
2015-04-20 19:20 - 2010-11-20 15:25 - 03524608 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 01264640 _____ (Microsoft Corporation) C:\Windows\system32\sdclt.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00974336 _____ (Microsoft Corporation) C:\Windows\system32\WFS.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\ActionCenter.dll
2015-04-20 19:20 - 2010-11-20 15:25 - 00749568 _____ (Microsoft Corporation) C:\Windows\system32\batmeter.dll
2015-04-20 19:20 - 2010-11-20 15:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayCpl.dll
2015-04-20 19:20 - 2010-11-20 15:25 - 00577024 _____ (Microsoft Corporation) C:\Windows\system32\AdmTmpl.dll
2015-04-20 19:20 - 2010-11-20 15:25 - 00549888 _____ (Microsoft Corporation) C:\Windows\system32\ActionCenterCPL.dll
2015-04-20 19:20 - 2010-11-20 15:25 - 00533504 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\biocpl.dll
2015-04-20 19:20 - 2010-11-20 15:25 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\cscui.dll
2015-04-20 19:20 - 2010-11-20 15:25 - 00472064 _____ (Microsoft Corporation) C:\Windows\system32\azroleui.dll
2015-04-20 19:20 - 2010-11-20 15:25 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-04-20 19:20 - 2010-11-20 15:25 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\nltest.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00349696 _____ (Microsoft Corporation) C:\Windows\system32\slui.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2015-04-20 19:20 - 2010-11-20 15:25 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\WindowsAnytimeUpgradeResults.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00293888 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\sethc.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00273920 _____ (Microsoft Corporation) C:\Windows\system32\SndVol.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\taskmgr.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00238080 _____ (Microsoft Corporation) C:\Windows\system32\recdisc.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00213504 _____ (Microsoft Corporation) C:\Windows\system32\ActionQueue.dll
2015-04-20 19:20 - 2010-11-20 15:25 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\cfgmgr32.dll
2015-04-20 19:20 - 2010-11-20 15:25 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\PkgMgr.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\ocsetup.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\PresentationSettings.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\bcdsrv.dll
2015-04-20 19:20 - 2010-11-20 15:25 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\autoplay.dll
2015-04-20 19:20 - 2010-11-20 15:25 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\net1.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\cabview.dll
2015-04-20 19:20 - 2010-11-20 15:25 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\CscMig.dll
2015-04-20 19:20 - 2010-11-20 15:25 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayServices.dll
2015-04-20 19:20 - 2010-11-20 15:25 - 00128000 _____ (Microsoft) C:\Windows\system32\Robocopy.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\AxInstSv.dll
2015-04-20 19:20 - 2010-11-20 15:25 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\nslookup.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\cca.dll
2015-04-20 19:20 - 2010-11-20 15:25 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\cabinet.dll
2015-04-20 19:20 - 2010-11-20 15:25 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\amstream.dll
2015-04-20 19:20 - 2010-11-20 15:25 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\setupcl.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2015-04-20 19:20 - 2010-11-20 15:25 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2015-04-20 19:20 - 2010-11-20 15:25 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\tabcal.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\CertPolEng.dll
2015-04-20 19:20 - 2010-11-20 15:25 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\takeown.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\PnPUnattend.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\tzutil.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\runonce.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\acppage.dll
2015-04-20 19:20 - 2010-11-20 15:25 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\repair-bde.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\MultiDigiMon.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\cscapi.dll
2015-04-20 19:20 - 2010-11-20 15:25 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\proquota.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\AzSqlExt.dll
2015-04-20 19:20 - 2010-11-20 15:25 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\userinit.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\cscdll.dll
2015-04-20 19:20 - 2010-11-20 15:25 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\qprocess.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\bitsperf.dll
2015-04-20 19:20 - 2010-11-20 15:25 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\tskill.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\qappsrv.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\tscon.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\tsdiscon.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\shadow.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\rwinsta.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\reset.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\query.exe
2015-04-20 19:20 - 2010-11-20 15:25 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\BWUnpairElevated.dll
2015-04-20 19:20 - 2010-11-20 15:25 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\browseui.dll
2015-04-20 19:20 - 2010-11-20 15:25 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\C_ISCII.DLL
2015-04-20 19:20 - 2010-11-20 15:24 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\mblctr.exe
2015-04-20 19:20 - 2010-11-20 15:24 - 00899584 _____ (Microsoft Corporation) C:\Windows\system32\Bubbles.scr
2015-04-20 19:20 - 2010-11-20 15:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
2015-04-20 19:20 - 2010-11-20 15:24 - 00793088 _____ (Microsoft Corporation) C:\Windows\system32\autoconv.exe
2015-04-20 19:20 - 2010-11-20 15:24 - 00777728 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe
2015-04-20 19:20 - 2010-11-20 15:24 - 00763904 _____ (Microsoft Corporation) C:\Windows\system32\autofmt.exe
2015-04-20 19:20 - 2010-11-20 15:24 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl
2015-04-20 19:20 - 2010-11-20 15:24 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\bthprops.cpl
2015-04-20 19:20 - 2010-11-20 15:24 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\TabletPC.cpl
2015-04-20 19:20 - 2010-11-20 15:24 - 00606208 _____ (Microsoft Corporation) C:\Windows\system32\dfrgui.exe
2015-04-20 19:20 - 2010-11-20 15:24 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\main.cpl
2015-04-20 19:20 - 2010-11-20 15:24 - 00477696 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2015-04-20 19:20 - 2010-11-20 15:24 - 00474112 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2015-04-20 19:20 - 2010-11-20 15:24 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2015-04-20 19:20 - 2010-11-20 15:24 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2015-04-20 19:20 - 2010-11-20 15:24 - 00373248 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
2015-04-20 19:20 - 2010-11-20 15:24 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\diskraid.exe
2015-04-20 19:20 - 2010-11-20 15:24 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\eudcedit.exe
2015-04-20 19:20 - 2010-11-20 15:24 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\sysdm.cpl
2015-04-20 19:20 - 2010-11-20 15:24 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2015-04-20 19:20 - 2010-11-20 15:24 - 00333824 _____ (Microsoft Corporation) C:\Windows\system32\ssText3d.scr
2015-04-20 19:20 - 2010-11-20 15:24 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\unimdm.tsp
2015-04-20 19:20 - 2010-11-20 15:24 - 00300032 _____ (Microsoft Corporation) C:\Windows\system32\msconfig.exe
2015-04-20 19:20 - 2010-11-20 15:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2015-04-20 19:20 - 2010-11-20 15:24 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\Mystify.scr
2015-04-20 19:20 - 2010-11-20 15:24 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\Ribbons.scr
2015-04-20 19:20 - 2010-11-20 15:24 - 00232448 _____ (Microsoft Corporation) C:\Windows\system32\bitsadmin.exe
2015-04-20 19:20 - 2010-11-20 15:24 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\wdmaud.drv
2015-04-20 19:20 - 2010-11-20 15:24 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\VBICodec.ax
2015-04-20 19:20 - 2010-11-20 15:24 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\bcdboot.exe
2015-04-20 19:20 - 2010-11-20 15:24 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\powercfg.cpl
2015-04-20 19:20 - 2010-11-20 15:24 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\diskpart.exe
2015-04-20 19:20 - 2010-11-20 15:24 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\iscsicli.exe
2015-04-20 19:20 - 2010-11-20 15:24 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\MdSched.exe
2015-04-20 19:20 - 2010-11-20 15:24 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\Kswdmcap.ax
2015-04-20 19:20 - 2010-11-20 15:24 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\desk.cpl
2015-04-20 19:20 - 2010-11-20 15:24 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-04-20 19:20 - 2010-11-20 15:24 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\aitagent.exe
2015-04-20 19:20 - 2010-11-20 15:24 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\Mpeg2Data.ax
2015-04-20 19:20 - 2010-11-20 15:24 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-04-20 19:20 - 2010-11-20 15:24 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\kstvtune.ax
2015-04-20 19:20 - 2010-11-20 15:24 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\mobsync.exe
2015-04-20 19:20 - 2010-11-20 15:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\WSTPager.ax
2015-04-20 19:20 - 2010-11-20 15:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\cmstp.exe
2015-04-20 19:20 - 2010-11-20 15:24 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\isoburn.exe
2015-04-20 19:20 - 2010-11-20 15:24 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\manage-bde.exe
2015-04-20 19:20 - 2010-11-20 15:24 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax
2015-04-20 19:20 - 2010-11-20 15:24 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\findstr.exe
2015-04-20 19:20 - 2010-11-20 15:24 - 00071168 _____ (Microsoft Corporation) C:\Windows\bfsvc.exe
2015-04-20 19:20 - 2010-11-20 15:24 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\ksxbar.ax
2015-04-20 19:20 - 2010-11-20 15:24 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\djoin.exe
2015-04-20 19:20 - 2010-11-20 15:24 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\g711codc.ax
2015-04-20 19:20 - 2010-11-20 15:24 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\ftp.exe
2015-04-20 19:20 - 2010-11-20 15:24 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\vbisurf.ax

iParanoid · 01.05.2015, 15:55

FRST.txt Teil 5

Code:

ATTFilter

2015-04-20 19:20 - 2010-11-20 15:24 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\choice.exe
2015-04-20 19:20 - 2010-11-20 15:24 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\LogonUI.exe
2015-04-20 19:20 - 2010-11-20 15:24 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\chgport.exe
2015-04-20 19:20 - 2010-11-20 15:24 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\chglogon.exe
2015-04-20 19:20 - 2010-11-20 15:24 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\logoff.exe
2015-04-20 19:20 - 2010-11-20 15:24 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\chgusr.exe
2015-04-20 19:20 - 2010-11-20 15:24 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\FXSUNATD.exe
2015-04-20 19:20 - 2010-11-20 15:24 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2015-04-20 19:20 - 2010-11-20 15:24 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\change.exe
2015-04-20 19:20 - 2010-11-20 15:15 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2015-04-20 19:20 - 2010-11-20 15:14 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwizres.dll
2015-04-20 19:20 - 2010-11-20 15:13 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\RDPENCDD.dll
2015-04-20 19:20 - 2010-11-20 15:13 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2015-04-20 19:20 - 2010-11-20 15:12 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\pifmgr.dll
2015-04-20 19:20 - 2010-11-20 15:09 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\vmicres.dll
2015-04-20 19:20 - 2010-11-20 15:09 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\vmbusres.dll
2015-04-20 19:20 - 2010-11-20 15:09 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\vmstorfltres.dll
2015-04-20 19:20 - 2010-11-20 15:02 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2015-04-20 19:20 - 2010-11-20 15:02 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2015-04-20 19:20 - 2010-11-20 15:02 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\KBDTUQ.DLL
2015-04-20 19:20 - 2010-11-20 15:02 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\KBDTUF.DLL
2015-04-20 19:20 - 2010-11-20 15:02 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\KBDSG.DLL
2015-04-20 19:20 - 2010-11-20 15:02 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\kbdlk41a.dll
2015-04-20 19:20 - 2010-11-20 15:02 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\KBDGKL.DLL
2015-04-20 19:20 - 2010-11-20 15:02 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\KBDCZ1.DLL
2015-04-20 19:20 - 2010-11-20 15:02 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDSF.DLL
2015-04-20 19:20 - 2010-11-20 15:02 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDPO.DLL
2015-04-20 19:20 - 2010-11-20 15:02 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDNEPR.DLL
2015-04-20 19:20 - 2010-11-20 15:02 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDINTAM.DLL
2015-04-20 19:20 - 2010-11-20 15:02 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDINBEN.DLL
2015-04-20 19:20 - 2010-11-20 15:02 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDGR1.DLL
2015-04-20 19:20 - 2010-11-20 15:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDUS.DLL
2015-04-20 19:20 - 2010-11-20 15:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDUGHR1.DLL
2015-04-20 19:20 - 2010-11-20 15:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTURME.DLL
2015-04-20 19:20 - 2010-11-20 15:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAJIK.DLL
2015-04-20 19:20 - 2010-11-20 15:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDMON.DLL
2015-04-20 19:20 - 2010-11-20 15:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDMAORI.DLL
2015-04-20 19:20 - 2010-11-20 15:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDLT1.DLL
2015-04-20 19:20 - 2010-11-20 15:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINTEL.DLL
2015-04-20 19:20 - 2010-11-20 15:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINORI.DLL
2015-04-20 19:20 - 2010-11-20 15:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINMAR.DLL
2015-04-20 19:20 - 2010-11-20 15:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINKAN.DLL
2015-04-20 19:20 - 2010-11-20 15:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINHIN.DLL
2015-04-20 19:20 - 2010-11-20 15:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBULG.DLL
2015-04-20 19:20 - 2010-11-20 15:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBLR.DLL
2015-04-20 19:20 - 2010-11-20 15:02 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDGEO.DLL
2015-04-20 19:20 - 2010-11-20 14:58 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\dpnaddr.dll
2015-04-20 19:20 - 2010-11-20 14:54 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\BlbEvents.dll
2015-04-20 19:20 - 2010-11-20 14:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-ums-l1-1-0.dll
2015-04-20 19:20 - 2010-11-20 14:36 - 00107008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NAPHLPR.DLL
2015-04-20 19:20 - 2010-11-20 14:36 - 00046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NAPCRYPT.DLL
2015-04-20 19:20 - 2010-11-20 14:23 - 00144768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 02983424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbon.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 02755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 02202624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsCpl.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 02157568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themecpl.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 02146304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncCenter.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 01624064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPEncEn.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 01326592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanpref.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 01227776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 01003008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMNetMgr.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00933376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Vault.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00902656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2015-04-20 19:20 - 2010-11-20 14:21 - 00782336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00778240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqlsrv32.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00755200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sud.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2015-04-20 19:20 - 2010-11-20 14:21 - 00738816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00638976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VAN.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00600064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2015-04-20 19:20 - 2010-11-20 14:21 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmdev.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00473600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\riched20.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00464896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrptadm.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00458752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00436736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmnet.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00428544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shwebsvc.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00416768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiadefui.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00411648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlangpui.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00410624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\systemcpl.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00410112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanui.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00406528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00380416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sxs.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\termmgr.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwizeng.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00352256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpeffects.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00350720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDSp.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00346624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00335872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSATAPI.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00328192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsvcs.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00327680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\raschap.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqlcese30.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srchadmin.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00299520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpdxm.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00276992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00246272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scansetting.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00242176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tapisrv.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00228352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00222208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wavemsp.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVolSSO.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00198144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdwcn.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppcomapi.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqmapi.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00186368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpsrcwp.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00181760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tcpipcfg.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasppp.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scecli.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spp.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vdsbas.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\syncui.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remotepg.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twext.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpps.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00134656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxlib.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsetup.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiavideo.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00108032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00105984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDShServiceObj.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00105472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpshell.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppinst.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srvcli.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\thumbcache.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QUTIL.DLL
2015-04-20 19:20 - 2010-11-20 14:21 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserAccountControlSettings.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\regapi.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tlscsp.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spbcd.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unimdmat.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vfwwdm32.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpd3d.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00051712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsnmp32.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00051712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00051200 _____ (Twain Working Group) C:\Windows\twain_32.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samcli.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wkscli.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RpcRtRemote.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wtsapi32.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtutils.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshbth.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimgvw.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\utildll.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vpnikeapi.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsdchngr.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TRAPI.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdprefdrvapi.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shgina.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spopk.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00019456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sisbkup.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schedcli.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\syssetup.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsbyuv.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshirda.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shunimpl.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2015-04-20 19:20 - 2010-11-20 14:21 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\riched32.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 02504192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVCORE.DLL
2015-04-20 19:20 - 2010-11-20 14:20 - 02494464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netshell.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 02130944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\networkmap.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 01750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pnidui.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 01661440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\networkexplorer.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 01644032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcenter.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 01508864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 01160192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 01111552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\onexui.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00932352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00859648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OobeFldr.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00801280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NaturalLanguage6.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00600576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PerfCenterCPL.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powercpl.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceStatus.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00395264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnfldr.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00346112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshipsec.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00324608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00283136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdv.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00236544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00225792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netdiagfx.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OnLineIDCpl.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\onex.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00190976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qcap.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00183296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceSyncProvider.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netplwiz.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00174592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ocsetapi.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QAGENT.DLL
2015-04-20 19:20 - 2010-11-20 14:20 - 00167936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSHVHOST.DLL
2015-04-20 19:20 - 2010-11-20 14:20 - 00166400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netiohlp.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00165376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\provsvc.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netjoin.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00136192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mydocs.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00121344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prntvpt.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netid.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prncache.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSVRMGMT.DLL
2015-04-20 19:20 - 2010-11-20 14:20 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nci.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olethk32.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QCLIPROV.DLL
2015-04-20 19:20 - 2010-11-20 14:20 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntlanman.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\napdsnap.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptui.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcconf.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netutils.dll
2015-04-20 19:20 - 2010-11-20 14:20 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfts.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00856576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallControlPanel.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00830464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2015-04-20 19:20 - 2010-11-20 14:19 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontext.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00592384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00429056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\localsec.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00400896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ipsmsnap.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00392192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imapi2.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00320512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxclu.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00320512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hgcpl.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprddm.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MediaMetadataHandler.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00226304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSAC3ENC.DLL
2015-04-20 19:20 - 2010-11-20 14:19 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iTVData.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00213504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MMDevAPI.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstask.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFPlay.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasrad.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00167936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msutb.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprapi.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00148992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ifsutil.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logoncli.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00124416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fde.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasrecst.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvfw32.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IPHLPAPI.DLL
2015-04-20 19:20 - 2010-11-20 14:19 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\migisol.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fphc.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00093696 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\SysWOW64\fms.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mciavi32.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00082944 _____ (Radius Inc.) C:\Windows\SysWOW64\iccvid.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasacct.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hbaapi.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdeploy.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetmib1.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iyuv_32.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00042496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mimefilt.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\luainstall.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mciqtz32.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\httpapi.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msasn1.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvidc32.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdmo.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsium.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msyuv.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lsmproxy.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\muifontsetup.dll
2015-04-20 19:20 - 2010-11-20 14:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrle32.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 03727872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\accessibilitycpl.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 01400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DxpTaskSync.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 01040384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Display.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00854016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00762880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\azroles.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00744448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActionCenter.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00740864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\batmeter.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00685056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsuiext.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuxiliaryDisplayCpl.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00630784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXPTaskRingtone.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00537600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActionCenterCPL.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00484864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceCenter.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00438272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AdmTmpl.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appmgr.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00333824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3ui.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00314368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\azroleui.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00257024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpx.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00243712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\audiodev.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00242176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00222208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\defaultlocationcpl.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00211456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairingFolder.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiagn.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00205312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\efscore.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00202752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\activeds.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dskquoui.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsldp.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autoplay.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscobj.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00132608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cabview.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00128512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EhStorAPI.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3msm.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscmmc.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\avifil32.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3cfg.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cabinet.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\amstream.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cca.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertPolEng.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\acppage.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscapi.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsauth.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00028160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzSqlExt.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscdll.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elsTrans.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bitsperf.dll
2015-04-20 19:20 - 2010-11-20 14:18 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\C_ISCII.DLL
2015-04-20 19:20 - 2010-11-20 14:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browseui.dll
2015-04-20 19:20 - 2010-11-20 14:17 - 00586752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfrgui.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00327680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimserv.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00314368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVol.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00303104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00288256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eudcedit.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00276480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskraid.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sethc.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00227328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskmgr.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PkgMgr.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00197632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ocsetup.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsicli.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\net1.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskpart.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00113152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupugc.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00101376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mobsync.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00098816 _____ (Microsoft) C:\Windows\SysWOW64\Robocopy.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nslookup.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logagent.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\isoburn.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmstp.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MuiUnattend.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\w32tm.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\findstr.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\takeown.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\runonce.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzutil.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00042496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ftp.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unlodctr.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\proquota.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userinit.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netiougc.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2015-04-20 19:20 - 2010-11-20 14:17 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgentc.exe
2015-04-20 19:20 - 2010-11-20 14:16 - 00905216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl
2015-04-20 19:20 - 2010-11-20 14:16 - 00878592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Bubbles.scr
2015-04-20 19:20 - 2010-11-20 14:16 - 00776192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2015-04-20 19:20 - 2010-11-20 14:16 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bthprops.cpl
2015-04-20 19:20 - 2010-11-20 14:16 - 00679424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autoconv.exe
2015-04-20 19:20 - 2010-11-20 14:16 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe
2015-04-20 19:20 - 2010-11-20 14:16 - 00658944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autofmt.exe
2015-04-20 19:20 - 2010-11-20 14:16 - 00649216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl
2015-04-20 19:20 - 2010-11-20 14:16 - 00516096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\main.cpl
2015-04-20 19:20 - 2010-11-20 14:16 - 00413696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
2015-04-20 19:20 - 2010-11-20 14:16 - 00389632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2015-04-20 19:20 - 2010-11-20 14:16 - 00345088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2015-04-20 19:20 - 2010-11-20 14:16 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysdm.cpl
2015-04-20 19:20 - 2010-11-20 14:16 - 00320000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2015-04-20 19:20 - 2010-11-20 14:16 - 00293888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ssText3d.scr
2015-04-20 19:20 - 2010-11-20 14:16 - 00281088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unimdm.tsp
2015-04-20 19:20 - 2010-11-20 14:16 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mystify.scr
2015-04-20 19:20 - 2010-11-20 14:16 - 00220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Ribbons.scr
2015-04-20 19:20 - 2010-11-20 14:16 - 00204288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSNP.ax
2015-04-20 19:20 - 2010-11-20 14:16 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2015-04-20 19:20 - 2010-11-20 14:16 - 00186368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bitsadmin.exe
2015-04-20 19:20 - 2010-11-20 14:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdmaud.drv
2015-04-20 19:20 - 2010-11-20 14:16 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VBICodec.ax
2015-04-20 19:20 - 2010-11-20 14:16 - 00142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powercfg.cpl
2015-04-20 19:20 - 2010-11-20 14:16 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\desk.cpl
2015-04-20 19:20 - 2010-11-20 14:16 - 00107008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Kswdmcap.ax
2015-04-20 19:20 - 2010-11-20 14:16 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kstvtune.ax
2015-04-20 19:20 - 2010-11-20 14:16 - 00072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax
2015-04-20 19:20 - 2010-11-20 14:16 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSTPager.ax
2015-04-20 19:20 - 2010-11-20 14:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax
2015-04-20 19:20 - 2010-11-20 14:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksxbar.ax
2015-04-20 19:20 - 2010-11-20 14:16 - 00045568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\g711codc.ax
2015-04-20 19:20 - 2010-11-20 14:16 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbisurf.ax
2015-04-20 19:20 - 2010-11-20 14:08 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-04-20 19:20 - 2010-11-20 14:08 - 00119808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imm32.dll
2015-04-20 19:20 - 2010-11-20 14:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTUQ.DLL
2015-04-20 19:20 - 2010-11-20 14:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTUF.DLL
2015-04-20 19:20 - 2010-11-20 14:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDSG.DLL
2015-04-20 19:20 - 2010-11-20 14:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdlk41a.dll
2015-04-20 19:20 - 2010-11-20 14:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDGR1.DLL
2015-04-20 19:20 - 2010-11-20 14:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDGKL.DLL
2015-04-20 19:20 - 2010-11-20 14:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDCZ1.DLL
2015-04-20 19:20 - 2010-11-20 14:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDSF.DLL
2015-04-20 19:20 - 2010-11-20 14:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDPO.DLL
2015-04-20 19:20 - 2010-11-20 14:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDNEPR.DLL
2015-04-20 19:20 - 2010-11-20 14:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTAM.DLL
2015-04-20 19:20 - 2010-11-20 14:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINORI.DLL
2015-04-20 19:20 - 2010-11-20 14:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINMAR.DLL
2015-04-20 19:20 - 2010-11-20 14:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINKAN.DLL
2015-04-20 19:20 - 2010-11-20 14:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINHIN.DLL
2015-04-20 19:20 - 2010-11-20 14:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBEN.DLL
2015-04-20 19:20 - 2010-11-20 14:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDUS.DLL
2015-04-20 19:20 - 2010-11-20 14:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDUGHR1.DLL
2015-04-20 19:20 - 2010-11-20 14:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTURME.DLL
2015-04-20 19:20 - 2010-11-20 14:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAJIK.DLL
2015-04-20 19:20 - 2010-11-20 14:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDMON.DLL
2015-04-20 19:20 - 2010-11-20 14:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDMAORI.DLL
2015-04-20 19:20 - 2010-11-20 14:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDLT1.DLL
2015-04-20 19:20 - 2010-11-20 14:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTEL.DLL
2015-04-20 19:20 - 2010-11-20 14:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDGEO.DLL
2015-04-20 19:20 - 2010-11-20 14:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBULG.DLL
2015-04-20 19:20 - 2010-11-20 14:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBLR.DLL
2015-04-20 19:20 - 2010-11-20 14:07 - 01164800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll
2015-04-20 19:20 - 2010-11-20 14:07 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwizres.dll
2015-04-20 19:20 - 2010-11-20 14:06 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2015-04-20 19:20 - 2010-11-20 14:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pifmgr.dll
2015-04-20 19:20 - 2010-11-20 14:00 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2015-04-20 19:20 - 2010-11-20 14:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2015-04-20 19:20 - 2010-11-20 13:57 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnaddr.dll
2015-04-20 19:20 - 2010-11-20 13:37 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbrpm.sys
2015-04-20 19:20 - 2010-11-20 13:06 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpdr.sys
2015-04-20 19:20 - 2010-11-20 12:52 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys
2015-04-20 19:20 - 2010-11-20 12:52 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
2015-04-20 19:20 - 2010-11-20 12:52 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
2015-04-20 19:20 - 2010-11-20 12:52 - 00111104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys
2015-04-20 19:20 - 2010-11-20 12:52 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2015-04-20 19:20 - 2010-11-20 12:52 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys
2015-04-20 19:20 - 2010-11-20 12:52 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2015-04-20 19:20 - 2010-11-20 12:51 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2015-04-20 19:20 - 2010-11-20 12:50 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys
2015-04-20 19:20 - 2010-11-20 12:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-04-20 19:20 - 2010-11-20 12:44 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2015-04-20 19:20 - 2010-11-20 12:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys
2015-04-20 19:20 - 2010-11-20 12:44 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys
2015-04-20 19:20 - 2010-11-20 12:43 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2015-04-20 19:20 - 2010-11-20 12:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2015-04-20 19:20 - 2010-11-20 12:34 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys
2015-04-20 19:20 - 2010-11-20 12:33 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2015-04-20 19:20 - 2010-11-20 12:33 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CompositeBus.sys
2015-04-20 19:20 - 2010-11-20 12:33 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2015-04-20 19:20 - 2010-11-20 12:09 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys
2015-04-20 19:20 - 2010-11-20 12:04 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2015-04-20 19:20 - 2010-11-20 11:57 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\VmbusCoinstaller.dll
2015-04-20 19:20 - 2010-11-20 11:57 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\VmdCoinstall.dll
2015-04-20 19:20 - 2010-11-20 11:57 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\IcCoinstall.dll
2015-04-20 19:20 - 2010-11-20 11:57 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\vmictimeprovider.dll
2015-04-20 19:20 - 2010-11-20 11:57 - 00021760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VMBusHID.sys
2015-04-20 19:20 - 2010-11-20 11:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\vmbuspipe.dll
2015-04-20 19:20 - 2010-11-20 11:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vms3cap.sys
2015-04-20 19:20 - 2010-11-20 11:30 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpipmi.sys
2015-04-20 19:20 - 2010-11-20 11:26 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2015-04-20 19:20 - 2010-11-20 11:26 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2015-04-20 19:20 - 2010-11-20 11:22 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys
2015-04-20 19:20 - 2010-11-20 11:19 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys
2015-04-20 19:20 - 2010-11-10 03:48 - 00010429 _____ () C:\Windows\system32\ScavengeSpace.xml
2015-04-20 19:20 - 2010-11-05 04:20 - 00105559 _____ () C:\Windows\SysWOW64\RacRules.xml
2015-04-20 19:20 - 2010-11-05 04:20 - 00105559 _____ () C:\Windows\system32\RacRules.xml
2015-04-20 19:20 - 2010-11-05 04:11 - 00433512 _____ (Microsoft Corporation) C:\Windows\system32\MCEWMDRMNDBootstrap.dll
2015-04-20 19:20 - 2010-11-05 04:11 - 00312168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCEWMDRMNDBootstrap.dll
2015-04-20 19:19 - 2015-04-20 19:19 - 00000000 ____D () C:\ProgramData\Riot Games
2015-04-20 19:19 - 2010-11-20 15:26 - 00399872 _____ (Microsoft Corporation) C:\Windows\system32\dpx.dll
2015-04-20 19:19 - 2010-11-20 14:21 - 00363008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wbemcomn.dll
2015-04-20 19:19 - 2010-11-20 14:21 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdscore.dll
2015-04-20 19:19 - 2009-06-10 23:40 - 00146389 _____ () C:\Windows\SysWOW64\printmanagement.msc
2015-04-20 19:19 - 2009-06-10 23:39 - 00001041 _____ () C:\Windows\SysWOW64\tcpbidi.xml
2015-04-20 19:18 - 2010-11-20 15:27 - 00529408 _____ (Microsoft Corporation) C:\Windows\system32\wbemcomn.dll
2015-04-20 19:16 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2015-04-20 19:16 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2015-04-20 19:16 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-04-20 19:16 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-04-20 19:16 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-04-20 19:14 - 2015-04-20 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2015-04-20 19:09 - 2015-04-20 19:09 - 00003466 _____ () C:\Windows\System32\Tasks\{04CE8BB4-84F8-47EC-A302-AF796863BC9F}
2015-04-20 19:08 - 2015-04-20 19:17 - 00000000 ____D () C:\Users\iParanoid\AppData\Roaming\Riot Games
2015-04-20 19:03 - 2015-04-20 19:03 - 00076944 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2015-04-20 19:03 - 2015-04-20 19:03 - 00074000 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2015-04-20 19:01 - 2015-04-20 19:01 - 00588651 _____ () C:\ProgramData\1429548903.bdinstall.bin
2015-04-20 19:01 - 2015-04-20 19:01 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2015-04-20 19:01 - 2015-04-20 19:01 - 00000385 _____ () C:\Users\iParanoid\AppData\Roaminguser_gensett.xml
2015-04-20 19:00 - 2015-04-23 21:12 - 00000000 ____D () C:\ProgramData\BDLogging
2015-04-20 19:00 - 2015-04-20 19:00 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-04-20 19:00 - 2015-04-20 19:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
2015-04-20 18:59 - 2015-01-23 16:30 - 00262544 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2015-04-20 18:59 - 2015-01-14 13:13 - 00677104 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2015-04-20 18:59 - 2015-01-14 13:07 - 01306464 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2015-04-20 18:59 - 2015-01-09 11:59 - 00082824 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2015-04-20 18:59 - 2015-01-09 11:44 - 00074000 _____ (BitDefender SRL) C:\Windows\SysWOW64\bdsandboxuiskin32.dll
2015-04-20 18:59 - 2014-12-15 18:04 - 00093600 _____ (BitDefender LLC) C:\Windows\system32\Drivers\BdfNdisf6.sys
2015-04-20 18:59 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2015-04-20 18:57 - 2015-04-20 19:03 - 00000000 ____D () C:\Users\iParanoid\AppData\Roaming\Bitdefender
2015-04-20 18:55 - 2015-04-20 19:01 - 00000000 ____D () C:\ProgramData\Bitdefender
2015-04-20 18:55 - 2015-04-20 18:55 - 00000000 ____D () C:\Users\iParanoid\AppData\Roaming\QuickScan
2015-04-20 18:55 - 2015-04-20 18:55 - 00000000 ____D () C:\Program Files\Bitdefender
2015-04-20 18:55 - 2015-02-24 17:52 - 00160544 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2015-04-20 18:55 - 2015-01-09 11:44 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUISkin.dll
2015-04-20 18:55 - 2015-01-09 11:44 - 00033360 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUH.dll
2015-04-20 18:55 - 2014-10-15 17:14 - 00452040 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2015-04-20 18:54 - 2015-04-20 18:55 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2015-04-20 18:54 - 2015-04-20 18:54 - 00000000 ____D () C:\Users\iParanoid\AppData\Local\Steam
2015-04-20 18:53 - 2015-05-01 10:19 - 00000000 _____ () C:\Windows\Path.idx
2015-04-20 18:52 - 2015-04-20 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-04-20 18:46 - 2015-04-30 12:41 - 00000000 ____D () C:\Users\iParanoid\Desktop\Programme
2015-04-20 18:45 - 2015-04-20 18:45 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-04-20 18:45 - 2015-04-20 18:45 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-20 18:44 - 2015-04-20 18:44 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-20 18:44 - 2012-12-12 14:02 - 00000000 ____D () C:\Windows\SysWOW64\ROG_Video Intro  dir
2015-04-20 18:44 - 2011-10-28 10:01 - 00680960 ____R (ASUSTeK Computer Inc.) C:\Windows\SysWOW64\ROGThemeSetup.exe
2015-04-20 18:44 - 2009-10-31 08:34 - 02870272 _____ (Microsoft Corporation) C:\Windows\explorer.exe.rogbak
2015-04-20 18:43 - 2015-05-01 10:14 - 01048576 _____ () C:\Windows\PE_Rom.dll
2015-04-20 18:43 - 2015-04-24 22:38 - 00000000 ____D () C:\Users\iParanoid\AppData\Local\Razer
2015-04-20 18:43 - 2015-04-24 17:04 - 00000000 ____D () C:\Users\iParanoid\AppData\Local\NVIDIA
2015-04-20 18:43 - 2015-04-20 18:43 - 00000090 _____ () C:\Windows\FastBoot.log
2015-04-20 18:43 - 2015-04-20 18:43 - 00000000 ____D () C:\Users\iParanoid\AppData\Roaming\Synaptics
2015-04-20 18:39 - 2015-04-20 23:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-20 18:39 - 2015-04-20 18:39 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-20 18:39 - 2015-04-20 18:39 - 00000000 ____D () C:\Windows\AsusInstAll
2015-04-20 18:38 - 2015-04-20 18:38 - 00000000 ____D () C:\Program Files\ASUS
2015-04-20 18:36 - 2012-04-19 09:19 - 00014848 _____ (ASUSTek Computer Inc.) C:\Windows\SysWOW64\Drivers\AiChargerPlus.sys
2015-04-20 18:35 - 2015-04-24 02:44 - 00000000 ____D () C:\Windows\System32\Tasks\ASUS
2015-04-20 18:35 - 2015-04-20 18:35 - 00000000 ____D () C:\Windows\SysWOW64\Drivers\MFDLL
2015-04-20 18:35 - 2015-04-20 18:35 - 00000000 ____D () C:\Users\iParanoid\AppData\Roaming\Macromedia
2015-04-20 18:35 - 2015-04-20 18:35 - 00000000 ____D () C:\Users\iParanoid\AppData\Roaming\Adobe
2015-04-20 18:35 - 2015-04-20 18:35 - 00000000 ____D () C:\Users\iParanoid\AppData\Local\Macromedia
2015-04-20 18:35 - 2015-04-20 18:35 - 00000000 ____D () C:\ProgramData\ASUS
2015-04-20 18:35 - 2012-08-22 11:54 - 00015232 ____R () C:\Windows\SysWOW64\Drivers\AsIO.sys
2015-04-20 18:35 - 2010-06-29 09:41 - 00028672 ____R (ASUSTek Computer Inc.) C:\Windows\SysWOW64\AsIO.dll
2015-04-20 18:35 - 2008-12-02 20:05 - 00184320 _____ (ASUSTeK) C:\Windows\SysWOW64\Drivers\UpdateHelper.dll
2015-04-20 18:35 - 2008-01-04 07:34 - 00011832 ____N () C:\Windows\SysWOW64\Drivers\AsInsHelp64.sys
2015-04-20 18:31 - 2015-04-21 12:33 - 00001384 _____ () C:\Windows\Synaptics.log
2015-04-20 18:31 - 2015-04-20 18:31 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2015-04-20 18:31 - 2015-04-20 18:31 - 00000000 ____D () C:\Program Files\Synaptics
2015-04-20 18:30 - 2015-04-20 18:30 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_rzudd_01009.Wdf
2015-04-20 18:30 - 2015-04-20 18:30 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_rzhnet_01009.Wdf
2015-04-20 18:30 - 2015-04-20 18:30 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_rzendpt_01009.Wdf
2015-04-20 18:24 - 2015-04-20 18:24 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-20 18:24 - 2015-04-20 18:24 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-20 18:24 - 2015-04-20 18:24 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-04-20 18:24 - 2015-04-20 18:24 - 00000000 ____D () C:\Windows\system32\Macromed
2015-04-20 18:23 - 2015-04-20 18:25 - 00000000 ____D () C:\Users\iParanoid\AppData\Local\Adobe
2015-04-20 18:18 - 2015-04-21 12:37 - 00000000 ____D () C:\ProgramData\Razer
2015-04-20 18:17 - 2015-04-21 12:37 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-04-20 18:15 - 2015-04-20 18:15 - 00000000 ____D () C:\Users\iParanoid\AppData\Roaming\Mozilla
2015-04-20 18:15 - 2015-04-20 18:15 - 00000000 ____D () C:\Users\iParanoid\AppData\Local\Mozilla
2015-04-20 18:14 - 2015-04-24 22:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-20 18:14 - 2015-04-20 18:14 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-20 18:14 - 2015-04-20 18:14 - 00000000 ____D () C:\ProgramData\Mozilla
2015-04-20 18:07 - 2015-04-20 18:08 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-20 18:07 - 2015-04-01 11:16 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-20 17:54 - 2015-01-28 01:23 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-04-20 17:53 - 2011-04-09 08:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-04-20 17:53 - 2011-04-09 07:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-04-20 17:23 - 2015-02-24 04:17 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-04-20 17:08 - 2015-04-20 17:08 - 00000000 ____D () C:\Program Files\Intel
2015-04-20 17:08 - 2012-07-25 17:54 - 00538496 ____R (Intel Corporation) C:\Windows\system32\PROUnstl.exe
2015-04-20 17:08 - 2012-04-02 23:29 - 00511152 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1q62x64.sys
2015-04-20 17:08 - 2012-03-28 10:59 - 00099520 _____ (Intel Corporation) C:\Windows\system32\NicInstQ.dll
2015-04-20 17:08 - 2012-03-15 10:37 - 00072360 _____ (Intel Corporation) C:\Windows\system32\e1qmsg.dll
2015-04-20 17:08 - 2012-01-05 23:10 - 00003106 _____ () C:\Windows\system32\e1q62x64.din
2015-04-20 17:08 - 2009-05-26 19:05 - 00036472 _____ (Intel Corporation) C:\Windows\system32\NicCo36.dll
2015-04-20 17:08 - 2006-01-13 00:52 - 00001904 ____N () C:\Windows\system32\SetupBD.din
2015-04-20 17:07 - 2015-04-20 17:07 - 00000000 ____D () C:\Program Files (x86)\ASM104xUSB3
2015-04-20 17:06 - 2015-04-21 12:35 - 00339570 _____ () C:\Windows\DPINST.LOG
2015-04-20 17:06 - 2015-04-20 17:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asmedia Technology
2015-04-20 17:06 - 2015-04-20 17:06 - 00000000 ____D () C:\Program Files (x86)\ASM106xSATA
2015-04-20 17:05 - 2015-04-20 17:05 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-04-20 17:05 - 2015-04-20 17:05 - 00000000 ____D () C:\Program Files\Realtek
2015-04-20 17:04 - 2015-04-20 17:05 - 00002217 _____ () C:\RHDSetup.log
2015-04-20 17:04 - 2015-04-20 17:05 - 00000206 _____ () C:\Windows\audio.log
2015-04-20 17:04 - 2015-04-20 17:05 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-04-20 17:04 - 2015-04-20 17:04 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-04-20 17:04 - 2012-08-07 12:51 - 04102928 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-04-20 17:04 - 2012-08-07 09:11 - 00329737 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-04-20 17:04 - 2012-08-06 09:44 - 01561744 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-04-20 17:04 - 2012-08-06 05:49 - 02743440 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-04-20 17:04 - 2012-08-03 12:18 - 01706640 ____R (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2015-04-20 17:04 - 2012-08-03 06:13 - 05911552 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-04-20 17:04 - 2012-08-01 12:29 - 00109200 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-04-20 17:04 - 2012-07-24 11:30 - 00606336 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2015-04-20 17:04 - 2012-07-23 10:44 - 01433976 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2015-04-20 17:04 - 2012-07-20 08:41 - 00880784 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-04-20 17:04 - 2012-07-19 10:52 - 07598456 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2015-04-20 17:04 - 2012-07-19 10:52 - 02028920 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-04-20 17:04 - 2012-07-19 10:51 - 02080120 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2015-04-20 17:04 - 2012-07-19 10:51 - 00834936 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2015-04-20 17:04 - 2012-07-16 08:16 - 03643024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2015-04-20 17:04 - 2012-07-15 15:13 - 00394616 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2015-04-20 17:04 - 2012-07-15 15:13 - 00394616 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-04-20 17:04 - 2012-07-02 09:39 - 01264272 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-04-20 17:04 - 2012-06-20 11:26 - 00110592 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-04-20 17:04 - 2012-06-15 05:20 - 07163784 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2015-04-20 17:04 - 2012-06-15 05:20 - 00433544 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2015-04-20 17:04 - 2012-06-15 05:20 - 00141192 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2015-04-20 17:04 - 2012-06-15 05:20 - 00123784 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2015-04-20 17:04 - 2012-06-15 05:20 - 00074632 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2015-04-20 17:04 - 2012-04-10 08:40 - 02533952 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-04-20 17:04 - 2012-03-08 05:47 - 00202336 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-04-20 17:04 - 2012-03-08 05:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-04-20 17:04 - 2012-01-30 05:43 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2015-04-20 17:04 - 2012-01-23 16:30 - 00537456 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2015-04-20 17:04 - 2012-01-23 16:30 - 00524656 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2015-04-20 17:04 - 2012-01-23 16:30 - 00449392 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2015-04-20 17:04 - 2012-01-10 04:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2015-04-20 17:04 - 2011-12-20 09:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-04-20 17:04 - 2011-11-22 10:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-04-20 17:04 - 2011-09-02 08:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2015-04-20 17:04 - 2011-09-02 08:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2015-04-20 17:04 - 2011-09-02 08:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2015-04-20 17:04 - 2011-08-23 11:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2015-04-20 17:04 - 2011-08-11 10:55 - 00001332 ____R () C:\Windows\system32\Drivers\DTSU2P.DAT
2015-04-20 17:04 - 2011-05-31 03:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2015-04-20 17:04 - 2011-05-31 03:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2015-04-20 17:04 - 2011-05-31 03:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2015-04-20 17:04 - 2011-05-31 03:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2015-04-20 17:04 - 2011-05-31 03:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2015-04-20 17:04 - 2011-05-31 03:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2015-04-20 17:04 - 2011-05-31 03:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2015-04-20 17:04 - 2011-05-31 03:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2015-04-20 17:04 - 2011-05-31 03:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2015-04-20 17:04 - 2011-05-31 03:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2015-04-20 17:04 - 2011-05-31 03:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2015-04-20 17:04 - 2011-05-31 03:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2015-04-20 17:04 - 2011-03-17 06:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2015-04-20 17:04 - 2011-03-07 11:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2015-04-20 17:04 - 2010-11-08 01:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-04-20 17:04 - 2010-11-08 01:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-04-20 17:04 - 2010-11-08 01:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-04-20 17:04 - 2010-11-08 01:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-04-20 17:04 - 2010-11-08 01:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-04-20 17:04 - 2010-11-08 01:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-04-20 17:04 - 2010-11-03 12:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-04-20 17:04 - 2010-09-27 03:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-04-20 17:04 - 2010-07-22 10:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2015-04-20 17:04 - 2009-11-24 03:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-04-20 17:04 - 2009-11-24 03:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-04-20 17:04 - 2009-11-24 03:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-04-20 17:04 - 2009-11-24 03:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-04-20 17:01 - 2015-04-21 00:55 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-20 17:01 - 2015-04-20 17:01 - 00000000 ____D () C:\Program Files\ATI
2015-04-20 17:01 - 2015-04-20 17:01 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2015-04-20 17:01 - 2012-08-28 14:27 - 00058536 ____R (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
2015-04-20 17:01 - 2012-04-11 03:40 - 00082560 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_sata.sys
2015-04-20 17:01 - 2012-04-11 03:40 - 00042624 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_xata.sys
2015-04-20 16:57 - 2015-04-20 18:46 - 00058423 _____ () C:\Windows\Ascd_log.ini
2015-04-20 16:57 - 2011-02-25 08:25 - 00296320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2015-04-20 16:56 - 2015-04-20 18:33 - 00042066 _____ () C:\Windows\Ascd_tmp.ini
2015-04-20 16:56 - 2015-04-20 16:56 - 00001769 _____ () C:\Windows\Language_trs.ini
2015-04-20 16:55 - 2010-02-23 07:46 - 00023680 _____ (ASUSTeK Computer Inc.) C:\Windows\system32\Drivers\IOMap64.sys
2015-04-20 16:52 - 2015-04-21 14:37 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-20 16:52 - 2015-04-20 18:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-04-20 16:52 - 2015-04-20 18:43 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-04-20 16:52 - 2015-04-20 16:52 - 00000032 _____ () C:\setup.log
2015-04-20 16:52 - 2015-04-20 16:52 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-04-20 16:52 - 2015-04-20 16:52 - 00000000 ____D () C:\Users\iParanoid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS
2015-04-20 16:50 - 2015-04-26 11:09 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-20 16:50 - 2015-04-20 16:50 - 00000000 ____D () C:\temp
2015-04-20 16:50 - 2015-04-08 23:30 - 06841488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-04-20 16:50 - 2015-04-08 23:30 - 03478344 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-04-20 16:50 - 2015-04-08 23:30 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-04-20 16:50 - 2015-04-08 23:30 - 00936264 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-04-20 16:50 - 2015-04-08 23:30 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-04-20 16:50 - 2015-04-08 23:30 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-04-20 16:50 - 2015-04-08 19:52 - 04336074 _____ () C:\Windows\system32\nvcoproc.bin
2015-04-20 16:49 - 2015-04-24 17:04 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-04-20 16:49 - 2015-04-24 00:41 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-04-20 16:49 - 2015-04-09 02:58 - 17176128 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-04-20 16:49 - 2015-04-09 02:58 - 12689592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-04-20 16:49 - 2015-04-09 02:58 - 00029329 _____ () C:\Windows\system32\nvinfo.pb
2015-04-20 16:49 - 2012-09-07 03:17 - 01760104 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco64.dll
2015-04-20 16:49 - 2012-09-07 03:17 - 01482600 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco64.dll
2015-04-20 16:48 - 2015-04-24 00:41 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-20 16:46 - 2015-04-29 16:58 - 00064856 _____ () C:\Users\iParanoid\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-20 16:26 - 2015-04-20 23:32 - 00001425 _____ () C:\Users\iParanoid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-20 16:25 - 2015-05-01 10:29 - 00000000 ____D () C:\Users\iParanoid
2015-04-20 16:25 - 2015-04-20 16:25 - 00000020 ___SH () C:\Users\iParanoid\ntuser.ini
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\Users\iParanoid\Vorlagen
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\Users\iParanoid\Startmenü
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\Users\iParanoid\Netzwerkumgebung
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\Users\iParanoid\Lokale Einstellungen
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\Users\iParanoid\Eigene Dateien
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\Users\iParanoid\Druckumgebung
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\Users\iParanoid\Documents\Eigene Musik
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\Users\iParanoid\Documents\Eigene Bilder
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\Users\iParanoid\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\Users\iParanoid\AppData\Local\Verlauf
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\Users\iParanoid\AppData\Local\Anwendungsdaten
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\Users\iParanoid\Anwendungsdaten
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\Programme
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\ProgramData\Favoriten
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\ProgramData\Dokumente
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 __SHD () C:\Recovery
2015-04-20 16:25 - 2015-04-20 16:25 - 00000000 ____D () C:\Users\iParanoid\AppData\Local\VirtualStore
2015-04-20 16:25 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\iParanoid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-20 16:25 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\iParanoid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-20 16:20 - 2015-04-20 16:25 - 00000000 ____D () C:\Windows\Panther
2015-04-20 15:26 - 2015-04-20 15:26 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-04-20 15:25 - 2015-05-01 10:24 - 01905249 _____ () C:\Windows\WindowsUpdate.log
2015-04-20 15:25 - 2015-04-20 15:25 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-04-20 15:25 - 2015-04-20 15:25 - 00001313 _____ () C:\Windows\TSSysprep.log

FRST.txt letzter Teil

Code:

ATTFilter

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-01 10:21 - 2009-07-14 06:45 - 00025520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-01 10:21 - 2009-07-14 06:45 - 00025520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-01 10:18 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-05-01 10:18 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-05-01 10:18 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-01 10:12 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-01 10:11 - 2009-07-14 06:51 - 00032230 _____ () C:\Windows\setupact.log
2015-04-29 13:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-29 13:21 - 2009-07-14 06:45 - 00294544 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-23 21:13 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2015-04-22 12:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-04-21 23:23 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-04-21 17:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-21 00:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-20 23:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2015-04-20 23:31 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-20 23:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-04-20 23:18 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2015-04-20 23:18 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Defender
2015-04-20 23:18 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-04-20 23:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2015-04-20 23:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2015-04-20 23:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-04-20 23:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2015-04-20 23:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-04-20 23:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-04-20 19:51 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-20 19:30 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-04-20 19:30 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-04-20 19:30 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-04-20 19:30 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\DVD Maker
2015-04-20 19:30 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2015-04-20 19:30 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2015-04-20 19:30 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-04-20 19:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\sppui
2015-04-20 19:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
2015-04-20 19:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2015-04-20 19:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2015-04-20 19:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\manifeststore
2015-04-20 19:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\AdvancedInstallers
2015-04-20 19:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sppui
2015-04-20 19:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Setup
2015-04-20 19:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\oobe
2015-04-20 19:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\migwiz
2015-04-20 19:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\manifeststore
2015-04-20 19:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\servicing
2015-04-20 19:26 - 2009-07-14 04:36 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2015-04-20 19:26 - 2009-07-14 04:36 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2015-04-20 18:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-04-20 18:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Cursors
2015-04-20 16:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2015-04-20 16:49 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\restore
2015-04-20 16:25 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-20 16:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Windows NT
2015-04-20 16:20 - 2009-07-14 07:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2015-04-20 16:20 - 2009-07-14 07:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2015-04-20 15:25 - 2009-07-14 06:46 - 00001774 _____ () C:\Windows\DtcInstall.log
2015-04-20 15:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sysprep
2015-04-20 15:21 - 2009-07-14 20:18 - 00000000 ____D () C:\Windows\CSC

==================== Files in the root of some directories =======

2015-04-26 22:30 - 2015-04-26 22:30 - 0007597 _____ () C:\Users\iParanoid\AppData\Local\Resmon.ResmonCfg
2008-02-05 14:28 - 2008-02-05 14:28 - 0000051 _____ () C:\Users\iParanoid\AppData\Local\setup.txt
2015-04-20 19:01 - 2015-04-20 19:01 - 0588651 _____ () C:\ProgramData\1429548903.bdinstall.bin

Some content of TEMP:
====================
C:\Users\iParanoid\AppData\Local\Temp\Quarantine.exe
C:\Users\iParanoid\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-25 03:21

==================== End Of Log ============================

iParanoid · 01.05.2015, 15:59

Teil 1 GMER.log

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-01 11:02:33
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk2\DR2 -> \Device\0000006c ST310005 rev.JC4B 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\IPARAN~1\AppData\Local\Temp\uxtiiuog.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                              00000000775fde90 6 bytes [48, B8, F0, 12, 97, 01]
.text    C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                          00000000775fde98 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[932] C:\Windows\system32\kernel32.dll!UnhandledExceptionFilter + 1                                                                 000000007742b861 11 bytes [B8, F0, 12, 8B, 01, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1496] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                   0000000077391b21 11 bytes [B8, 79, BB, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1496] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                             0000000077391c10 12 bytes [48, B8, F9, 39, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1496] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                      0000000077392b61 8 bytes [B8, 79, D0, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1496] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                     0000000077392b6a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[1496] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                               00000000773adbc0 12 bytes [48, B8, B9, 2D, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1496] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                  00000000773b0941 11 bytes [B8, B9, E3, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1496] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                00000000773e5331 11 bytes [B8, B9, 7A, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1496] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                00000000773e5351 11 bytes [B8, 39, 77, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1496] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                         00000000773fa660 12 bytes [48, B8, B9, 81, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1496] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                         00000000773fa770 12 bytes [48, B8, 39, 7E, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1496] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                            000000007741f511 11 bytes [B8, 79, D7, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1496] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                            000000007741f711 11 bytes [B8, F9, D3, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1496] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                      000000007741f741 8 bytes [B8, F9, CC, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1496] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                     000000007741f74a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[1496] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                    000007fefd3e1861 11 bytes [B8, 79, 52, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1496] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                 000007fefd3e30f1 11 bytes [B8, F9, B0, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1496] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                       000007fefd3e8c00 12 bytes [48, B8, B9, 50, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1496] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                 000007fefd3eb591 11 bytes [B8, B9, AB, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1496] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                     000007fefd3f2361 11 bytes [B8, F9, 4E, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1496] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                     000007fefd3fa590 12 bytes [48, B8, 79, AD, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1496] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                    000007fefd3fac01 11 bytes [B8, 39, AF, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1496] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                 000007fefd4142e0 12 bytes [48, B8, B9, 42, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1496] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                               000007fefd420ba1 11 bytes [B8, 79, C9, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1496] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                             000007fefd422801 8 bytes [B8, 39, 23, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1496] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                            000007fefd42280a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[1496] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                   000007fefd422841 11 bytes [B8, F9, 40, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                    000007feff71642d 11 bytes [B8, 39, 5B, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                          000007feff716484 12 bytes [48, B8, F9, 55, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                000007feff716519 11 bytes [B8, 39, 62, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                          000007feff716c34 12 bytes [48, B8, 39, 54, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                     000007feff717ab5 11 bytes [B8, F9, 5C, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                 000007feff718b01 11 bytes [B8, B9, 57, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1496] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                 000007feff718c39 11 bytes [B8, 79, 59, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                        00000000775e6741 7 bytes [B8, 39, 69, E4, 75, 00, 00]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10                                                                                       00000000775e674a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                                             00000000775fdc50 6 bytes [48, B8, B9, EA, E4, 75]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                                         00000000775fdc58 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                 00000000775fdcc0 6 bytes [48, B8, 39, BD, E4, 75]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                             00000000775fdcc8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                 00000000775fdd90 6 bytes [48, B8, F9, A9, E4, 75]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                             00000000775fdd98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                           00000000775fde30 6 bytes [48, B8, F9, 32, E4, 75]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                       00000000775fde38 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                      00000000775fde50 6 bytes [48, B8, 39, 1C, E4, 75]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                  00000000775fde58 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                    00000000775fde70 6 bytes [48, B8, F9, 1D, E4, 75]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                00000000775fde78 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                      00000000775fde90 6 bytes [48, B8, 39, A8, E4, 75]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                  00000000775fde98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                           00000000775fdf40 6 bytes [48, B8, 39, E7, E4, 75]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                       00000000775fdf48 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                    00000000775fdf70 6 bytes [48, B8, 79, 2F, E4, 75]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                00000000775fdf78 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                       00000000775fdf90 6 bytes [48, B8, 79, 36, E4, 75]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                   00000000775fdf98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                        00000000775fe020 6 bytes [48, B8, B9, 34, E4, 75]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                    00000000775fe028 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                         00000000775fe070 6 bytes [48, B8, 79, EC, E4, 75]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                                     00000000775fe078 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                       00000000775fe0a0 6 bytes [48, B8, 39, 2A, E4, 75]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                   00000000775fe0a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                          00000000775fe0b0 6 bytes [48, B8, B9, 26, E4, 75]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                      00000000775fe0b8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                            00000000775fe120 6 bytes [48, B8, F9, E8, E4, 75]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                                        00000000775fe128 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                           00000000775fe1d0 6 bytes [48, B8, F9, EF, E4, 75]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                       00000000775fe1d8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                          00000000775fe5a0 6 bytes [48, B8, 79, E5, E4, 75]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                      00000000775fe5a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                         00000000775fe5f0 6 bytes [48, B8, 79, 28, E4, 75]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                     00000000775fe5f8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                        00000000775fe650 6 bytes [48, B8, F9, 24, E4, 75]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                    00000000775fe658 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                            00000000775fe9c0 6 bytes [48, B8, F9, BE, E4, 75]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                        00000000775fe9c8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                        00000000775fef00 6 bytes [48, B8, 79, 83, E4, 75]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                    00000000775fef08 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                      00000000775ff100 6 bytes [48, B8, 39, 31, E4, 75]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                  00000000775ff108 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                  00000000775ff2c0 6 bytes [48, B8, B9, C0, E4, 75]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                              00000000775ff2c8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                        00000000775ff3a0 6 bytes [48, B8, 79, 3D, E4, 75]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                    00000000775ff3a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                         00000000775ff3b0 6 bytes [48, B8, B9, 3B, E4, 75]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                     00000000775ff3b8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                    00000000775ff3c0 6 bytes [48, B8, 39, EE, E4, 75]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                                00000000775ff3c8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                  000000007766ea21 11 bytes [B8, 39, 85, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                   0000000077391b21 11 bytes [B8, 79, BB, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                             0000000077391c10 12 bytes [48, B8, F9, 39, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                      0000000077392b61 8 bytes [B8, 79, D0, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                     0000000077392b6a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                               00000000773adbc0 12 bytes [48, B8, B9, 2D, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                  00000000773b0941 11 bytes [B8, B9, E3, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                00000000773e5331 11 bytes [B8, B9, 7A, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                00000000773e5351 11 bytes [B8, 39, 77, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                         00000000773fa660 12 bytes [48, B8, B9, 81, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                         00000000773fa770 12 bytes [48, B8, 39, 7E, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                            000000007741f511 11 bytes [B8, 79, D7, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                            000000007741f711 11 bytes [B8, F9, D3, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                      000000007741f741 8 bytes [B8, F9, CC, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                     000000007741f74a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                    000007fefd3e1861 11 bytes [B8, 79, 52, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                 000007fefd3e30f1 11 bytes [B8, F9, B0, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                       000007fefd3e8c00 12 bytes [48, B8, B9, 50, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                 000007fefd3eb591 11 bytes [B8, B9, AB, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                     000007fefd3f2361 11 bytes [B8, F9, 4E, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                     000007fefd3fa590 12 bytes [48, B8, 79, AD, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                    000007fefd3fac01 11 bytes [B8, 39, AF, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                 000007fefd4142e0 12 bytes [48, B8, B9, 42, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                               000007fefd420ba1 11 bytes [B8, 79, C9, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                             000007fefd422801 8 bytes [B8, 39, 23, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                            000007fefd42280a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                   000007fefd422841 11 bytes [B8, F9, 40, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                    000007feff71642d 11 bytes [B8, 39, 5B, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                          000007feff716484 12 bytes [48, B8, F9, 55, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                000007feff716519 11 bytes [B8, 39, 62, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                          000007feff716c34 12 bytes [48, B8, 39, 54, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                     000007feff717ab5 11 bytes [B8, F9, 5C, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                 000007feff718b01 11 bytes [B8, B9, 57, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                 000007feff718c39 11 bytes [B8, 79, 59, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                            000007fefe3b13b1 11 bytes [B8, 79, A6, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                            000007fefe3b18e0 12 bytes [48, B8, B9, A4, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\WS2_32.dll!WSASocketW + 1                                                                                                         000007fefe3b1bd1 11 bytes [B8, F9, A2, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                            000007fefe3b2201 11 bytes [B8, 39, E0, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                           000007fefe3b23c0 12 bytes [48, B8, 39, 8C, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\WS2_32.dll!connect                                                                                                                000007fefe3b45c0 12 bytes [48, B8, 79, 67, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                               000007fefe3b8001 11 bytes [B8, 39, A1, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\WS2_32.dll!gethostbyname                                                                                                          000007fefe3b8df0 7 bytes [48, B8, B9, 8F, E4, 75, 00]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\WS2_32.dll!gethostbyname + 9                                                                                                      000007fefe3b8df9 3 bytes [00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW                                                                                                         000007fefe3bc090 12 bytes [48, B8, F9, 8D, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                             000007fefe3bde91 11 bytes [B8, 39, D9, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                               000007fefe3bdf41 11 bytes [B8, 79, DE, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                         000007fefe3de0f1 11 bytes [B8, B9, DC, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] c:\windows\system32\DNSAPI.dll!DnsQuery_UTF8                                                                                                          000007fefc9956e0 12 bytes [48, B8, F9, C5, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] c:\windows\system32\DNSAPI.dll!DnsQuery_W                                                                                                             000007fefc9a010c 12 bytes [48, B8, 39, C4, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1668] c:\windows\system32\DNSAPI.dll!DnsQuery_A                                                                                                             000007fefc9bdaa0 12 bytes [48, B8, 79, C2, E4, 75, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                        00000000775e6741 7 bytes [B8, 39, 69, E4, 75, 00, 00]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10                                                                                       00000000775e674a 2 bytes [50, C3]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                                             00000000775fdc50 6 bytes [48, B8, F9, EF, E4, 75]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                                         00000000775fdc58 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                 00000000775fdcc0 6 bytes [48, B8, 39, BD, E4, 75]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                             00000000775fdcc8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                 00000000775fdd90 6 bytes [48, B8, F9, A9, E4, 75]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                             00000000775fdd98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                           00000000775fde30 6 bytes [48, B8, F9, 32, E4, 75]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                       00000000775fde38 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                      00000000775fde50 6 bytes [48, B8, 39, 1C, E4, 75]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                  00000000775fde58 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                    00000000775fde70 6 bytes [48, B8, F9, 1D, E4, 75]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                00000000775fde78 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                      00000000775fde90 6 bytes [48, B8, 39, A8, E4, 75]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                  00000000775fde98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                           00000000775fdf40 6 bytes [48, B8, 79, EC, E4, 75]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                       00000000775fdf48 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                    00000000775fdf70 6 bytes [48, B8, 79, 2F, E4, 75]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                00000000775fdf78 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                       00000000775fdf90 6 bytes [48, B8, 79, 36, E4, 75]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                   00000000775fdf98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                        00000000775fe020 6 bytes [48, B8, B9, 34, E4, 75]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                    00000000775fe028 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                         00000000775fe070 6 bytes [48, B8, B9, F1, E4, 75]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                                     00000000775fe078 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                       00000000775fe0a0 6 bytes [48, B8, 39, 2A, E4, 75]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                   00000000775fe0a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                          00000000775fe0b0 6 bytes [48, B8, B9, 26, E4, 75]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                      00000000775fe0b8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                            00000000775fe120 6 bytes [48, B8, 39, EE, E4, 75]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                                        00000000775fe128 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                           00000000775fe1d0 6 bytes [48, B8, 39, F5, E4, 75]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                       00000000775fe1d8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                          00000000775fe5a0 6 bytes [48, B8, B9, EA, E4, 75]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                      00000000775fe5a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                         00000000775fe5f0 6 bytes [48, B8, 79, 28, E4, 75]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                     00000000775fe5f8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                        00000000775fe650 6 bytes [48, B8, F9, 24, E4, 75]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                    00000000775fe658 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                            00000000775fe9c0 6 bytes [48, B8, F9, BE, E4, 75]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                        00000000775fe9c8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                        00000000775fef00 6 bytes [48, B8, 79, 83, E4, 75]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                    00000000775fef08 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                      00000000775ff100 6 bytes [48, B8, 39, 31, E4, 75]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                  00000000775ff108 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                  00000000775ff2c0 6 bytes [48, B8, B9, C0, E4, 75]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                              00000000775ff2c8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                        00000000775ff3a0 6 bytes [48, B8, 79, 3D, E4, 75]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                    00000000775ff3a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                         00000000775ff3b0 6 bytes [48, B8, B9, 3B, E4, 75]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                     00000000775ff3b8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                    00000000775ff3c0 6 bytes [48, B8, 79, F3, E4, 75]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                                00000000775ff3c8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                            00000000775ff4a0 6 bytes [48, B8, 79, E5, E4, 75]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                                                                        00000000775ff4a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                  000000007766ea21 11 bytes [B8, 39, 85, E4, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                   0000000077391b21 11 bytes [B8, 79, BB, E4, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                             0000000077391c10 12 bytes [48, B8, F9, 39, E4, 75, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                      0000000077392b61 8 bytes [B8, 79, D0, E4, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                     0000000077392b6a 2 bytes [50, C3]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                               00000000773adbc0 12 bytes [48, B8, B9, 2D, E4, 75, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                  00000000773b0941 11 bytes [B8, B9, E3, E4, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                00000000773e5331 11 bytes [B8, B9, 7A, E4, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                00000000773e5351 11 bytes [B8, 39, 77, E4, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                         00000000773fa660 12 bytes [48, B8, B9, 81, E4, 75, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                         00000000773fa770 12 bytes [48, B8, 39, 7E, E4, 75, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                            000000007741f511 11 bytes [B8, 79, D7, E4, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                            000000007741f711 11 bytes [B8, F9, D3, E4, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                      000000007741f741 8 bytes [B8, F9, CC, E4, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                     000000007741f74a 2 bytes [50, C3]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                    000007fefd3e1861 11 bytes [B8, 79, 52, E4, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                 000007fefd3e30f1 11 bytes [B8, F9, B0, E4, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                       000007fefd3e8c00 12 bytes [48, B8, B9, 50, E4, 75, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                 000007fefd3eb591 11 bytes [B8, B9, AB, E4, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                     000007fefd3f2361 11 bytes [B8, F9, 4E, E4, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                     000007fefd3fa590 12 bytes [48, B8, 79, AD, E4, 75, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                    000007fefd3fac01 11 bytes [B8, 39, AF, E4, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                 000007fefd4142e0 12 bytes [48, B8, B9, 42, E4, 75, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                               000007fefd420ba1 11 bytes [B8, 79, C9, E4, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                             000007fefd422801 8 bytes [B8, 39, 23, E4, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                            000007fefd42280a 2 bytes [50, C3]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                   000007fefd422841 11 bytes [B8, F9, 40, E4, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                    000007feff71642d 11 bytes [B8, 39, 5B, E4, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                          000007feff716484 12 bytes [48, B8, F9, 55, E4, 75, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                000007feff716519 11 bytes [B8, 39, 62, E4, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                          000007feff716c34 12 bytes [48, B8, 39, 54, E4, 75, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                     000007feff717ab5 11 bytes [B8, F9, 5C, E4, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                 000007feff718b01 11 bytes [B8, B9, 57, E4, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                 000007feff718c39 11 bytes [B8, 79, 59, E4, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\System32\DNSAPI.dll!DnsQuery_UTF8                                                                                                          000007fefc9956e0 12 bytes [48, B8, F9, C5, E4, 75, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\System32\DNSAPI.dll!DnsQuery_W                                                                                                             000007fefc9a010c 12 bytes [48, B8, 39, C4, E4, 75, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\System32\DNSAPI.dll!DnsQuery_A                                                                                                             000007fefc9bdaa0 12 bytes [48, B8, 79, C2, E4, 75, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                            000007fefe3b13b1 11 bytes [B8, 79, A6, E4, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                            000007fefe3b18e0 12 bytes [48, B8, B9, A4, E4, 75, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\WS2_32.dll!WSASocketW + 1                                                                                                         000007fefe3b1bd1 11 bytes [B8, F9, A2, E4, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                            000007fefe3b2201 11 bytes [B8, 39, E0, E4, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                           000007fefe3b23c0 12 bytes [48, B8, 39, 8C, E4, 75, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\WS2_32.dll!connect                                                                                                                000007fefe3b45c0 12 bytes [48, B8, 79, 67, E4, 75, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                               000007fefe3b8001 11 bytes [B8, 39, A1, E4, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\WS2_32.dll!gethostbyname                                                                                                          000007fefe3b8df0 7 bytes [48, B8, B9, 8F, E4, 75, 00]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\WS2_32.dll!gethostbyname + 9                                                                                                      000007fefe3b8df9 3 bytes [00, 50, C3]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW                                                                                                         000007fefe3bc090 12 bytes [48, B8, F9, 8D, E4, 75, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                             000007fefe3bde91 11 bytes [B8, 39, D9, E4, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                               000007fefe3bdf41 11 bytes [B8, 79, DE, E4, 75, 00, 00, ...]
.text    C:\Windows\System32\spoolsv.exe[1896] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                         000007fefe3de0f1 11 bytes [B8, B9, DC, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                        00000000775e6741 7 bytes [B8, 39, 69, E4, 75, 00, 00]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10                                                                                       00000000775e674a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                                             00000000775fdc50 6 bytes [48, B8, B9, EA, E4, 75]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                                         00000000775fdc58 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                 00000000775fdcc0 6 bytes [48, B8, 39, BD, E4, 75]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                             00000000775fdcc8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                 00000000775fdd90 6 bytes [48, B8, F9, A9, E4, 75]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                             00000000775fdd98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                           00000000775fde30 6 bytes [48, B8, F9, 32, E4, 75]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                       00000000775fde38 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                      00000000775fde50 6 bytes [48, B8, 39, 1C, E4, 75]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                  00000000775fde58 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                    00000000775fde70 6 bytes [48, B8, F9, 1D, E4, 75]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                00000000775fde78 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                      00000000775fde90 6 bytes [48, B8, 39, A8, E4, 75]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                  00000000775fde98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                           00000000775fdf40 6 bytes [48, B8, 39, E7, E4, 75]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                       00000000775fdf48 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                    00000000775fdf70 6 bytes [48, B8, 79, 2F, E4, 75]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                00000000775fdf78 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                       00000000775fdf90 6 bytes [48, B8, 79, 36, E4, 75]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                   00000000775fdf98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                        00000000775fe020 6 bytes [48, B8, B9, 34, E4, 75]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                    00000000775fe028 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                         00000000775fe070 6 bytes [48, B8, 79, EC, E4, 75]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                                     00000000775fe078 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                       00000000775fe0a0 6 bytes [48, B8, 39, 2A, E4, 75]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                   00000000775fe0a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                          00000000775fe0b0 6 bytes [48, B8, B9, 26, E4, 75]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                      00000000775fe0b8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                            00000000775fe120 6 bytes [48, B8, F9, E8, E4, 75]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                                        00000000775fe128 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                           00000000775fe1d0 6 bytes [48, B8, F9, EF, E4, 75]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                       00000000775fe1d8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                          00000000775fe5a0 6 bytes [48, B8, 79, E5, E4, 75]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                      00000000775fe5a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                         00000000775fe5f0 6 bytes [48, B8, 79, 28, E4, 75]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                     00000000775fe5f8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                        00000000775fe650 6 bytes [48, B8, F9, 24, E4, 75]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                    00000000775fe658 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                            00000000775fe9c0 6 bytes [48, B8, F9, BE, E4, 75]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                        00000000775fe9c8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                        00000000775fef00 6 bytes [48, B8, 79, 83, E4, 75]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                    00000000775fef08 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                      00000000775ff100 6 bytes [48, B8, 39, 31, E4, 75]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                  00000000775ff108 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                  00000000775ff2c0 6 bytes [48, B8, B9, C0, E4, 75]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                              00000000775ff2c8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                        00000000775ff3a0 6 bytes [48, B8, 79, 3D, E4, 75]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                    00000000775ff3a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                         00000000775ff3b0 6 bytes [48, B8, B9, 3B, E4, 75]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                     00000000775ff3b8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                    00000000775ff3c0 6 bytes [48, B8, 39, EE, E4, 75]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                                00000000775ff3c8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1

iParanoid · 01.05.2015, 15:59

Teil 2 GMER

Code:

ATTFilter

.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                   0000000077391b21 11 bytes [B8, 79, BB, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                             0000000077391c10 12 bytes [48, B8, F9, 39, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                      0000000077392b61 8 bytes [B8, 79, D0, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                     0000000077392b6a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                               00000000773adbc0 12 bytes [48, B8, B9, 2D, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                  00000000773b0941 11 bytes [B8, B9, E3, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                00000000773e5331 11 bytes [B8, B9, 7A, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                00000000773e5351 11 bytes [B8, 39, 77, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                         00000000773fa660 12 bytes [48, B8, B9, 81, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                         00000000773fa770 12 bytes [48, B8, 39, 7E, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                            000000007741f511 11 bytes [B8, 79, D7, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                            000000007741f711 11 bytes [B8, F9, D3, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                      000000007741f741 8 bytes [B8, F9, CC, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                     000000007741f74a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                    000007fefd3e1861 11 bytes [B8, 79, 52, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                 000007fefd3e30f1 11 bytes [B8, F9, B0, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                       000007fefd3e8c00 12 bytes [48, B8, B9, 50, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                 000007fefd3eb591 11 bytes [B8, B9, AB, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                     000007fefd3f2361 11 bytes [B8, F9, 4E, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                     000007fefd3fa590 12 bytes [48, B8, 79, AD, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                    000007fefd3fac01 11 bytes [B8, 39, AF, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                 000007fefd4142e0 12 bytes [48, B8, B9, 42, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                               000007fefd420ba1 11 bytes [B8, 79, C9, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                             000007fefd422801 8 bytes [B8, 39, 23, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                            000007fefd42280a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                   000007fefd422841 11 bytes [B8, F9, 40, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                    000007feff71642d 11 bytes [B8, 39, 5B, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                          000007feff716484 12 bytes [48, B8, F9, 55, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                000007feff716519 11 bytes [B8, 39, 62, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                          000007feff716c34 12 bytes [48, B8, 39, 54, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                     000007feff717ab5 11 bytes [B8, F9, 5C, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                 000007feff718b01 11 bytes [B8, B9, 57, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                 000007feff718c39 11 bytes [B8, 79, 59, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49                                                                                                   000007fefe8c4ea1 11 bytes [B8, 79, F3, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                                                                       000007fefe8c55c8 12 bytes [48, B8, B9, 6C, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                                                                       000007fefe8db85c 12 bytes [48, B8, F9, 6A, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW                                                                                                 000007fefe8db9d0 12 bytes [48, B8, 79, 60, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA                                                                                                 000007fefe8dba3c 12 bytes [48, B8, B9, 5E, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                            000007fefe3b13b1 11 bytes [B8, 79, A6, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                            000007fefe3b18e0 12 bytes [48, B8, B9, A4, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\WS2_32.dll!WSASocketW + 1                                                                                                         000007fefe3b1bd1 11 bytes [B8, F9, A2, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                            000007fefe3b2201 11 bytes [B8, 39, E0, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                           000007fefe3b23c0 12 bytes [48, B8, 39, 8C, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\WS2_32.dll!connect                                                                                                                000007fefe3b45c0 12 bytes [48, B8, 79, 67, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                               000007fefe3b8001 11 bytes [B8, 39, A1, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\WS2_32.dll!gethostbyname                                                                                                          000007fefe3b8df0 7 bytes [48, B8, B9, 8F, E4, 75, 00]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\WS2_32.dll!gethostbyname + 9                                                                                                      000007fefe3b8df9 3 bytes [00, 50, C3]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW                                                                                                         000007fefe3bc090 12 bytes [48, B8, F9, 8D, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                             000007fefe3bde91 11 bytes [B8, 39, D9, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                               000007fefe3bdf41 11 bytes [B8, 79, DE, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[1924] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                         000007fefe3de0f1 11 bytes [B8, B9, DC, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                               00000000775e6741 7 bytes [B8, 39, 69, E4, 75, 00, 00]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10                                                              00000000775e674a 2 bytes [50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                    00000000775fdc50 6 bytes [48, B8, F9, EF, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                00000000775fdc58 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                        00000000775fdcc0 6 bytes [48, B8, 39, BD, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                    00000000775fdcc8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                        00000000775fdd90 6 bytes [48, B8, F9, A9, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                    00000000775fdd98 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                  00000000775fde30 6 bytes [48, B8, F9, 32, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                              00000000775fde38 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                             00000000775fde50 6 bytes [48, B8, 39, 1C, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                         00000000775fde58 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                           00000000775fde70 6 bytes [48, B8, F9, 1D, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                       00000000775fde78 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                             00000000775fde90 6 bytes [48, B8, 39, A8, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                         00000000775fde98 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                  00000000775fdf40 6 bytes [48, B8, 79, EC, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                              00000000775fdf48 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                           00000000775fdf70 6 bytes [48, B8, 79, 2F, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                       00000000775fdf78 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                              00000000775fdf90 6 bytes [48, B8, 79, 36, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                          00000000775fdf98 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                               00000000775fe020 6 bytes [48, B8, B9, 34, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                           00000000775fe028 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                00000000775fe070 6 bytes [48, B8, B9, F1, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                            00000000775fe078 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                              00000000775fe0a0 6 bytes [48, B8, 39, 2A, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                          00000000775fe0a8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                 00000000775fe0b0 6 bytes [48, B8, B9, 26, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                             00000000775fe0b8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                   00000000775fe120 6 bytes [48, B8, 39, EE, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                               00000000775fe128 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                  00000000775fe1d0 6 bytes [48, B8, 39, F5, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                              00000000775fe1d8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                 00000000775fe5a0 6 bytes [48, B8, B9, EA, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                             00000000775fe5a8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                00000000775fe5f0 6 bytes [48, B8, 79, 28, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                            00000000775fe5f8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                               00000000775fe650 6 bytes [48, B8, F9, 24, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                           00000000775fe658 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                   00000000775fe9c0 6 bytes [48, B8, F9, BE, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                               00000000775fe9c8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                               00000000775fef00 6 bytes [48, B8, 79, 83, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                           00000000775fef08 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                             00000000775ff100 6 bytes [48, B8, 39, 31, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                         00000000775ff108 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                         00000000775ff2c0 6 bytes [48, B8, B9, C0, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                     00000000775ff2c8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                               00000000775ff3a0 6 bytes [48, B8, 79, 3D, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                           00000000775ff3a8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                00000000775ff3b0 6 bytes [48, B8, B9, 3B, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                            00000000775ff3b8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                           00000000775ff3c0 6 bytes [48, B8, 79, F3, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                       00000000775ff3c8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                   00000000775ff4a0 6 bytes [48, B8, 79, E5, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                                               00000000775ff4a8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                         000000007766ea21 11 bytes [B8, 39, 85, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                          0000000077391b21 11 bytes [B8, 79, BB, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                    0000000077391c10 12 bytes [48, B8, F9, 39, E4, 75, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                             0000000077392b61 8 bytes [B8, 79, D0, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                            0000000077392b6a 2 bytes [50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                      00000000773adbc0 12 bytes [48, B8, B9, 2D, E4, 75, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                         00000000773b0941 11 bytes [B8, B9, E3, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                       00000000773e5331 11 bytes [B8, B9, 7A, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                       00000000773e5351 11 bytes [B8, 39, 77, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                00000000773fa660 12 bytes [48, B8, B9, 81, E4, 75, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                00000000773fa770 12 bytes [48, B8, 39, 7E, E4, 75, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                   000000007741f511 11 bytes [B8, 79, D7, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                   000000007741f711 11 bytes [B8, F9, D3, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                             000000007741f741 8 bytes [B8, F9, CC, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                            000000007741f74a 2 bytes [50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                           000007fefd3e1861 11 bytes [B8, 79, 52, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                        000007fefd3e30f1 11 bytes [B8, F9, B0, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                              000007fefd3e8c00 12 bytes [48, B8, B9, 50, E4, 75, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                        000007fefd3eb591 11 bytes [B8, B9, AB, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                            000007fefd3f2361 11 bytes [B8, F9, 4E, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                            000007fefd3fa590 12 bytes [48, B8, 79, AD, E4, 75, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                           000007fefd3fac01 11 bytes [B8, 39, AF, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                        000007fefd4142e0 12 bytes [48, B8, B9, 42, E4, 75, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                      000007fefd420ba1 11 bytes [B8, 79, C9, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                    000007fefd422801 8 bytes [B8, 39, 23, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                   000007fefd42280a 2 bytes [50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                          000007fefd422841 11 bytes [B8, F9, 40, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                           000007feff71642d 11 bytes [B8, 39, 5B, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                 000007feff716484 12 bytes [48, B8, F9, 55, E4, 75, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                       000007feff716519 11 bytes [B8, 39, 62, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                 000007feff716c34 12 bytes [48, B8, 39, 54, E4, 75, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                            000007feff717ab5 11 bytes [B8, F9, 5C, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                        000007feff718b01 11 bytes [B8, B9, 57, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1300] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                        000007feff718c39 11 bytes [B8, 79, 59, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                         00000000775e6741 7 bytes [B8, 39, 69, E4, 75, 00, 00]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10                                                                                        00000000775e674a 2 bytes [50, C3]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                                              00000000775fdc50 6 bytes [48, B8, F9, EF, E4, 75]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                                          00000000775fdc58 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                  00000000775fdcc0 6 bytes [48, B8, 39, BD, E4, 75]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                              00000000775fdcc8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                  00000000775fdd90 6 bytes [48, B8, F9, A9, E4, 75]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                              00000000775fdd98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                            00000000775fde30 6 bytes [48, B8, F9, 32, E4, 75]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                        00000000775fde38 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                       00000000775fde50 6 bytes [48, B8, 39, 1C, E4, 75]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                   00000000775fde58 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                     00000000775fde70 6 bytes [48, B8, F9, 1D, E4, 75]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                 00000000775fde78 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                       00000000775fde90 6 bytes [48, B8, 39, A8, E4, 75]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                   00000000775fde98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                            00000000775fdf40 6 bytes [48, B8, 79, EC, E4, 75]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                        00000000775fdf48 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                     00000000775fdf70 6 bytes [48, B8, 79, 2F, E4, 75]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                 00000000775fdf78 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                        00000000775fdf90 6 bytes [48, B8, 79, 36, E4, 75]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                    00000000775fdf98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                         00000000775fe020 6 bytes [48, B8, B9, 34, E4, 75]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                     00000000775fe028 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                          00000000775fe070 6 bytes [48, B8, B9, F1, E4, 75]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                                      00000000775fe078 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                        00000000775fe0a0 6 bytes [48, B8, 39, 2A, E4, 75]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                    00000000775fe0a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                           00000000775fe0b0 6 bytes [48, B8, B9, 26, E4, 75]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                       00000000775fe0b8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                             00000000775fe120 6 bytes [48, B8, 39, EE, E4, 75]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                                         00000000775fe128 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                            00000000775fe1d0 6 bytes [48, B8, 39, F5, E4, 75]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                        00000000775fe1d8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                           00000000775fe5a0 6 bytes [48, B8, B9, EA, E4, 75]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                       00000000775fe5a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                          00000000775fe5f0 6 bytes [48, B8, 79, 28, E4, 75]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                      00000000775fe5f8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                         00000000775fe650 6 bytes [48, B8, F9, 24, E4, 75]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                     00000000775fe658 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                             00000000775fe9c0 6 bytes [48, B8, F9, BE, E4, 75]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                         00000000775fe9c8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                         00000000775fef00 6 bytes [48, B8, 79, 83, E4, 75]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                     00000000775fef08 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                       00000000775ff100 6 bytes [48, B8, 39, 31, E4, 75]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                   00000000775ff108 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                   00000000775ff2c0 6 bytes [48, B8, B9, C0, E4, 75]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                               00000000775ff2c8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                         00000000775ff3a0 6 bytes [48, B8, 79, 3D, E4, 75]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                     00000000775ff3a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                          00000000775ff3b0 6 bytes [48, B8, B9, 3B, E4, 75]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                      00000000775ff3b8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                     00000000775ff3c0 6 bytes [48, B8, 79, F3, E4, 75]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                                 00000000775ff3c8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                             00000000775ff4a0 6 bytes [48, B8, 79, E5, E4, 75]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                                                                         00000000775ff4a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                   000000007766ea21 11 bytes [B8, 39, 85, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                    0000000077391b21 11 bytes [B8, 79, BB, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                              0000000077391c10 12 bytes [48, B8, F9, 39, E4, 75, 00, ...]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                       0000000077392b61 8 bytes [B8, 79, D0, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                      0000000077392b6a 2 bytes [50, C3]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                00000000773adbc0 12 bytes [48, B8, B9, 2D, E4, 75, 00, ...]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                   00000000773b0941 11 bytes [B8, B9, E3, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                 00000000773e5331 11 bytes [B8, B9, 7A, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                 00000000773e5351 11 bytes [B8, 39, 77, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                          00000000773fa660 12 bytes [48, B8, B9, 81, E4, 75, 00, ...]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                          00000000773fa770 12 bytes [48, B8, 39, 7E, E4, 75, 00, ...]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                             000000007741f511 11 bytes [B8, 79, D7, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                             000000007741f711 11 bytes [B8, F9, D3, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                       000000007741f741 8 bytes [B8, F9, CC, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                      000000007741f74a 2 bytes [50, C3]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                     000007fefd3e1861 11 bytes [B8, 79, 52, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                  000007fefd3e30f1 11 bytes [B8, F9, B0, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                        000007fefd3e8c00 12 bytes [48, B8, B9, 50, E4, 75, 00, ...]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                  000007fefd3eb591 11 bytes [B8, B9, AB, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                      000007fefd3f2361 11 bytes [B8, F9, 4E, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                      000007fefd3fa590 12 bytes [48, B8, 79, AD, E4, 75, 00, ...]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                     000007fefd3fac01 11 bytes [B8, 39, AF, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                  000007fefd4142e0 12 bytes [48, B8, B9, 42, E4, 75, 00, ...]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                                000007fefd420ba1 11 bytes [B8, 79, C9, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                              000007fefd422801 8 bytes [B8, 39, 23, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                             000007fefd42280a 2 bytes [50, C3]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                    000007fefd422841 11 bytes [B8, F9, 40, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                     000007feff71642d 11 bytes [B8, 39, 5B, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                           000007feff716484 12 bytes [48, B8, F9, 55, E4, 75, 00, ...]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                 000007feff716519 11 bytes [B8, 39, 62, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                           000007feff716c34 12 bytes [48, B8, 39, 54, E4, 75, 00, ...]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                      000007feff717ab5 11 bytes [B8, F9, 5C, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                  000007feff718b01 11 bytes [B8, B9, 57, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\nvvsvc.exe[1376] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                  000007feff718c39 11 bytes [B8, 79, 59, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                       00000000775e6741 7 bytes [B8, 39, 69, E4, 75, 00, 00]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10                                                                                      00000000775e674a 2 bytes [50, C3]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                                            00000000775fdc50 6 bytes [48, B8, F9, EF, E4, 75]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                                        00000000775fdc58 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                00000000775fdcc0 6 bytes [48, B8, 39, BD, E4, 75]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                            00000000775fdcc8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                00000000775fdd90 6 bytes [48, B8, F9, A9, E4, 75]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                            00000000775fdd98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                          00000000775fde30 6 bytes [48, B8, F9, 32, E4, 75]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                      00000000775fde38 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                     00000000775fde50 6 bytes [48, B8, 39, 1C, E4, 75]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                 00000000775fde58 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                   00000000775fde70 6 bytes [48, B8, F9, 1D, E4, 75]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                               00000000775fde78 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                     00000000775fde90 6 bytes [48, B8, 39, A8, E4, 75]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                 00000000775fde98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                          00000000775fdf40 6 bytes [48, B8, 79, EC, E4, 75]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                      00000000775fdf48 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                   00000000775fdf70 6 bytes [48, B8, 79, 2F, E4, 75]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                               00000000775fdf78 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                      00000000775fdf90 6 bytes [48, B8, 79, 36, E4, 75]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                  00000000775fdf98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                       00000000775fe020 6 bytes [48, B8, B9, 34, E4, 75]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                   00000000775fe028 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                        00000000775fe070 6 bytes [48, B8, B9, F1, E4, 75]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                                    00000000775fe078 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                      00000000775fe0a0 6 bytes [48, B8, 39, 2A, E4, 75]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                  00000000775fe0a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                         00000000775fe0b0 6 bytes [48, B8, B9, 26, E4, 75]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                     00000000775fe0b8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                           00000000775fe120 6 bytes [48, B8, 39, EE, E4, 75]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                                       00000000775fe128 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                          00000000775fe1d0 6 bytes [48, B8, 39, F5, E4, 75]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                      00000000775fe1d8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                         00000000775fe5a0 6 bytes [48, B8, B9, EA, E4, 75]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                     00000000775fe5a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                        00000000775fe5f0 6 bytes [48, B8, 79, 28, E4, 75]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                    00000000775fe5f8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                       00000000775fe650 6 bytes [48, B8, F9, 24, E4, 75]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                   00000000775fe658 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                           00000000775fe9c0 6 bytes [48, B8, F9, BE, E4, 75]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                       00000000775fe9c8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                       00000000775fef00 6 bytes [48, B8, 79, 83, E4, 75]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                   00000000775fef08 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                     00000000775ff100 6 bytes [48, B8, 39, 31, E4, 75]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                 00000000775ff108 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                 00000000775ff2c0 6 bytes [48, B8, B9, C0, E4, 75]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                             00000000775ff2c8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                       00000000775ff3a0 6 bytes [48, B8, 79, 3D, E4, 75]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                   00000000775ff3a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                        00000000775ff3b0 6 bytes [48, B8, B9, 3B, E4, 75]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                    00000000775ff3b8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                   00000000775ff3c0 6 bytes [48, B8, 79, F3, E4, 75]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                               00000000775ff3c8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                           00000000775ff4a0 6 bytes [48, B8, 79, E5, E4, 75]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                                                                       00000000775ff4a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                 000000007766ea21 11 bytes [B8, 39, 85, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                  0000000077391b21 11 bytes [B8, 79, BB, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                            0000000077391c10 12 bytes [48, B8, F9, 39, E4, 75, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                     0000000077392b61 8 bytes [B8, 79, D0, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                    0000000077392b6a 2 bytes [50, C3]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                              00000000773adbc0 12 bytes [48, B8, B9, 2D, E4, 75, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                 00000000773b0941 11 bytes [B8, B9, E3, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                               00000000773e5331 11 bytes [B8, B9, 7A, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                               00000000773e5351 11 bytes [B8, 39, 77, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                        00000000773fa660 12 bytes [48, B8, B9, 81, E4, 75, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                        00000000773fa770 12 bytes [48, B8, 39, 7E, E4, 75, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                           000000007741f511 11 bytes [B8, 79, D7, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                           000000007741f711 11 bytes [B8, F9, D3, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                     000000007741f741 8 bytes [B8, F9, CC, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                    000000007741f74a 2 bytes [50, C3]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                   000007fefd3e1861 11 bytes [B8, 79, 52, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                000007fefd3e30f1 11 bytes [B8, F9, B0, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                      000007fefd3e8c00 12 bytes [48, B8, B9, 50, E4, 75, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                000007fefd3eb591 11 bytes [B8, B9, AB, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                    000007fefd3f2361 11 bytes [B8, F9, 4E, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                    000007fefd3fa590 12 bytes [48, B8, 79, AD, E4, 75, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                   000007fefd3fac01 11 bytes [B8, 39, AF, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                000007fefd4142e0 12 bytes [48, B8, B9, 42, E4, 75, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                              000007fefd420ba1 11 bytes [B8, 79, C9, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                            000007fefd422801 8 bytes [B8, 39, 23, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                           000007fefd42280a 2 bytes [50, C3]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                  000007fefd422841 11 bytes [B8, F9, 40, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                   000007feff71642d 11 bytes [B8, 39, 5B, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                         000007feff716484 12 bytes [48, B8, F9, 55, E4, 75, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                               000007feff716519 11 bytes [B8, 39, 62, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                         000007feff716c34 12 bytes [48, B8, 39, 54, E4, 75, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                    000007feff717ab5 11 bytes [B8, F9, 5C, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                000007feff718b01 11 bytes [B8, B9, 57, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                000007feff718c39 11 bytes [B8, 79, 59, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49                                                                                                  000007fefe8c4ea1 11 bytes [B8, B9, F8, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                                                                      000007fefe8c55c8 12 bytes [48, B8, B9, 6C, E4, 75, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                                                                      000007fefe8db85c 12 bytes [48, B8, F9, 6A, E4, 75, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW                                                                                                000007fefe8db9d0 12 bytes [48, B8, 79, 60, E4, 75, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA                                                                                                000007fefe8dba3c 12 bytes [48, B8, B9, 5E, E4, 75, 00, ...]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                        00000000775e6741 7 bytes [B8, 39, 69, E4, 75, 00, 00]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10                                                                                       00000000775e674a 2 bytes [50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                                             00000000775fdc50 6 bytes [48, B8, F9, EF, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                                         00000000775fdc58 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                 00000000775fdcc0 6 bytes [48, B8, 39, BD, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                             00000000775fdcc8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                 00000000775fdd90 6 bytes [48, B8, F9, A9, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                             00000000775fdd98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                           00000000775fde30 6 bytes [48, B8, F9, 32, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                       00000000775fde38 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                      00000000775fde50 6 bytes [48, B8, 39, 1C, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                  00000000775fde58 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                    00000000775fde70 6 bytes [48, B8, F9, 1D, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                00000000775fde78 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                      00000000775fde90 6 bytes [48, B8, 39, A8, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                  00000000775fde98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                           00000000775fdf40 6 bytes [48, B8, 79, EC, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                       00000000775fdf48 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                    00000000775fdf70 6 bytes [48, B8, 79, 2F, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                00000000775fdf78 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                       00000000775fdf90 6 bytes [48, B8, 79, 36, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                   00000000775fdf98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                        00000000775fe020 6 bytes [48, B8, B9, 34, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                    00000000775fe028 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                         00000000775fe070 6 bytes [48, B8, B9, F1, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                                     00000000775fe078 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                       00000000775fe0a0 6 bytes [48, B8, 39, 2A, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                   00000000775fe0a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                          00000000775fe0b0 6 bytes [48, B8, B9, 26, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                      00000000775fe0b8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                            00000000775fe120 6 bytes [48, B8, 39, EE, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                                        00000000775fe128 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                           00000000775fe1d0 6 bytes [48, B8, 39, F5, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                       00000000775fe1d8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                          00000000775fe5a0 6 bytes [48, B8, B9, EA, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                      00000000775fe5a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                         00000000775fe5f0 6 bytes [48, B8, 79, 28, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                     00000000775fe5f8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                        00000000775fe650 6 bytes [48, B8, F9, 24, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                    00000000775fe658 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                            00000000775fe9c0 6 bytes [48, B8, F9, BE, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                        00000000775fe9c8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                        00000000775fef00 6 bytes [48, B8, 79, 83, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                    00000000775fef08 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                      00000000775ff100 6 bytes [48, B8, 39, 31, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                  00000000775ff108 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                  00000000775ff2c0 6 bytes [48, B8, B9, C0, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                              00000000775ff2c8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                        00000000775ff3a0 6 bytes [48, B8, 79, 3D, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                    00000000775ff3a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                         00000000775ff3b0 6 bytes [48, B8, B9, 3B, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                     00000000775ff3b8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                    00000000775ff3c0 6 bytes [48, B8, 79, F3, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                                00000000775ff3c8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                            00000000775ff4a0 6 bytes [48, B8, 79, E5, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                                                                        00000000775ff4a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                  000000007766ea21 11 bytes [B8, 39, 85, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                   0000000077391b21 11 bytes [B8, 79, BB, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot

iParanoid · 01.05.2015, 16:02

Teil 3

Code:

ATTFilter

.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                            0000000077391c10 12 bytes [48, B8, F9, 39, E4, 75, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                     0000000077392b61 8 bytes [B8, 79, D0, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                    0000000077392b6a 2 bytes [50, C3]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                              00000000773adbc0 12 bytes [48, B8, B9, 2D, E4, 75, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                 00000000773b0941 11 bytes [B8, B9, E3, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                               00000000773e5331 11 bytes [B8, B9, 7A, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                               00000000773e5351 11 bytes [B8, 39, 77, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                        00000000773fa660 12 bytes [48, B8, B9, 81, E4, 75, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                        00000000773fa770 12 bytes [48, B8, 39, 7E, E4, 75, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                           000000007741f511 11 bytes [B8, 79, D7, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                           000000007741f711 11 bytes [B8, F9, D3, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                     000000007741f741 8 bytes [B8, F9, CC, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                    000000007741f74a 2 bytes [50, C3]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                   000007fefd3e1861 11 bytes [B8, 79, 52, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                000007fefd3e30f1 11 bytes [B8, F9, B0, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                      000007fefd3e8c00 12 bytes [48, B8, B9, 50, E4, 75, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                000007fefd3eb591 11 bytes [B8, B9, AB, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                    000007fefd3f2361 11 bytes [B8, F9, 4E, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                    000007fefd3fa590 12 bytes [48, B8, 79, AD, E4, 75, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                   000007fefd3fac01 11 bytes [B8, 39, AF, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                000007fefd4142e0 12 bytes [48, B8, B9, 42, E4, 75, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                              000007fefd420ba1 11 bytes [B8, 79, C9, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                            000007fefd422801 8 bytes [B8, 39, 23, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                           000007fefd42280a 2 bytes [50, C3]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                  000007fefd422841 11 bytes [B8, F9, 40, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                   000007feff71642d 11 bytes [B8, 39, 5B, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                         000007feff716484 12 bytes [48, B8, F9, 55, E4, 75, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                               000007feff716519 11 bytes [B8, 39, 62, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                         000007feff716c34 12 bytes [48, B8, 39, 54, E4, 75, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                    000007feff717ab5 11 bytes [B8, F9, 5C, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                000007feff718b01 11 bytes [B8, B9, 57, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                000007feff718c39 11 bytes [B8, 79, 59, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49                                                                                                  000007fefe8c4ea1 11 bytes [B8, B9, F8, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                                                                      000007fefe8c55c8 12 bytes [48, B8, B9, 6C, E4, 75, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                                                                      000007fefe8db85c 12 bytes [48, B8, F9, 6A, E4, 75, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW                                                                                                000007fefe8db9d0 12 bytes [48, B8, 79, 60, E4, 75, 00, ...]
.text    C:\Windows\system32\taskhost.exe[2156] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA                                                                                                000007fefe8dba3c 12 bytes [48, B8, B9, 5E, E4, 75, 00, ...]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                        00000000775e6741 7 bytes [B8, 39, 69, E4, 75, 00, 00]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10                                                                                       00000000775e674a 2 bytes [50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                                             00000000775fdc50 6 bytes [48, B8, F9, EF, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                                         00000000775fdc58 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                 00000000775fdcc0 6 bytes [48, B8, 39, BD, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                             00000000775fdcc8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                 00000000775fdd90 6 bytes [48, B8, F9, A9, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                             00000000775fdd98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                           00000000775fde30 6 bytes [48, B8, F9, 32, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                       00000000775fde38 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                      00000000775fde50 6 bytes [48, B8, 39, 1C, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                  00000000775fde58 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                    00000000775fde70 6 bytes [48, B8, F9, 1D, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                00000000775fde78 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                      00000000775fde90 6 bytes [48, B8, 39, A8, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                  00000000775fde98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                           00000000775fdf40 6 bytes [48, B8, 79, EC, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                       00000000775fdf48 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                    00000000775fdf70 6 bytes [48, B8, 79, 2F, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                00000000775fdf78 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                       00000000775fdf90 6 bytes [48, B8, 79, 36, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                   00000000775fdf98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                        00000000775fe020 6 bytes [48, B8, B9, 34, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                    00000000775fe028 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                         00000000775fe070 6 bytes [48, B8, B9, F1, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                                     00000000775fe078 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                       00000000775fe0a0 6 bytes [48, B8, 39, 2A, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                   00000000775fe0a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                          00000000775fe0b0 6 bytes [48, B8, B9, 26, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                      00000000775fe0b8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                            00000000775fe120 6 bytes [48, B8, 39, EE, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                                        00000000775fe128 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                           00000000775fe1d0 6 bytes [48, B8, 39, F5, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                       00000000775fe1d8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                          00000000775fe5a0 6 bytes [48, B8, B9, EA, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                      00000000775fe5a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                         00000000775fe5f0 6 bytes [48, B8, 79, 28, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                     00000000775fe5f8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                        00000000775fe650 6 bytes [48, B8, F9, 24, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                    00000000775fe658 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                            00000000775fe9c0 6 bytes [48, B8, F9, BE, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                        00000000775fe9c8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                        00000000775fef00 6 bytes [48, B8, 79, 83, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                    00000000775fef08 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                      00000000775ff100 6 bytes [48, B8, 39, 31, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                  00000000775ff108 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                  00000000775ff2c0 6 bytes [48, B8, B9, C0, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                              00000000775ff2c8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                        00000000775ff3a0 6 bytes [48, B8, 79, 3D, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                    00000000775ff3a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                         00000000775ff3b0 6 bytes [48, B8, B9, 3B, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                     00000000775ff3b8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                    00000000775ff3c0 6 bytes [48, B8, 79, F3, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                                00000000775ff3c8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                            00000000775ff4a0 6 bytes [48, B8, 79, E5, E4, 75]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                                                                        00000000775ff4a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                  000000007766ea21 11 bytes [B8, 39, 85, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                   0000000077391b21 11 bytes [B8, 79, BB, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                             0000000077391c10 12 bytes [48, B8, F9, 39, E4, 75, 00, ...]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                      0000000077392b61 8 bytes [B8, 79, D0, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                     0000000077392b6a 2 bytes [50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                               00000000773adbc0 12 bytes [48, B8, B9, 2D, E4, 75, 00, ...]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                  00000000773b0941 11 bytes [B8, B9, E3, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                00000000773e5331 11 bytes [B8, B9, 7A, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                00000000773e5351 11 bytes [B8, 39, 77, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                         00000000773fa660 12 bytes [48, B8, B9, 81, E4, 75, 00, ...]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                         00000000773fa770 12 bytes [48, B8, 39, 7E, E4, 75, 00, ...]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                            000000007741f511 11 bytes [B8, 79, D7, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                            000000007741f711 11 bytes [B8, F9, D3, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                      000000007741f741 8 bytes [B8, F9, CC, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                     000000007741f74a 2 bytes [50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                    000007fefd3e1861 11 bytes [B8, 79, 52, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                 000007fefd3e30f1 11 bytes [B8, F9, B0, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                       000007fefd3e8c00 12 bytes [48, B8, B9, 50, E4, 75, 00, ...]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                 000007fefd3eb591 11 bytes [B8, B9, AB, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                     000007fefd3f2361 11 bytes [B8, F9, 4E, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                     000007fefd3fa590 12 bytes [48, B8, 79, AD, E4, 75, 00, ...]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                    000007fefd3fac01 11 bytes [B8, 39, AF, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                 000007fefd4142e0 12 bytes [48, B8, B9, 42, E4, 75, 00, ...]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                               000007fefd420ba1 11 bytes [B8, 79, C9, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                             000007fefd422801 8 bytes [B8, 39, 23, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                            000007fefd42280a 2 bytes [50, C3]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                   000007fefd422841 11 bytes [B8, F9, 40, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                    000007feff71642d 11 bytes [B8, 39, 5B, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                          000007feff716484 12 bytes [48, B8, F9, 55, E4, 75, 00, ...]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                000007feff716519 11 bytes [B8, 39, 62, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                          000007feff716c34 12 bytes [48, B8, 39, 54, E4, 75, 00, ...]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                     000007feff717ab5 11 bytes [B8, F9, 5C, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                 000007feff718b01 11 bytes [B8, B9, 57, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\taskeng.exe[2168] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                 000007feff718c39 11 bytes [B8, 79, 59, E4, 75, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                                00000000775e6741 7 bytes [B8, F9, 55, E4, 75, 00, 00]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10                                                                                               00000000775e674a 2 bytes [50, C3]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                         00000000775fdd90 6 bytes [48, B8, F9, 5C, E4, 75]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                                     00000000775fdd98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                   00000000775fde30 6 bytes [48, B8, F9, 32, E4, 75]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                               00000000775fde38 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                              00000000775fde50 6 bytes [48, B8, 39, 1C, E4, 75]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                          00000000775fde58 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                            00000000775fde70 6 bytes [48, B8, F9, 1D, E4, 75]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                        00000000775fde78 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                              00000000775fde90 6 bytes [48, B8, 39, 5B, E4, 75]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                          00000000775fde98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                   00000000775fdf40 6 bytes [48, B8, F9, 7F, E4, 75]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                               00000000775fdf48 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                            00000000775fdf70 6 bytes [48, B8, 79, 2F, E4, 75]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                        00000000775fdf78 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                               00000000775fdf90 6 bytes [48, B8, 79, 36, E4, 75]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                           00000000775fdf98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                00000000775fe020 6 bytes [48, B8, B9, 34, E4, 75]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                            00000000775fe028 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                 00000000775fe070 6 bytes [48, B8, B9, 81, E4, 75]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                                             00000000775fe078 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                               00000000775fe0a0 6 bytes [48, B8, 39, 2A, E4, 75]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                           00000000775fe0a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                  00000000775fe0b0 6 bytes [48, B8, B9, 26, E4, 75]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                              00000000775fe0b8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                                   00000000775fe1d0 6 bytes [48, B8, 39, 85, E4, 75]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                               00000000775fe1d8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                  00000000775fe5a0 6 bytes [48, B8, 39, 7E, E4, 75]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                              00000000775fe5a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                                 00000000775fe5f0 6 bytes [48, B8, 79, 28, E4, 75]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                             00000000775fe5f8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                00000000775fe650 6 bytes [48, B8, F9, 24, E4, 75]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                            00000000775fe658 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                    00000000775fe9c0 6 bytes [48, B8, B9, 5E, E4, 75]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                                00000000775fe9c8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                              00000000775ff100 6 bytes [48, B8, 39, 31, E4, 75]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                          00000000775ff108 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                          00000000775ff2c0 6 bytes [48, B8, 79, 60, E4, 75]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                                      00000000775ff2c8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                                00000000775ff3a0 6 bytes [48, B8, 79, 3D, E4, 75]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                            00000000775ff3a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                 00000000775ff3b0 6 bytes [48, B8, B9, 3B, E4, 75]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                             00000000775ff3b8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                            00000000775ff3c0 6 bytes [48, B8, 79, 83, E4, 75]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                                        00000000775ff3c8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                    00000000775ff4a0 6 bytes [48, B8, 79, 75, E4, 75]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                                                                                00000000775ff4a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                                     0000000077391c10 12 bytes [48, B8, F9, 39, E4, 75, 00, ...]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                              0000000077392b61 8 bytes [B8, 39, 69, E4, 75, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                             0000000077392b6a 2 bytes [50, C3]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                       00000000773adbc0 12 bytes [48, B8, B9, 2D, E4, 75, 00, ...]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                          00000000773b0941 11 bytes [B8, B9, 73, E4, 75, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                                    000000007741f511 11 bytes [B8, 39, 70, E4, 75, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                                    000000007741f711 11 bytes [B8, B9, 6C, E4, 75, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                              000000007741f741 8 bytes [B8, B9, 65, E4, 75, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                             000000007741f74a 2 bytes [50, C3]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                         000007fefd4142e0 12 bytes [48, B8, B9, 42, E4, 75, 00, ...]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                                       000007fefd420ba1 11 bytes [B8, 39, 62, E4, 75, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                                     000007fefd422801 8 bytes [B8, 39, 23, E4, 75, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                                    000007fefd42280a 2 bytes [50, C3]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                           000007fefd422841 11 bytes [B8, F9, 40, E4, 75, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                            000007feff71642d 11 bytes [B8, 79, 4B, E4, 75, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                  000007feff716484 12 bytes [48, B8, 39, 46, E4, 75, 00, ...]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                        000007feff716519 11 bytes [B8, 79, 52, E4, 75, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                  000007feff716c34 12 bytes [48, B8, 79, 44, E4, 75, 00, ...]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                             000007feff717ab5 11 bytes [B8, 39, 4D, E4, 75, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                         000007feff718b01 11 bytes [B8, F9, 47, E4, 75, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                         000007feff718c39 11 bytes [B8, B9, 49, E4, 75, 00, 00, ...]
.text    C:\Windows\Explorer.EXE[2392] C:\Windows\system32\WS2_32.dll!connect                                                                                                                        000007fefe3b45c0 12 bytes [48, B8, 39, 54, E4, 75, 00, ...]
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile                                                                                                                00000000777af924 5 bytes JMP 0000000173286c09
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                                    00000000777af9dc 5 bytes JMP 0000000173285c99
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess                                                                                                    00000000777afb24 5 bytes JMP 00000001732856a9
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                                                                              00000000777afc1c 5 bytes JMP 00000001732831d9
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                                                                                         00000000777afc4c 5 bytes JMP 00000001732815f1
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                                                                                                       00000000777afc7c 5 bytes JMP 0000000173281689
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                                         00000000777afcac 5 bytes JMP 0000000173285611
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                                              00000000777afdc4 5 bytes JMP 0000000173286b71
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                                                       00000000777afe10 5 bytes JMP 00000001732830a9
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                                                                          00000000777afe40 5 bytes JMP 0000000173283309
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread                                                                                                           00000000777aff20 5 bytes JMP 0000000173283271
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                                            00000000777affa0 5 bytes JMP 0000000173286ca1
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx                                                                                                          00000000777affe8 5 bytes JMP 0000000173282ee1
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                                             00000000777b0000 5 bytes JMP 0000000173282db1
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                               00000000777b00b0 5 bytes JMP 0000000173281ed9
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                                              00000000777b01c0 5 bytes JMP 0000000173282301
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                                                             00000000777b0798 5 bytes JMP 0000000173286ad9
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess                                                                                                            00000000777b0810 5 bytes JMP 0000000173282e49
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                                           00000000777b08a0 5 bytes JMP 0000000173282d19
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                               00000000777b0df0 5 bytes JMP 0000000173285d31
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError                                                                                                           00000000777b1600 5 bytes JMP 0000000173284ac9
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                                                         00000000777b191c 5 bytes JMP 0000000173283141
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                                     00000000777b1be0 5 bytes JMP 0000000173285dc9
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess                                                                                                           00000000777b1d50 5 bytes JMP 0000000173283439
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                                                            00000000777b1d6c 5 bytes JMP 00000001732833a1
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                                       00000000777b1d88 5 bytes JMP 0000000173286d39
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl                                                                                                               00000000777b1ee4 5 bytes JMP 0000000173286911
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter                                                                                                 00000000777c4924 5 bytes JMP 0000000173281ab1
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx                                                                                               00000000777f0edb 5 bytes JMP 0000000173282009
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\SysWOW64\ntdll.dll!RtlReportException                                                                                                         000000007783886f 5 bytes JMP 0000000173284b61
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters                                                                                                 000000007783eb0b 5 bytes JMP 0000000173281f71
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA                                                                                                         0000000075800e00 5 bytes JMP 0000000173281da9
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                          0000000075801072 5 bytes JMP 0000000173282a21
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                                                                            0000000075804977 5 bytes JMP 00000001732825f9
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                                                                                  0000000075813b93 5 bytes JMP 0000000173283011
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW                                                                                                   0000000075819a74 5 bytes JMP 0000000173286581
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                                                                                             0000000075819ad5 5 bytes JMP 0000000173286321
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot                                                                                                00000000758272f7 5 bytes JMP 0000000173282729
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\kernel32.dll!Process32NextW                                                                                                          00000000758288aa 5 bytes JMP 0000000173285c01
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                                                                                             000000007582ccb1 5 bytes JMP 00000001732861f1
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA                                                                                                   000000007582ccd1 5 bytes JMP 0000000173286451
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\kernel32.dll!WinExec                                                                                                                 0000000075883041 5 bytes JMP 00000001732828f1
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA                                                                                                       00000000758a74fb 5 bytes JMP 00000001732846a1
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW                                                                                                       00000000758a751e 5 bytes JMP 00000001732847d1
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\kernel32.dll!ReadConsoleA                                                                                                            00000000758a78c9 5 bytes JMP 0000000173284901
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\kernel32.dll!ReadConsoleW                                                                                                            00000000758a7942 5 bytes JMP 0000000173284a31
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime                                                                                               0000000075db8f8d 5 bytes JMP 0000000173281a19
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle                                                                                                           0000000075dbc436 5 bytes JMP 0000000173283b59
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory                                                                                                    0000000075dbeca6 5 bytes JMP 0000000173283601
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess                                                                                                           0000000075dbf206 5 bytes JMP 0000000173282399
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW                                                                                                       0000000075dbfa89 5 bytes JMP 0000000173281e41
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW                                                                                                      0000000075dbfbb7 5 bytes JMP 00000001732860c1
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW                                                                                                          0000000075dc1358 5 bytes JMP 0000000173283ac1
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW                                                                                                            0000000075dc137f 5 bytes JMP 0000000173283a29
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                                                      0000000075dc1d29 5 bytes JMP 0000000173281981
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress                                                                                                        0000000075dc1e15 5 bytes JMP 00000001732824c9
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                                        0000000075dc2ab1 5 bytes JMP 00000001732857d9
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA                                                                                                        0000000075dc2cd9 5 bytes JMP 0000000173285741
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                                                           0000000075dc2d17 5 bytes JMP 0000000173285871
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA                                                                                                      0000000075dc2e7a 5 bytes JMP 00000001732818e9
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\KERNELBASE.dll!SleepEx                                                                                                               0000000075dc3b70 5 bytes JMP 0000000173282269
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\KERNELBASE.dll!Sleep                                                                                                                 0000000075dc4496 5 bytes JMP 0000000173282431
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\KERNELBASE.dll!CreateThread                                                                                                          0000000075dc4608 5 bytes JMP 0000000173283569
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread                                                                                                    0000000075dc4631 5 bytes JMP 0000000173282c81
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA                                                                                                           0000000075dcc734 5 bytes JMP 00000001732827c1
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\msvcrt.dll!_lock + 41                                                                                                                0000000075e0a472 5 bytes JMP 0000000173286dd1
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\msvcrt.dll!__p__fmode                                                                                                                0000000075e127ce 5 bytes JMP 0000000173281be1
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\msvcrt.dll!__p__environ                                                                                                              0000000075e1e6cf 5 bytes JMP 0000000173281b49
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW                                                                                                            00000000770ac9ec 5 bytes JMP 0000000173283c89
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA                                                                                                            00000000770b2b70 5 bytes JMP 0000000173283bf1
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle                                                                                                      00000000770b361c 5 bytes JMP 00000001732840b1
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222                                                                                                     00000000770b4965 1 byte JMP 0000000173286e69
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 224                                                                                                     00000000770b4967 3 bytes {JMP 0xfffffffffc1d2504}
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                                                                          00000000770c70c4 5 bytes JMP 0000000173284311
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\ADVAPI32.dll!ControlService                                                                                                          00000000770c70dc 5 bytes JMP 0000000173283e51
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\ADVAPI32.dll!DeleteService                                                                                                           00000000770c70f4 5 bytes JMP 0000000173283ee9
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA                                                                                                    00000000770e31f4 5 bytes JMP 0000000173283f81
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW                                                                                                    00000000770e3204 5 bytes JMP 0000000173284019
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA                                                                                                       00000000770e3214 5 bytes JMP 0000000173283d21
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW                                                                                                       00000000770e3224 5 bytes JMP 0000000173283db9
.text    C:\Windows\SysWOW64\ASGT.exe[2400] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                                                                          00000000770e3264 5 bytes JMP 0000000173284279
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile                                                                   00000000777af924 5 bytes JMP 0000000173286c09
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                       00000000777af9dc 5 bytes JMP 0000000173285c99
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess                                                       00000000777afb24 5 bytes JMP 00000001732856a9
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                                 00000000777afc1c 5 bytes JMP 00000001732831d9
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                                            00000000777afc4c 5 bytes JMP 00000001732815f1
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                                                          00000000777afc7c 5 bytes JMP 0000000173281689
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                            00000000777afcac 5 bytes JMP 0000000173285611
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                 00000000777afdc4 5 bytes JMP 0000000173286b71
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                          00000000777afe10 5 bytes JMP 00000001732830a9
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                             00000000777afe40 5 bytes JMP 0000000173283309
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread                                                              00000000777aff20 5 bytes JMP 0000000173283271
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                               00000000777affa0 5 bytes JMP 0000000173286ca1
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx                                                             00000000777affe8 5 bytes JMP 0000000173282ee1
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                00000000777b0000 5 bytes JMP 0000000173282db1
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                  00000000777b00b0 5 bytes JMP 0000000173281ed9
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                 00000000777b01c0 5 bytes JMP 0000000173282301
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                00000000777b0798 5 bytes JMP 0000000173286ad9

iParanoid · 01.05.2015, 16:03

Teil 4 GMER

Code:

ATTFilter

.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess                                                               00000000777b0810 5 bytes JMP 0000000173282e49
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                              00000000777b08a0 5 bytes JMP 0000000173282d19
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                  00000000777b0df0 5 bytes JMP 0000000173285d31
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError                                                              00000000777b1600 5 bytes JMP 0000000173284ac9
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                            00000000777b191c 5 bytes JMP 0000000173283141
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                        00000000777b1be0 5 bytes JMP 0000000173285dc9
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess                                                              00000000777b1d50 5 bytes JMP 0000000173283439
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                               00000000777b1d6c 5 bytes JMP 00000001732833a1
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                          00000000777b1d88 5 bytes JMP 0000000173286d39
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl                                                                  00000000777b1ee4 5 bytes JMP 0000000173286911
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter                                                    00000000777c4924 5 bytes JMP 0000000173281ab1
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx                                                  00000000777f0edb 5 bytes JMP 0000000173282009
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\SysWOW64\ntdll.dll!RtlReportException                                                            000000007783886f 5 bytes JMP 0000000173284b61
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters                                                    000000007783eb0b 5 bytes JMP 0000000173281f71
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA                                                            0000000075800e00 5 bytes JMP 0000000173281da9
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                             0000000075801072 5 bytes JMP 0000000173282a21
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                               0000000075804977 5 bytes JMP 00000001732825f9
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                                     0000000075813b93 5 bytes JMP 0000000173283011
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW                                                      0000000075819a74 5 bytes JMP 0000000173286581
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                                                0000000075819ad5 5 bytes JMP 0000000173286321
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot                                                   00000000758272f7 5 bytes JMP 0000000173282729
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\kernel32.dll!Process32NextW                                                             00000000758288aa 5 bytes JMP 0000000173285c01
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                                                000000007582ccb1 5 bytes JMP 00000001732861f1
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA                                                      000000007582ccd1 5 bytes JMP 0000000173286451
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\kernel32.dll!WinExec                                                                    0000000075883041 5 bytes JMP 00000001732828f1
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA                                                          00000000758a74fb 5 bytes JMP 00000001732846a1
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW                                                          00000000758a751e 5 bytes JMP 00000001732847d1
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\kernel32.dll!ReadConsoleA                                                               00000000758a78c9 5 bytes JMP 0000000173284901
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\kernel32.dll!ReadConsoleW                                                               00000000758a7942 5 bytes JMP 0000000173284a31
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime                                                  0000000075db8f8d 5 bytes JMP 0000000173281a19
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle                                                              0000000075dbc436 5 bytes JMP 0000000173283b59
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory                                                       0000000075dbeca6 5 bytes JMP 0000000173283601
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess                                                              0000000075dbf206 5 bytes JMP 0000000173282399
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW                                                          0000000075dbfa89 5 bytes JMP 0000000173281e41
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW                                                         0000000075dbfbb7 5 bytes JMP 00000001732860c1
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW                                                             0000000075dc1358 5 bytes JMP 0000000173283ac1
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW                                                               0000000075dc137f 5 bytes JMP 0000000173283a29
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                         0000000075dc1d29 5 bytes JMP 0000000173281981
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress                                                           0000000075dc1e15 5 bytes JMP 00000001732824c9
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                           0000000075dc2ab1 5 bytes JMP 00000001732857d9
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA                                                           0000000075dc2cd9 5 bytes JMP 0000000173285741
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                              0000000075dc2d17 5 bytes JMP 0000000173285871
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA                                                         0000000075dc2e7a 5 bytes JMP 00000001732818e9
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\KERNELBASE.dll!SleepEx                                                                  0000000075dc3b70 5 bytes JMP 0000000173282269
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\KERNELBASE.dll!Sleep                                                                    0000000075dc4496 5 bytes JMP 0000000173282431
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\KERNELBASE.dll!CreateThread                                                             0000000075dc4608 5 bytes JMP 0000000173283569
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread                                                       0000000075dc4631 5 bytes JMP 0000000173282c81
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA                                                              0000000075dcc734 5 bytes JMP 00000001732827c1
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW                                                               00000000770ac9ec 5 bytes JMP 0000000173283c89
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA                                                               00000000770b2b70 5 bytes JMP 0000000173283bf1
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle                                                         00000000770b361c 5 bytes JMP 00000001732840b1
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222                                                        00000000770b4965 5 bytes JMP 0000000173286dd1
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                             00000000770c70c4 5 bytes JMP 0000000173284311
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\ADVAPI32.dll!ControlService                                                             00000000770c70dc 5 bytes JMP 0000000173283e51
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\ADVAPI32.dll!DeleteService                                                              00000000770c70f4 5 bytes JMP 0000000173283ee9
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA                                                       00000000770e31f4 5 bytes JMP 0000000173283f81
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW                                                       00000000770e3204 5 bytes JMP 0000000173284019
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA                                                          00000000770e3214 5 bytes JMP 0000000173283d21
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW                                                          00000000770e3224 5 bytes JMP 0000000173283db9
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                             00000000770e3264 5 bytes JMP 0000000173284279
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\msvcrt.dll!_lock + 41                                                                   0000000075e0a472 5 bytes JMP 0000000173286e69
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\msvcrt.dll!__p__fmode                                                                   0000000075e127ce 5 bytes JMP 0000000173281be1
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\msvcrt.dll!__p__environ                                                                 0000000075e1e6cf 5 bytes JMP 0000000173281b49
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\USER32.dll!GetMessageW                                                                  00000000757078e2 5 bytes JMP 0000000173284441
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\USER32.dll!GetMessageA                                                                  0000000075707bd3 5 bytes JMP 00000001732843a9
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                              0000000075708a29 5 bytes JMP 0000000173284f89
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\USER32.dll!FindWindowW                                                                  00000000757098fd 5 bytes JMP 0000000173285a39
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize                                                      000000007570b6ed 5 bytes JMP 0000000173286f01
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                                              000000007570d22e 5 bytes JMP 0000000173285021
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                              000000007570ee09 5 bytes JMP 00000001732834d1
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\USER32.dll!FindWindowA                                                                  000000007570ffe6 5 bytes JMP 0000000173285909
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\USER32.dll!FindWindowExA                                                                00000000757100d9 5 bytes JMP 00000001732859a1
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\USER32.dll!PeekMessageW                                                                 00000000757105ba 5 bytes JMP 0000000173284571
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\USER32.dll!ShowWindow                                                                   0000000075710dfb 5 bytes JMP 00000001732850b9
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                 00000000757112a5 5 bytes JMP 0000000173286a41
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\USER32.dll!SetWindowTextW                                                               00000000757120ec 5 bytes JMP 0000000173285449
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                 0000000075713baa 5 bytes JMP 00000001732869a9
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\USER32.dll!PeekMessageA                                                                 0000000075715f74 5 bytes JMP 00000001732844d9
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\USER32.dll!CallNextHookEx                                                               0000000075716285 5 bytes JMP 0000000173284bf9
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                            0000000075717603 5 bytes JMP 0000000173282be9
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\USER32.dll!SetWindowTextA                                                               0000000075717aee 5 bytes JMP 00000001732853b1
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                            000000007571835c 5 bytes JMP 0000000173282b51
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW                                                   000000007572ce54 5 bytes JMP 00000001732851e9
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                          000000007572f52b 5 bytes JMP 0000000173284c91
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\USER32.dll!FindWindowExW                                                                000000007572f588 5 bytes JMP 0000000173285ad1
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW                                                00000000757310a0 5 bytes JMP 0000000173285151
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\USER32.dll!MessageBoxExA                                                                000000007575fcd6 2 bytes JMP 0000000173285281
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 3                                                            000000007575fcd9 2 bytes [B2, FD]
.text    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe[2544] C:\Windows\syswow64\USER32.dll!MessageBoxExW                                                                000000007575fcfa 5 bytes JMP 0000000173285319
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile                                                         00000000777af924 5 bytes JMP 0000000173286c09
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                             00000000777af9dc 5 bytes JMP 0000000173285c99
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess                                             00000000777afb24 5 bytes JMP 00000001732856a9
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                       00000000777afc1c 5 bytes JMP 00000001732831d9
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                                  00000000777afc4c 5 bytes JMP 00000001732815f1
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                                                00000000777afc7c 5 bytes JMP 0000000173281689
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                  00000000777afcac 5 bytes JMP 0000000173285611
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                       00000000777afdc4 5 bytes JMP 0000000173286b71
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                00000000777afe10 5 bytes JMP 00000001732830a9
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                   00000000777afe40 5 bytes JMP 0000000173283309
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread                                                    00000000777aff20 5 bytes JMP 0000000173283271
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                     00000000777affa0 5 bytes JMP 0000000173286ca1
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx                                                   00000000777affe8 5 bytes JMP 0000000173282ee1
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                      00000000777b0000 5 bytes JMP 0000000173282db1
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                        00000000777b00b0 5 bytes JMP 0000000173281ed9
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                       00000000777b01c0 5 bytes JMP 0000000173282301
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                      00000000777b0798 5 bytes JMP 0000000173286ad9
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess                                                     00000000777b0810 5 bytes JMP 0000000173282e49
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                    00000000777b08a0 5 bytes JMP 0000000173282d19
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                        00000000777b0df0 5 bytes JMP 0000000173285d31
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError                                                    00000000777b1600 5 bytes JMP 0000000173284ac9
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                  00000000777b191c 5 bytes JMP 0000000173283141
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                              00000000777b1be0 5 bytes JMP 0000000173285dc9
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess                                                    00000000777b1d50 5 bytes JMP 0000000173283439
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                     00000000777b1d6c 5 bytes JMP 00000001732833a1
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                00000000777b1d88 5 bytes JMP 0000000173286d39
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl                                                        00000000777b1ee4 5 bytes JMP 0000000173286911
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter                                          00000000777c4924 5 bytes JMP 0000000173281ab1
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx                                        00000000777f0edb 5 bytes JMP 0000000173282009
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\SysWOW64\ntdll.dll!RtlReportException                                                  000000007783886f 5 bytes JMP 0000000173284b61
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters                                          000000007783eb0b 5 bytes JMP 0000000173281f71
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA                                                  0000000075800e00 5 bytes JMP 0000000173281da9
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                   0000000075801072 5 bytes JMP 0000000173282a21
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                     0000000075804977 5 bytes JMP 00000001732825f9
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                           0000000075813b93 5 bytes JMP 0000000173283011
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW                                            0000000075819a74 5 bytes JMP 0000000173286581
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                                      0000000075819ad5 5 bytes JMP 0000000173286321
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot                                         00000000758272f7 5 bytes JMP 0000000173282729
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\kernel32.dll!Process32NextW                                                   00000000758288aa 5 bytes JMP 0000000173285c01
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                                      000000007582ccb1 5 bytes JMP 00000001732861f1
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA                                            000000007582ccd1 5 bytes JMP 0000000173286451
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\kernel32.dll!WinExec                                                          0000000075883041 5 bytes JMP 00000001732828f1
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA                                                00000000758a74fb 5 bytes JMP 00000001732846a1
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW                                                00000000758a751e 5 bytes JMP 00000001732847d1
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\kernel32.dll!ReadConsoleA                                                     00000000758a78c9 5 bytes JMP 0000000173284901
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\kernel32.dll!ReadConsoleW                                                     00000000758a7942 5 bytes JMP 0000000173284a31
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime                                        0000000075db8f8d 5 bytes JMP 0000000173281a19
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle                                                    0000000075dbc436 5 bytes JMP 0000000173283b59
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory                                             0000000075dbeca6 5 bytes JMP 0000000173283601
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess                                                    0000000075dbf206 5 bytes JMP 0000000173282399
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW                                                0000000075dbfa89 5 bytes JMP 0000000173281e41
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW                                               0000000075dbfbb7 5 bytes JMP 00000001732860c1
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW                                                   0000000075dc1358 5 bytes JMP 0000000173283ac1
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW                                                     0000000075dc137f 5 bytes JMP 0000000173283a29
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                               0000000075dc1d29 5 bytes JMP 0000000173281981
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress                                                 0000000075dc1e15 5 bytes JMP 00000001732824c9
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                 0000000075dc2ab1 5 bytes JMP 00000001732857d9
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA                                                 0000000075dc2cd9 5 bytes JMP 0000000173285741
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                    0000000075dc2d17 5 bytes JMP 0000000173285871
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA                                               0000000075dc2e7a 5 bytes JMP 00000001732818e9
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\KERNELBASE.dll!SleepEx                                                        0000000075dc3b70 5 bytes JMP 0000000173282269
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\KERNELBASE.dll!Sleep                                                          0000000075dc4496 5 bytes JMP 0000000173282431
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\KERNELBASE.dll!CreateThread                                                   0000000075dc4608 5 bytes JMP 0000000173283569
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread                                             0000000075dc4631 5 bytes JMP 0000000173282c81
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA                                                    0000000075dcc734 5 bytes JMP 00000001732827c1
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\USER32.dll!GetMessageW                                                        00000000757078e2 5 bytes JMP 0000000173284441
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\USER32.dll!GetMessageA                                                        0000000075707bd3 5 bytes JMP 00000001732843a9
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                    0000000075708a29 5 bytes JMP 0000000173284f89
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\USER32.dll!FindWindowW                                                        00000000757098fd 5 bytes JMP 0000000173285a39
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize                                            000000007570b6ed 5 bytes JMP 0000000173286dd1
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                                    000000007570d22e 5 bytes JMP 0000000173285021
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                    000000007570ee09 5 bytes JMP 00000001732834d1
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\USER32.dll!FindWindowA                                                        000000007570ffe6 5 bytes JMP 0000000173285909
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\USER32.dll!FindWindowExA                                                      00000000757100d9 5 bytes JMP 00000001732859a1
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\USER32.dll!PeekMessageW                                                       00000000757105ba 5 bytes JMP 0000000173284571
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\USER32.dll!ShowWindow                                                         0000000075710dfb 5 bytes JMP 00000001732850b9
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\USER32.dll!PostMessageW                                                       00000000757112a5 5 bytes JMP 0000000173286a41
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\USER32.dll!SetWindowTextW                                                     00000000757120ec 5 bytes JMP 0000000173285449
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\USER32.dll!PostMessageA                                                       0000000075713baa 5 bytes JMP 00000001732869a9
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\USER32.dll!PeekMessageA                                                       0000000075715f74 5 bytes JMP 00000001732844d9
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\USER32.dll!CallNextHookEx                                                     0000000075716285 5 bytes JMP 0000000173284bf9
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                  0000000075717603 5 bytes JMP 0000000173282be9
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\USER32.dll!SetWindowTextA                                                     0000000075717aee 5 bytes JMP 00000001732853b1
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                  000000007571835c 5 bytes JMP 0000000173282b51
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW                                         000000007572ce54 5 bytes JMP 00000001732851e9
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                000000007572f52b 5 bytes JMP 0000000173284c91
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\USER32.dll!FindWindowExW                                                      000000007572f588 5 bytes JMP 0000000173285ad1
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW                                      00000000757310a0 5 bytes JMP 0000000173285151
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\USER32.dll!MessageBoxExA                                                      000000007575fcd6 2 bytes JMP 0000000173285281
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 3                                                  000000007575fcd9 2 bytes [B2, FD]
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\USER32.dll!MessageBoxExW                                                      000000007575fcfa 5 bytes JMP 0000000173285319
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\msvcrt.dll!_lock + 41                                                         0000000075e0a472 5 bytes JMP 0000000173286e69
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\msvcrt.dll!__p__fmode                                                         0000000075e127ce 5 bytes JMP 0000000173281be1
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\msvcrt.dll!__p__environ                                                       0000000075e1e6cf 5 bytes JMP 0000000173281b49
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW                                                     00000000770ac9ec 5 bytes JMP 0000000173283c89
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA                                                     00000000770b2b70 5 bytes JMP 0000000173283bf1
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle                                               00000000770b361c 5 bytes JMP 00000001732840b1
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222                                              00000000770b4965 5 bytes JMP 0000000173286f01
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                   00000000770c70c4 5 bytes JMP 0000000173284311
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\ADVAPI32.dll!ControlService                                                   00000000770c70dc 5 bytes JMP 0000000173283e51
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\ADVAPI32.dll!DeleteService                                                    00000000770c70f4 5 bytes JMP 0000000173283ee9
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA                                             00000000770e31f4 5 bytes JMP 0000000173283f81
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW                                             00000000770e3204 5 bytes JMP 0000000173284019
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA                                                00000000770e3214 5 bytes JMP 0000000173283d21
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW                                                00000000770e3224 5 bytes JMP 0000000173283db9
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                   00000000770e3264 5 bytes JMP 0000000173284279
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW                                                 0000000076320179 5 bytes JMP 0000000173284d29
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\WS2_32.dll!closesocket                                                        0000000077283918 5 bytes JMP 0000000173285579
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\WS2_32.dll!WSASocketW                                                         0000000077283cd3 5 bytes JMP 00000001732854e1
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\WS2_32.dll!socket                                                             0000000077283eb8 5 bytes JMP 0000000173286619
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\WS2_32.dll!WSASend                                                            0000000077284406 5 bytes JMP 0000000173282139
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW                                                       0000000077284889 5 bytes JMP 0000000173284dc1
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\WS2_32.dll!recv                                                               0000000077286b0e 5 bytes JMP 00000001732867e1
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\WS2_32.dll!connect                                                            0000000077286bdd 1 byte JMP 00000001732841e1
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\WS2_32.dll!connect + 2                                                        0000000077286bdf 3 bytes {CALL RBP}
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\WS2_32.dll!send                                                               0000000077286f01 5 bytes JMP 00000001732820a1
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\WS2_32.dll!WSARecv                                                            0000000077287089 5 bytes JMP 0000000173286879
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\WS2_32.dll!WSAConnect                                                         000000007728cc3f 5 bytes JMP 0000000173286749
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW                                                     000000007728d1ea 5 bytes JMP 0000000173284e59
.text    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.15\AsusFanControlService.exe[2596] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                                      0000000077297673 5 bytes JMP 0000000173284ef1
.text    C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[2648] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                              0000000077391b21 11 bytes [B8, 79, D7, E4, 75, 00, 00, ...]
.text    C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[2648] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                        0000000077391c10 12 bytes [48, B8, F9, 39, E4, 75, 00, ...]
.text    C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[2648] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                 0000000077392b61 8 bytes [B8, 79, EC, E4, 75, 00, 00, ...]
.text    C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[2648] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                0000000077392b6a 2 bytes [50, C3]
.text    C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[2648] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                          00000000773adbc0 12 bytes [48, B8, B9, 2D, E4, 75, 00, ...]
.text    C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[2648] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                             00000000773b0941 11 bytes [B8, B9, FF, E4, 75, 00, 00, ...]
.text    C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[2648] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                           00000000773e5331 11 bytes [B8, B9, 7A, E4, 75, 00, 00, ...]
.text    C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[2648] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                           00000000773e5351 11 bytes [B8, 39, 77, E4, 75, 00, 00, ...]
.text    C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[2648] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                    00000000773fa660 12 bytes [48, B8, B9, 81, E4, 75, 00, ...]
.text    C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[2648] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                    00000000773fa770 12 bytes [48, B8, 39, 7E, E4, 75, 00, ...]
.text    C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[2648] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                       000000007741f511 11 bytes [B8, 79, F3, E4, 75, 00, 00, ...]
.text    C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[2648] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                       000000007741f711 11 bytes [B8, F9, EF, E4, 75, 00, 00, ...]
.text    C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[2648] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                 000000007741f741 8 bytes [B8, F9, E8, E4, 75, 00, 00, ...]
.text    C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[2648] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                000000007741f74a 2 bytes [50, C3]
.text    C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[2648] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                               000007fefd3e1861 11 bytes [B8, 79, 52, E4, 75, 00, 00, ...]
.text    C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[2648] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                            000007fefd3e30f1 11 bytes [B8, F9, CC, E4, 75, 00, 00, ...]
.text    C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[2648] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                  000007fefd3e8c00 12 bytes [48, B8, B9, 50, E4, 75, 00, ...]
.text    C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[2648] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                            000007fefd3eb591 11 bytes [B8, B9, C7, E4, 75, 00, 00, ...]
.text    C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[2648] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                000007fefd3f2361 11 bytes [B8, F9, 4E, E4, 75, 00, 00, ...]
.text    C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[2648] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                000007fefd3fa590 12 bytes [48, B8, 79, C9, E4, 75, 00, ...]
.text    C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[2648] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                               000007fefd3fac01 11 bytes [B8, 39, CB, E4, 75, 00, 00, ...]
.text    C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[2648] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                            000007fefd4142e0 12 bytes [48, B8, B9, 42, E4, 75, 00, ...]
.text    C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[2648] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                          000007fefd420ba1 11 bytes [B8, 79, E5, E4, 75, 00, 00, ...]
.text    C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[2648] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                        000007fefd422801 8 bytes [B8, 39, 23, E4, 75, 00, 00, ...]
.text    C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[2648] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                       000007fefd42280a 2 bytes [50, C3]
.text    C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[2648] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                              000007fefd422841 11 bytes [B8, F9, 40, E4, 75, 00, 00, ...]
.text    C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[2648] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                               000007feff71642d 11 bytes [B8, 39, 5B, E4, 75, 00, 00, ...]
.text    C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[2648] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                     000007feff716484 12 bytes [48, B8, F9, 55, E4, 75, 00, ...]
.text    C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[2648] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                           000007feff716519 11 bytes [B8, 39, 62, E4, 75, 00, 00, ...]
.text    C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[2648] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                     000007feff716c34 12 bytes [48, B8, 39, 54, E4, 75, 00, ...]
.text    C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[2648] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                000007feff717ab5 11 bytes [B8, F9, 5C, E4, 75, 00, 00, ...]
.text    C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[2648] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                            000007feff718b01 11 bytes [B8, B9, 57, E4, 75, 00, 00, ...]
.text    C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe[2648] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                            000007feff718c39 11 bytes [B8, 79, 59, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\IProsetMonitor.exe[2712] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                            0000000077391b21 11 bytes [B8, 79, BB, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\IProsetMonitor.exe[2712] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                      0000000077391c10 12 bytes [48, B8, F9, 39, E4, 75, 00, ...]
.text    C:\Windows\system32\IProsetMonitor.exe[2712] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                               0000000077392b61 8 bytes [B8, 79, D0, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\IProsetMonitor.exe[2712] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                              0000000077392b6a 2 bytes [50, C3]
.text    C:\Windows\system32\IProsetMonitor.exe[2712] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                        00000000773adbc0 12 bytes [48, B8, B9, 2D, E4, 75, 00, ...]
.text    C:\Windows\system32\IProsetMonitor.exe[2712] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                           00000000773b0941 11 bytes [B8, B9, E3, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\IProsetMonitor.exe[2712] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                         00000000773e5331 11 bytes [B8, B9, 7A, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\IProsetMonitor.exe[2712] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                         00000000773e5351 11 bytes [B8, 39, 77, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\IProsetMonitor.exe[2712] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                  00000000773fa660 12 bytes [48, B8, B9, 81, E4, 75, 00, ...]
.text    C:\Windows\system32\IProsetMonitor.exe[2712] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                  00000000773fa770 12 bytes [48, B8, 39, 7E, E4, 75, 00, ...]
.text    C:\Windows\system32\IProsetMonitor.exe[2712] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                     000000007741f511 11 bytes [B8, 79, D7, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\IProsetMonitor.exe[2712] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                     000000007741f711 11 bytes [B8, F9, D3, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\IProsetMonitor.exe[2712] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                               000000007741f741 8 bytes [B8, F9, CC, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\IProsetMonitor.exe[2712] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                              000000007741f74a 2 bytes [50, C3]
.text    C:\Windows\system32\IProsetMonitor.exe[2712] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                             000007fefd3e1861 11 bytes [B8, 79, 52, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\IProsetMonitor.exe[2712] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                          000007fefd3e30f1 11 bytes [B8, F9, B0, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\IProsetMonitor.exe[2712] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                000007fefd3e8c00 12 bytes [48, B8, B9, 50, E4, 75, 00, ...]
.text    C:\Windows\system32\IProsetMonitor.exe[2712] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                          000007fefd3eb591 11 bytes [B8, B9, AB, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\IProsetMonitor.exe[2712] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                              000007fefd3f2361 11 bytes [B8, F9, 4E, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\IProsetMonitor.exe[2712] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                              000007fefd3fa590 12 bytes [48, B8, 79, AD, E4, 75, 00, ...]
.text    C:\Windows\system32\IProsetMonitor.exe[2712] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                             000007fefd3fac01 11 bytes [B8, 39, AF, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\IProsetMonitor.exe[2712] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                          000007fefd4142e0 12 bytes [48, B8, B9, 42, E4, 75, 00, ...]
.text    C:\Windows\system32\IProsetMonitor.exe[2712] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                        000007fefd420ba1 11 bytes [B8, 79, C9, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\IProsetMonitor.exe[2712] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                      000007fefd422801 8 bytes [B8, 39, 23, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\IProsetMonitor.exe[2712] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                     000007fefd42280a 2 bytes [50, C3]
.text    C:\Windows\system32\IProsetMonitor.exe[2712] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                            000007fefd422841 11 bytes [B8, F9, 40, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\IProsetMonitor.exe[2712] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                             000007feff71642d 11 bytes [B8, 39, 5B, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\IProsetMonitor.exe[2712] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                   000007feff716484 12 bytes [48, B8, F9, 55, E4, 75, 00, ...]
.text    C:\Windows\system32\IProsetMonitor.exe[2712] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                         000007feff716519 11 bytes [B8, 39, 62, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\IProsetMonitor.exe[2712] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                   000007feff716c34 12 bytes [48, B8, 39, 54, E4, 75, 00, ...]
.text    C:\Windows\system32\IProsetMonitor.exe[2712] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                              000007feff717ab5 11 bytes [B8, F9, 5C, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\IProsetMonitor.exe[2712] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                          000007feff718b01 11 bytes [B8, B9, 57, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\IProsetMonitor.exe[2712] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                          000007feff718c39 11 bytes [B8, 79, 59, E4, 75, 00, 00, ...]
.text    C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe[2820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                          00000000775fde90 5 bytes [48, B8, F0, 12, AE]
.text    C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe[2820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                      00000000775fde98 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe[2820] C:\Windows\system32\kernel32.dll!UnhandledExceptionFilter + 1                                                             000000007742b861 11 bytes [B8, F0, 12, E6, 00, 00, 00, ...]
.text    C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                            00000000775fde90 6 bytes [48, B8, F0, 12, 41, 02]
.text    C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[2460] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                        00000000775fde98 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[2460] C:\Windows\system32\kernel32.dll!UnhandledExceptionFilter + 1                                                               000000007742b861 11 bytes [B8, F0, 12, 39, 02, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                  00000000775e6741 7 bytes [B8, 39, 69, E4, 75, 00, 00]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10                                                                                 00000000775e674a 2 bytes [50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                                       00000000775fdc50 6 bytes [48, B8, F9, EF, E4, 75]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                                   00000000775fdc58 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                           00000000775fdcc0 6 bytes [48, B8, 39, BD, E4, 75]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                       00000000775fdcc8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                           00000000775fdd90 6 bytes [48, B8, F9, A9, E4, 75]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                       00000000775fdd98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                     00000000775fde30 6 bytes [48, B8, F9, 32, E4, 75]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                 00000000775fde38 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                00000000775fde50 6 bytes [48, B8, 39, 1C, E4, 75]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                            00000000775fde58 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                              00000000775fde70 6 bytes [48, B8, F9, 1D, E4, 75]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                          00000000775fde78 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                00000000775fde90 6 bytes [48, B8, 39, A8, E4, 75]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                            00000000775fde98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                     00000000775fdf40 6 bytes [48, B8, 79, EC, E4, 75]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                 00000000775fdf48 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                              00000000775fdf70 6 bytes [48, B8, 79, 2F, E4, 75]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                          00000000775fdf78 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                 00000000775fdf90 6 bytes [48, B8, 79, 36, E4, 75]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                             00000000775fdf98 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                  00000000775fe020 6 bytes [48, B8, B9, 34, E4, 75]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                              00000000775fe028 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                   00000000775fe070 6 bytes [48, B8, B9, F1, E4, 75]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                               00000000775fe078 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                 00000000775fe0a0 6 bytes [48, B8, 39, 2A, E4, 75]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                             00000000775fe0a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                    00000000775fe0b0 6 bytes [48, B8, B9, 26, E4, 75]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                00000000775fe0b8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                      00000000775fe120 6 bytes [48, B8, 39, EE, E4, 75]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                                  00000000775fe128 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                     00000000775fe1d0 6 bytes [48, B8, 39, F5, E4, 75]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                 00000000775fe1d8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                    00000000775fe5a0 6 bytes [48, B8, B9, EA, E4, 75]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                00000000775fe5a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                   00000000775fe5f0 6 bytes [48, B8, 79, 28, E4, 75]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                               00000000775fe5f8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                  00000000775fe650 6 bytes [48, B8, F9, 24, E4, 75]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                              00000000775fe658 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                      00000000775fe9c0 6 bytes [48, B8, F9, BE, E4, 75]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                  00000000775fe9c8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                  00000000775fef00 6 bytes [48, B8, 79, 83, E4, 75]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                              00000000775fef08 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                00000000775ff100 6 bytes [48, B8, 39, 31, E4, 75]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                            00000000775ff108 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                            00000000775ff2c0 6 bytes [48, B8, B9, C0, E4, 75]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                        00000000775ff2c8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                  00000000775ff3a0 6 bytes [48, B8, 79, 3D, E4, 75]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                              00000000775ff3a8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                   00000000775ff3b0 6 bytes [48, B8, B9, 3B, E4, 75]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                               00000000775ff3b8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                              00000000775ff3c0 6 bytes [48, B8, 79, F3, E4, 75]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                          00000000775ff3c8 4 bytes [00, 00, 50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                      00000000775ff4a0 6 bytes [48, B8, 79, E5, E4, 75]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                                                                  00000000775ff4a8 4 bytes [00, 00, 50, C3]

iParanoid · 03.05.2015, 00:21

Letzter Teil

Code:

ATTFilter

.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                            000000007766ea21 11 bytes [B8, 39, 85, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                              000007fefd3e1861 11 bytes [B8, 79, 52, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                           000007fefd3e30f1 11 bytes [B8, F9, B0, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                 000007fefd3e8c00 12 bytes [48, B8, B9, 50, E4, 75, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                           000007fefd3eb591 11 bytes [B8, B9, AB, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                               000007fefd3f2361 11 bytes [B8, F9, 4E, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                               000007fefd3fa590 12 bytes [48, B8, 79, AD, E4, 75, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                              000007fefd3fac01 11 bytes [B8, 39, AF, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                           000007fefd4142e0 12 bytes [48, B8, B9, 42, E4, 75, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                         000007fefd420ba1 11 bytes [B8, 79, C9, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                       000007fefd422801 8 bytes [B8, 39, 23, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                      000007fefd42280a 2 bytes [50, C3]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                             000007fefd422841 11 bytes [B8, F9, 40, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                              000007feff71642d 11 bytes [B8, 39, 5B, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                    000007feff716484 12 bytes [48, B8, F9, 55, E4, 75, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                          000007feff716519 11 bytes [B8, 39, 62, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                    000007feff716c34 12 bytes [48, B8, 39, 54, E4, 75, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                               000007feff717ab5 11 bytes [B8, F9, 5C, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                           000007feff718b01 11 bytes [B8, B9, 57, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                           000007feff718c39 11 bytes [B8, 79, 59, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                   0000000077391b21 11 bytes [B8, 79, BB, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                             0000000077391c10 12 bytes [48, B8, F9, 39, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                      0000000077392b61 8 bytes [B8, 79, D0, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                     0000000077392b6a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                               00000000773adbc0 12 bytes [48, B8, B9, 2D, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                  00000000773b0941 11 bytes [B8, B9, E3, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                00000000773e5331 11 bytes [B8, B9, 7A, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                00000000773e5351 11 bytes [B8, 39, 77, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                         00000000773fa660 12 bytes [48, B8, B9, 81, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                         00000000773fa770 12 bytes [48, B8, 39, 7E, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                            000000007741f511 11 bytes [B8, 79, D7, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                            000000007741f711 11 bytes [B8, F9, D3, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                      000000007741f741 8 bytes [B8, F9, CC, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                     000000007741f74a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                    000007fefd3e1861 11 bytes [B8, 79, 52, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                 000007fefd3e30f1 11 bytes [B8, F9, B0, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                       000007fefd3e8c00 12 bytes [48, B8, B9, 50, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                 000007fefd3eb591 11 bytes [B8, B9, AB, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                     000007fefd3f2361 11 bytes [B8, F9, 4E, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                     000007fefd3fa590 12 bytes [48, B8, 79, AD, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                    000007fefd3fac01 11 bytes [B8, 39, AF, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                 000007fefd4142e0 12 bytes [48, B8, B9, 42, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                               000007fefd420ba1 11 bytes [B8, 79, C9, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                             000007fefd422801 8 bytes [B8, 39, 23, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                            000007fefd42280a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                   000007fefd422841 11 bytes [B8, F9, 40, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                    000007feff71642d 11 bytes [B8, 39, 5B, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                          000007feff716484 12 bytes [48, B8, F9, 55, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                000007feff716519 11 bytes [B8, 39, 62, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                          000007feff716c34 12 bytes [48, B8, 39, 54, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                     000007feff717ab5 11 bytes [B8, F9, 5C, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                 000007feff718b01 11 bytes [B8, B9, 57, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                 000007feff718c39 11 bytes [B8, 79, 59, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                            000007fefe3b13b1 11 bytes [B8, 79, A6, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                            000007fefe3b18e0 12 bytes [48, B8, B9, A4, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\WS2_32.dll!WSASocketW + 1                                                                                                         000007fefe3b1bd1 11 bytes [B8, F9, A2, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                            000007fefe3b2201 11 bytes [B8, 39, E0, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                           000007fefe3b23c0 12 bytes [48, B8, 39, 8C, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\WS2_32.dll!connect                                                                                                                000007fefe3b45c0 12 bytes [48, B8, 79, 67, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                               000007fefe3b8001 11 bytes [B8, 39, A1, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\WS2_32.dll!gethostbyname                                                                                                          000007fefe3b8df0 7 bytes [48, B8, B9, 8F, E4, 75, 00]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\WS2_32.dll!gethostbyname + 9                                                                                                      000007fefe3b8df9 3 bytes [00, 50, C3]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW                                                                                                         000007fefe3bc090 12 bytes [48, B8, F9, 8D, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                             000007fefe3bde91 11 bytes [B8, 39, D9, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                               000007fefe3bdf41 11 bytes [B8, 79, DE, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[3048] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                         000007fefe3de0f1 11 bytes [B8, B9, DC, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                   0000000077391b21 11 bytes [B8, 79, BB, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                             0000000077391c10 12 bytes [48, B8, F9, 39, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                                                      0000000077392b61 8 bytes [B8, 79, D0, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                                                     0000000077392b6a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                               00000000773adbc0 12 bytes [48, B8, B9, 2D, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                  00000000773b0941 11 bytes [B8, B9, E3, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                00000000773e5331 11 bytes [B8, B9, 7A, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                00000000773e5351 11 bytes [B8, 39, 77, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                         00000000773fa660 12 bytes [48, B8, B9, 81, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                         00000000773fa770 12 bytes [48, B8, 39, 7E, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                                            000000007741f511 11 bytes [B8, 79, D7, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                                            000000007741f711 11 bytes [B8, F9, D3, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                                                      000000007741f741 8 bytes [B8, F9, CC, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                                                     000000007741f74a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                    000007fefd3e1861 11 bytes [B8, 79, 52, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                 000007fefd3e30f1 11 bytes [B8, F9, B0, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                       000007fefd3e8c00 12 bytes [48, B8, B9, 50, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                 000007fefd3eb591 11 bytes [B8, B9, AB, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                     000007fefd3f2361 11 bytes [B8, F9, 4E, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                     000007fefd3fa590 12 bytes [48, B8, 79, AD, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                    000007fefd3fac01 11 bytes [B8, 39, AF, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                 000007fefd4142e0 12 bytes [48, B8, B9, 42, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                                               000007fefd420ba1 11 bytes [B8, 79, C9, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                             000007fefd422801 8 bytes [B8, 39, 23, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                            000007fefd42280a 2 bytes [50, C3]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                   000007fefd422841 11 bytes [B8, F9, 40, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                    000007feff71642d 11 bytes [B8, 39, 5B, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                          000007feff716484 12 bytes [48, B8, F9, 55, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                000007feff716519 11 bytes [B8, 39, 62, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                          000007feff716c34 12 bytes [48, B8, 39, 54, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                     000007feff717ab5 11 bytes [B8, F9, 5C, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                 000007feff718b01 11 bytes [B8, B9, 57, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                 000007feff718c39 11 bytes [B8, 79, 59, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                            000007fefe3b13b1 11 bytes [B8, 79, A6, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                            000007fefe3b18e0 12 bytes [48, B8, B9, A4, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\WS2_32.dll!WSASocketW + 1                                                                                                         000007fefe3b1bd1 11 bytes [B8, F9, A2, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                            000007fefe3b2201 11 bytes [B8, 39, E0, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                           000007fefe3b23c0 12 bytes [48, B8, 39, 8C, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\WS2_32.dll!connect                                                                                                                000007fefe3b45c0 12 bytes [48, B8, 79, 67, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                               000007fefe3b8001 11 bytes [B8, 39, A1, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\WS2_32.dll!gethostbyname                                                                                                          000007fefe3b8df0 7 bytes [48, B8, B9, 8F, E4, 75, 00]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\WS2_32.dll!gethostbyname + 9                                                                                                      000007fefe3b8df9 3 bytes [00, 50, C3]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW                                                                                                         000007fefe3bc090 12 bytes [48, B8, F9, 8D, E4, 75, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                             000007fefe3bde91 11 bytes [B8, 39, D9, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                               000007fefe3bdf41 11 bytes [B8, 79, DE, E4, 75, 00, 00, ...]
.text    C:\Windows\system32\svchost.exe[2120] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                         000007fefe3de0f1 11 bytes [B8, B9, DC, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                 00000000775e6741 7 bytes [B8, 39, 69, E4, 75, 00, 00]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10                                                                00000000775e674a 2 bytes [50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                      00000000775fdc50 6 bytes [48, B8, F9, EF, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                  00000000775fdc58 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                          00000000775fdcc0 6 bytes [48, B8, 39, BD, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                      00000000775fdcc8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                          00000000775fdd90 6 bytes [48, B8, F9, A9, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                      00000000775fdd98 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                    00000000775fde30 6 bytes [48, B8, F9, 32, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                00000000775fde38 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                               00000000775fde50 6 bytes [48, B8, 39, 1C, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                           00000000775fde58 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                             00000000775fde70 6 bytes [48, B8, F9, 1D, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                         00000000775fde78 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                               00000000775fde90 6 bytes [48, B8, 39, A8, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                           00000000775fde98 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                    00000000775fdf40 6 bytes [48, B8, 79, EC, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                00000000775fdf48 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                             00000000775fdf70 6 bytes [48, B8, 79, 2F, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                         00000000775fdf78 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                00000000775fdf90 6 bytes [48, B8, 79, 36, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                            00000000775fdf98 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                 00000000775fe020 6 bytes [48, B8, B9, 34, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                             00000000775fe028 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                  00000000775fe070 6 bytes [48, B8, B9, F1, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                              00000000775fe078 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                00000000775fe0a0 6 bytes [48, B8, 39, 2A, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                            00000000775fe0a8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                   00000000775fe0b0 6 bytes [48, B8, B9, 26, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                               00000000775fe0b8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                     00000000775fe120 6 bytes [48, B8, 39, EE, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                 00000000775fe128 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                    00000000775fe1d0 6 bytes [48, B8, 39, F5, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                00000000775fe1d8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                   00000000775fe5a0 6 bytes [48, B8, B9, EA, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                               00000000775fe5a8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                  00000000775fe5f0 6 bytes [48, B8, 79, 28, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                              00000000775fe5f8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                 00000000775fe650 6 bytes [48, B8, F9, 24, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                             00000000775fe658 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                     00000000775fe9c0 6 bytes [48, B8, F9, BE, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                 00000000775fe9c8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                 00000000775fef00 6 bytes [48, B8, 79, 83, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                             00000000775fef08 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                               00000000775ff100 6 bytes [48, B8, 39, 31, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                           00000000775ff108 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                           00000000775ff2c0 6 bytes [48, B8, B9, C0, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                       00000000775ff2c8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                 00000000775ff3a0 6 bytes [48, B8, 79, 3D, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                             00000000775ff3a8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                  00000000775ff3b0 6 bytes [48, B8, B9, 3B, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                              00000000775ff3b8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                             00000000775ff3c0 6 bytes [48, B8, 79, F3, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                         00000000775ff3c8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                     00000000775ff4a0 6 bytes [48, B8, 79, E5, E4, 75]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                                                 00000000775ff4a8 4 bytes [00, 00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                           000000007766ea21 11 bytes [B8, 39, 85, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                            0000000077391b21 11 bytes [B8, 79, BB, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                      0000000077391c10 12 bytes [48, B8, F9, 39, E4, 75, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\kernel32.dll!MoveFileExW + 1                                                                               0000000077392b61 8 bytes [B8, 79, D0, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\kernel32.dll!MoveFileExW + 10                                                                              0000000077392b6a 2 bytes [50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                        00000000773adbc0 12 bytes [48, B8, B9, 2D, E4, 75, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                           00000000773b0941 11 bytes [B8, B9, E3, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                         00000000773e5331 11 bytes [B8, B9, 7A, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                         00000000773e5351 11 bytes [B8, 39, 77, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                  00000000773fa660 12 bytes [48, B8, B9, 81, E4, 75, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                  00000000773fa770 12 bytes [48, B8, 39, 7E, E4, 75, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1                                                                     000000007741f511 11 bytes [B8, 79, D7, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1                                                                     000000007741f711 11 bytes [B8, F9, D3, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\kernel32.dll!MoveFileExA + 1                                                                               000000007741f741 8 bytes [B8, F9, CC, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\kernel32.dll!MoveFileExA + 10                                                                              000000007741f74a 2 bytes [50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                             000007fefd3e1861 11 bytes [B8, 79, 52, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                          000007fefd3e30f1 11 bytes [B8, F9, B0, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                000007fefd3e8c00 12 bytes [48, B8, B9, 50, E4, 75, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                          000007fefd3eb591 11 bytes [B8, B9, AB, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                              000007fefd3f2361 11 bytes [B8, F9, 4E, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                              000007fefd3fa590 12 bytes [48, B8, 79, AD, E4, 75, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                             000007fefd3fac01 11 bytes [B8, 39, AF, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                          000007fefd4142e0 12 bytes [48, B8, B9, 42, E4, 75, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1                                                                        000007fefd420ba1 11 bytes [B8, 79, C9, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                      000007fefd422801 8 bytes [B8, 39, 23, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                     000007fefd42280a 2 bytes [50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                            000007fefd422841 11 bytes [B8, F9, 40, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                             000007feff71642d 11 bytes [B8, 39, 5B, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                   000007feff716484 12 bytes [48, B8, F9, 55, E4, 75, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                         000007feff716519 11 bytes [B8, 39, 62, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                   000007feff716c34 12 bytes [48, B8, 39, 54, E4, 75, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                              000007feff717ab5 11 bytes [B8, F9, 5C, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                          000007feff718b01 11 bytes [B8, B9, 57, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                          000007feff718c39 11 bytes [B8, 79, 59, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                     000007fefe3b13b1 11 bytes [B8, 79, A6, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\WS2_32.dll!closesocket                                                                                     000007fefe3b18e0 12 bytes [48, B8, B9, A4, E4, 75, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\WS2_32.dll!WSASocketW + 1                                                                                  000007fefe3b1bd1 11 bytes [B8, F9, A2, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                     000007fefe3b2201 11 bytes [B8, 39, E0, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                    000007fefe3b23c0 12 bytes [48, B8, 39, 8C, E4, 75, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\WS2_32.dll!connect                                                                                         000007fefe3b45c0 12 bytes [48, B8, 79, 67, E4, 75, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\WS2_32.dll!send + 1                                                                                        000007fefe3b8001 11 bytes [B8, 39, A1, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\WS2_32.dll!gethostbyname                                                                                   000007fefe3b8df0 7 bytes [48, B8, B9, 8F, E4, 75, 00]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\WS2_32.dll!gethostbyname + 9                                                                               000007fefe3b8df9 3 bytes [00, 50, C3]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW                                                                                  000007fefe3bc090 12 bytes [48, B8, F9, 8D, E4, 75, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                      000007fefe3bde91 11 bytes [B8, 39, D9, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                        000007fefe3bdf41 11 bytes [B8, 79, DE, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                  000007fefe3de0f1 11 bytes [B8, B9, DC, E4, 75, 00, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\DNSAPI.dll!DnsQuery_UTF8                                                                                   000007fefc9956e0 12 bytes [48, B8, F9, C5, E4, 75, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\DNSAPI.dll!DnsQuery_W                                                                                      000007fefc9a010c 12 bytes [48, B8, 39, C4, E4, 75, 00, ...]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3152] C:\Windows\system32\DNSAPI.dll!DnsQuery_A                                                                                      000007fefc9bdaa0 12 bytes [48, B8, 79, C2, E4, 75, 00, ...]
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtReadFile                                                                                                    00000000777af8ec 5 bytes JMP 0000000173286619
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile                                                                                                   00000000777af924 5 bytes JMP 0000000173286ca1
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                       00000000777af9dc 5 bytes JMP 0000000173285c99
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess                                                                                       00000000777afb24 5 bytes JMP 00000001732856a9
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                                                                 00000000777afc1c 5 bytes JMP 00000001732831d9
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                                                                            00000000777afc4c 5 bytes JMP 00000001732815f1
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                                                                                          00000000777afc7c 5 bytes JMP 0000000173281689
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                            00000000777afcac 5 bytes JMP 0000000173285611
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                                 00000000777afdc4 5 bytes JMP 0000000173286c09
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                                          00000000777afe10 5 bytes JMP 00000001732830a9
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                                                             00000000777afe40 5 bytes JMP 0000000173283309
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread                                                                                              00000000777aff20 5 bytes JMP 0000000173283271
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                               00000000777affa0 5 bytes JMP 0000000173286d39
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx                                                                                             00000000777affe8 5 bytes JMP 0000000173282ee1
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                                00000000777b0000 5 bytes JMP 0000000173282db1
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                  00000000777b00b0 5 bytes JMP 0000000173281ed9
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                                 00000000777b01c0 5 bytes JMP 0000000173282301
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                                                00000000777b0798 5 bytes JMP 0000000173286b71
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess                                                                                               00000000777b0810 5 bytes JMP 0000000173282e49
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                              00000000777b08a0 5 bytes JMP 0000000173282d19
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                  00000000777b0df0 5 bytes JMP 0000000173285d31
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError                                                                                              00000000777b1600 5 bytes JMP 0000000173284ac9
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                                            00000000777b191c 5 bytes JMP 0000000173283141
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                        00000000777b1be0 5 bytes JMP 0000000173285dc9
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess                                                                                              00000000777b1d50 5 bytes JMP 0000000173283439
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                                               00000000777b1d6c 5 bytes JMP 00000001732833a1
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                          00000000777b1d88 5 bytes JMP 0000000173286dd1
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl                                                                                                  00000000777b1ee4 5 bytes JMP 00000001732869a9
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter                                                                                    00000000777c4924 5 bytes JMP 0000000173281ab1
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx                                                                                  00000000777f0edb 5 bytes JMP 0000000173282009
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\SysWOW64\ntdll.dll!RtlReportException                                                                                            000000007783886f 5 bytes JMP 0000000173284b61
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters                                                                                    000000007783eb0b 5 bytes JMP 0000000173281f71
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA                                                                                            0000000075800e00 5 bytes JMP 0000000173281da9
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                             0000000075801072 5 bytes JMP 0000000173282a21
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                                                               0000000075804977 5 bytes JMP 00000001732825f9
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                                                                     0000000075813b93 5 bytes JMP 0000000173283011
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW                                                                                      0000000075819a74 5 bytes JMP 0000000173286581
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\kernel32.dll!MoveFileExW                                                                                                0000000075819ad5 5 bytes JMP 0000000173286321
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot                                                                                   00000000758272f7 5 bytes JMP 0000000173282729
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\kernel32.dll!Process32NextW                                                                                             00000000758288aa 5 bytes JMP 0000000173285c01
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\kernel32.dll!MoveFileExA                                                                                                000000007582ccb1 5 bytes JMP 00000001732861f1
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA                                                                                      000000007582ccd1 5 bytes JMP 0000000173286451
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\kernel32.dll!WinExec                                                                                                    0000000075883041 5 bytes JMP 00000001732828f1
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA                                                                                          00000000758a74fb 5 bytes JMP 00000001732846a1
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW                                                                                          00000000758a751e 5 bytes JMP 00000001732847d1
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\kernel32.dll!ReadConsoleA                                                                                               00000000758a78c9 5 bytes JMP 0000000173284901
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\kernel32.dll!ReadConsoleW                                                                                               00000000758a7942 5 bytes JMP 0000000173284a31
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime                                                                                  0000000075db8f8d 5 bytes JMP 0000000173281a19
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle                                                                                              0000000075dbc436 5 bytes JMP 0000000173283b59
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory                                                                                       0000000075dbeca6 5 bytes JMP 0000000173283601
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess                                                                                              0000000075dbf206 5 bytes JMP 0000000173282399
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW                                                                                          0000000075dbfa89 5 bytes JMP 0000000173281e41
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW                                                                                         0000000075dbfbb7 5 bytes JMP 00000001732860c1
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW                                                                                             0000000075dc1358 5 bytes JMP 0000000173283ac1
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW                                                                                               0000000075dc137f 5 bytes JMP 0000000173283a29
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                                         0000000075dc1d29 5 bytes JMP 0000000173281981
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress                                                                                           0000000075dc1e15 5 bytes JMP 00000001732824c9
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                           0000000075dc2ab1 5 bytes JMP 00000001732857d9
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA                                                                                           0000000075dc2cd9 5 bytes JMP 0000000173285741
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                                              0000000075dc2d17 5 bytes JMP 0000000173285871
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA                                                                                         0000000075dc2e7a 5 bytes JMP 00000001732818e9
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\KERNELBASE.dll!SleepEx                                                                                                  0000000075dc3b70 5 bytes JMP 0000000173282269
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\KERNELBASE.dll!Sleep                                                                                                    0000000075dc4496 5 bytes JMP 0000000173282431
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\KERNELBASE.dll!CreateThread                                                                                             0000000075dc4608 5 bytes JMP 0000000173283569
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread                                                                                       0000000075dc4631 5 bytes JMP 0000000173282c81
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA                                                                                              0000000075dcc734 5 bytes JMP 00000001732827c1
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW                                                                                               00000000770ac9ec 5 bytes JMP 0000000173283c89
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA                                                                                               00000000770b2b70 5 bytes JMP 0000000173283bf1
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle                                                                                         00000000770b361c 5 bytes JMP 00000001732840b1
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222                                                                                        00000000770b4965 1 byte JMP 0000000173286e69
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 224                                                                                        00000000770b4967 3 bytes {JMP 0xfffffffffc1d2504}
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                                                             00000000770c70c4 5 bytes JMP 0000000173284311
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\ADVAPI32.dll!ControlService                                                                                             00000000770c70dc 5 bytes JMP 0000000173283e51
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\ADVAPI32.dll!DeleteService                                                                                              00000000770c70f4 5 bytes JMP 0000000173283ee9
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA                                                                                       00000000770e31f4 5 bytes JMP 0000000173283f81
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW                                                                                       00000000770e3204 5 bytes JMP 0000000173284019
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA                                                                                          00000000770e3214 5 bytes JMP 0000000173283d21
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW                                                                                          00000000770e3224 5 bytes JMP 0000000173283db9
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                                                             00000000770e3264 5 bytes JMP 0000000173284279
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\msvcrt.dll!_lock + 41                                                                                                   0000000075e0a472 5 bytes JMP 0000000173286f01
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\msvcrt.dll!__p__fmode                                                                                                   0000000075e127ce 5 bytes JMP 0000000173281be1
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\msvcrt.dll!__p__environ                                                                                                 0000000075e1e6cf 5 bytes JMP 0000000173281b49
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\USER32.dll!GetMessageW                                                                                                  00000000757078e2 5 bytes JMP 0000000173284441
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\USER32.dll!GetMessageA                                                                                                  0000000075707bd3 5 bytes JMP 00000001732843a9
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                              0000000075708a29 5 bytes JMP 0000000173284f89
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\USER32.dll!FindWindowW                                                                                                  00000000757098fd 5 bytes JMP 0000000173285a39
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize                                                                                      000000007570b6ed 5 bytes JMP 0000000173286f99
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                                                                              000000007570d22e 5 bytes JMP 0000000173285021
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                              000000007570ee09 5 bytes JMP 00000001732834d1
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\USER32.dll!FindWindowA                                                                                                  000000007570ffe6 5 bytes JMP 0000000173285909
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\USER32.dll!FindWindowExA                                                                                                00000000757100d9 5 bytes JMP 00000001732859a1
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\USER32.dll!PeekMessageW                                                                                                 00000000757105ba 5 bytes JMP 0000000173284571
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\USER32.dll!ShowWindow                                                                                                   0000000075710dfb 5 bytes JMP 00000001732850b9
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                                                 00000000757112a5 5 bytes JMP 0000000173286ad9
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\USER32.dll!SetWindowTextW                                                                                               00000000757120ec 5 bytes JMP 0000000173285449
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                                                 0000000075713baa 5 bytes JMP 0000000173286a41
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\USER32.dll!PeekMessageA                                                                                                 0000000075715f74 5 bytes JMP 00000001732844d9
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\USER32.dll!CallNextHookEx                                                                                               0000000075716285 5 bytes JMP 0000000173284bf9
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                            0000000075717603 5 bytes JMP 0000000173282be9
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\USER32.dll!SetWindowTextA                                                                                               0000000075717aee 5 bytes JMP 00000001732853b1
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                                            000000007571835c 5 bytes JMP 0000000173282b51
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW                                                                                   000000007572ce54 5 bytes JMP 00000001732851e9
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                                                          000000007572f52b 5 bytes JMP 0000000173284c91
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\USER32.dll!FindWindowExW                                                                                                000000007572f588 5 bytes JMP 0000000173285ad1
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW                                                                                00000000757310a0 5 bytes JMP 0000000173285151
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\USER32.dll!MessageBoxExA                                                                                                000000007575fcd6 2 bytes JMP 0000000173285281
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 3                                                                                            000000007575fcd9 2 bytes [B2, FD]
.text    C:\Users\iParanoid\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\USER32.dll!MessageBoxExW                                                                                                000000007575fcfa 5 bytes JMP 0000000173285319

---- Modules - GMER 2.1 ----

Module   \??\C:\Users\IPARAN~1\AppData\Local\Temp\uxtiiuog.sys (GMER)                                                                                                                                fffff88009800000-fffff88009810000 (65536 bytes)
---- Processes - GMER 2.1 ----

Library  \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll (*** suspicious ***) @ C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [932] (FILE NOT FOUND)  000007fefb7e0000

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk2\DR2                                                                                                                                                                       unknown MBR code

---- EOF - GMER 2.1 ----

defogger_disable.log

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:29 on 01/05/2015 (iParanoid)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Mein problem verschlechtert sich bei jedem Pc start ....
Da ich vor ca 15 min erst heim gekommen bin merkte ich das der Pc nun (mit der schon angegebenen Zeit) ca 30 sec laenger brauch in Bereichen ...

Problem verschlechtert sich weiterhin .... !!!!
Hoffe das sich vllt. einer mal meine Logs anschauen kann um vllt die Ursache meines Problems zu finden ... !!! Und es Tut mir jz schonmal Leid nochmals zu schreiben aber da ich denn pc benoetige und keine andere ausweich moeglichkeit habe suche ich hier wirklich dringend rat ......

Da ich hier leider keine Hilfe bekommen zu scheine werde ich mich mal umschauen was es noch so fuer Foren gibt die mir dann mit meinem problem helfen koennen ....!!!!

schrauber · 03.05.2015, 13:52

hi,

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

iParanoid · 03.05.2015, 16:26

TDSSKiller

Code:

ATTFilter

17:18:21.0226 0x1910  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
17:18:21.0226 0x1910  UEFI system
17:18:27.0016 0x1910  ============================================================
17:18:27.0017 0x1910  Current date / time: 2015/05/03 17:18:27.0016
17:18:27.0017 0x1910  SystemInfo:
17:18:27.0017 0x1910  
17:18:27.0017 0x1910  OS Version: 6.1.7601 ServicePack: 1.0
17:18:27.0017 0x1910  Product type: Workstation
17:18:27.0017 0x1910  ComputerName: IPARANOID-PC
17:18:27.0017 0x1910  UserName: iParanoid
17:18:27.0017 0x1910  Windows directory: C:\Windows
17:18:27.0017 0x1910  System windows directory: C:\Windows
17:18:27.0017 0x1910  Running under WOW64
17:18:27.0017 0x1910  Processor architecture: Intel x64
17:18:27.0017 0x1910  Number of processors: 8
17:18:27.0017 0x1910  Page size: 0x1000
17:18:27.0017 0x1910  Boot type: Normal boot
17:18:27.0017 0x1910  ============================================================
17:18:28.0831 0x1910  KLMD registered as C:\Windows\system32\drivers\89718091.sys
17:18:29.0586 0x1910  System UUID: {BF36BEEF-5108-F3DB-0856-E3E14C8599B6}
17:18:30.0351 0x1910  Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:18:30.0357 0x1910  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:18:30.0376 0x1910  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:18:30.0382 0x1910  ============================================================
17:18:30.0382 0x1910  \Device\Harddisk2\DR2:
17:18:30.0382 0x1910  GPT partitions:
17:18:30.0383 0x1910  \Device\Harddisk2\DR2\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {CFDC8E5E-9508-4BB4-8BA6-7F8DA9F63E12}, Name: Microsoft reserved partition, StartLBA 0x800, BlocksNum 0x40000
17:18:30.0383 0x1910  \Device\Harddisk2\DR2\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {A0175BC8-615C-4E9C-BD90-F3CCA10DE24A}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x746C6000
17:18:30.0383 0x1910  MBR partitions:
17:18:30.0383 0x1910  \Device\Harddisk0\DR0:
17:18:30.0390 0x1910  MBR partitions:
17:18:30.0390 0x1910  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x575452C2
17:18:30.0390 0x1910  \Device\Harddisk1\DR1:
17:18:30.0390 0x1910  GPT partitions:
17:18:30.0391 0x1910  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {9C5F181A-229C-4A8F-B982-D700150D820E}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
17:18:30.0391 0x1910  \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {6A7EF861-D6B4-48BA-8B8F-4186B41FD9AB}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
17:18:30.0391 0x1910  \Device\Harddisk1\DR1\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {42540315-9E25-49C1-9CA5-58CF5CD8F186}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0x74694000
17:18:30.0391 0x1910  MBR partitions:
17:18:30.0391 0x1910  ============================================================
17:18:30.0497 0x1910  C: <-> \Device\Harddisk1\DR1\Partition3
17:18:30.0527 0x1910  D: <-> \Device\Harddisk2\DR2\Partition2
17:18:30.0549 0x1910  E: <-> \Device\Harddisk0\DR0\Partition1
17:18:30.0549 0x1910  ============================================================
17:18:30.0549 0x1910  Initialize success
17:18:30.0549 0x1910  ============================================================
17:19:08.0504 0x15f4  ============================================================
17:19:08.0504 0x15f4  Scan started
17:19:08.0504 0x15f4  Mode: Manual; SigCheck; TDLFS; 
17:19:08.0504 0x15f4  ============================================================
17:19:08.0505 0x15f4  KSN ping started
17:19:11.0158 0x15f4  KSN ping finished: true
17:19:12.0387 0x15f4  ================ Scan system memory ========================
17:19:12.0387 0x15f4  System memory - ok
17:19:12.0387 0x15f4  ================ Scan services =============================
17:19:12.0816 0x15f4  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:19:12.0887 0x15f4  1394ohci - ok
17:19:12.0955 0x15f4  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:19:12.0968 0x15f4  ACPI - ok
17:19:13.0000 0x15f4  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:19:13.0031 0x15f4  AcpiPmi - ok
17:19:13.0077 0x15f4  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
17:19:13.0094 0x15f4  adp94xx - ok
17:19:13.0149 0x15f4  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
17:19:13.0183 0x15f4  adpahci - ok
17:19:13.0216 0x15f4  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
17:19:13.0252 0x15f4  adpu320 - ok
17:19:13.0304 0x15f4  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:19:13.0347 0x15f4  AeLookupSvc - ok
17:19:13.0448 0x15f4  [ D31DC7A16DEA4A9BAF179F3D6FBDB38C, 532678D86E3E667F2E789C4873565E0B92C549A93F10802BB6D5B505CA3238CE ] AFD             C:\Windows\system32\drivers\afd.sys
17:19:13.0593 0x15f4  AFD - ok
17:19:13.0624 0x15f4  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
17:19:13.0633 0x15f4  agp440 - ok
17:19:13.0663 0x15f4  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
17:19:13.0746 0x15f4  ALG - ok
17:19:13.0775 0x15f4  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:19:13.0783 0x15f4  aliide - ok
17:19:13.0787 0x15f4  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
17:19:13.0795 0x15f4  amdide - ok
17:19:13.0824 0x15f4  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
17:19:13.0862 0x15f4  AmdK8 - ok
17:19:13.0947 0x15f4  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
17:19:13.0972 0x15f4  AmdPPM - ok
17:19:14.0026 0x15f4  [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:19:14.0035 0x15f4  amdsata - ok
17:19:14.0133 0x15f4  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
17:19:14.0164 0x15f4  amdsbs - ok
17:19:14.0179 0x15f4  [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:19:14.0187 0x15f4  amdxata - ok
17:19:14.0233 0x15f4  [ EE4797DFEBBE8ACDB548DD8E80BE0A88, 9D56F835A5A9C045829EDFB546379E3448C9E539E5C2608B559DE4D052FEC769 ] amd_sata        C:\Windows\system32\DRIVERS\amd_sata.sys
17:19:14.0301 0x15f4  amd_sata - ok
17:19:14.0370 0x15f4  [ D56EAD71A86FD2ACAE2DB47D0A6A3A41, 2E5E6D0E00D25765CC8B9997B26DE43F305966BFA518CB72EA7CA77152001726 ] amd_xata        C:\Windows\system32\DRIVERS\amd_xata.sys
17:19:14.0403 0x15f4  amd_xata - ok
17:19:14.0504 0x15f4  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
17:19:14.0644 0x15f4  AppID - ok
17:19:14.0719 0x15f4  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:19:14.0852 0x15f4  AppIDSvc - ok
17:19:14.0922 0x15f4  [ 3977D4A871CA0D4F2ED1E7DB46829731, 2AF1C3225994769C3FD25CD7E9603964B035576F25B0B6D91545566E0722FFAA ] Appinfo         C:\Windows\System32\appinfo.dll
17:19:15.0016 0x15f4  Appinfo - ok
17:19:15.0073 0x15f4  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
17:19:15.0118 0x15f4  AppMgmt - ok
17:19:15.0161 0x15f4  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
17:19:15.0170 0x15f4  arc - ok
17:19:15.0175 0x15f4  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
17:19:15.0216 0x15f4  arcsas - ok
17:19:15.0277 0x15f4  [ EB6DC008A1F36DFD7999EB57E97EAACE, 2652798D622A751AD84429E03266F32B4EE86DECC34CA8153790D04F43E03A66 ] asahci64        C:\Windows\system32\DRIVERS\asahci64.sys
17:19:15.0287 0x15f4  asahci64 - ok
17:19:15.0319 0x15f4  [ 22842362DF890F5492F85AA60916A697, EC01380B1C9BF4CFBA018FC314563F0785280172A2A9B51D50F088E7101951EF ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
17:19:15.0348 0x15f4  asmthub3 - ok
17:19:15.0381 0x15f4  [ 08E2D77766CC05E75A0707207D9FC684, 6CF3B12B2B3375B715A3EBC66EF148CEA2248D448A3A37875B7B1BC7CDA40FDD ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
17:19:15.0417 0x15f4  asmtxhci - ok
17:19:15.0637 0x15f4  [ 9217D874131AE6FF8F642F124F00A555, BE2923D5AA7748FDAAED73AF567D015517B36F1C739C6E5637DD15112EFDF495 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:19:15.0662 0x15f4  aspnet_state - ok
17:19:15.0735 0x15f4  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:19:15.0763 0x15f4  AsyncMac - ok
17:19:15.0848 0x15f4  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
17:19:15.0855 0x15f4  atapi - ok
17:19:15.0936 0x15f4  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:19:16.0017 0x15f4  AudioEndpointBuilder - ok
17:19:16.0032 0x15f4  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:19:16.0073 0x15f4  AudioSrv - ok
17:19:16.0294 0x15f4  [ 1517FBA8213F75ECCD9311DE493DD8C9, B5296BE2501F19B525BBC774465CB03E06BD5DE17DAED058CC74B0121D569EEF ] avc3            C:\Windows\system32\DRIVERS\avc3.sys
17:19:16.0329 0x15f4  avc3 - ok
17:19:16.0380 0x15f4  [ 075AE98458B00E98F3104D777C062032, 3447D7E2439B8EE89047E3C43973490F47129C416A983B72F86EF67EB349F794 ] avchv           C:\Windows\system32\DRIVERS\avchv.sys
17:19:16.0394 0x15f4  avchv - ok
17:19:16.0425 0x15f4  [ D1A0A4A314FCE6478F2E8C05D8DABC5B, 2EF0DE520081AB82B53733209EB1791D99ADA5E0F9E94B0EAC56E4609CB67D72 ] avckf           C:\Windows\system32\DRIVERS\avckf.sys
17:19:16.0456 0x15f4  avckf - ok
17:19:16.0540 0x15f4  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:19:16.0604 0x15f4  AxInstSV - ok
17:19:16.0683 0x15f4  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
17:19:16.0710 0x15f4  b06bdrv - ok
17:19:16.0788 0x15f4  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:19:16.0870 0x15f4  b57nd60a - ok
17:19:17.0011 0x15f4  [ 1E20AEB58EB2D2DF3D43E255771079D7, EE2EA1B03550ADFCE940FA1BBD818A3BFA8DCB00CDA1D654E10F701A0C10E23C ] BdDesktopParental C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe
17:19:17.0021 0x15f4  BdDesktopParental - ok
17:19:17.0042 0x15f4  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:19:17.0100 0x15f4  BDESVC - ok
17:19:17.0259 0x15f4  [ 9A9A632AA25D4B33BFA9D3202DEA0E87, 438FFDD092197BAFE86609D545E9218103F1BE25A49BF30C62E546BE3360C2CA ] BdfNdisf        c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
17:19:17.0280 0x15f4  BdfNdisf - ok
17:19:17.0351 0x15f4  [ EC80614A72BC7039D2B22E3DD6C15895, 932260AB126523428B884034162E3619E1B7FA13720F830783B592AAE825AC86 ] bdfwfpf         C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
17:19:17.0390 0x15f4  bdfwfpf - ok
17:19:17.0484 0x15f4  [ C0247341C1BCD7FF2742821D0AD7AFBC, EC2B246F3233302DB540394AC0F11F294CA16FB9E44110126CC9807BAC20EA35 ] bdfwfpf_pc      C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys
17:19:17.0513 0x15f4  bdfwfpf_pc - ok
17:19:17.0530 0x15f4  [ 397307349A31F530718DAE781825A8EB, 65F6B1E7556A5B3D63BDD80E0E1D4BCB0A2CB804622DB7C511EBC4B5CFDA5A10 ] BDSandBox       C:\Windows\system32\drivers\bdsandbox.sys
17:19:17.0540 0x15f4  BDSandBox - ok
17:19:17.0579 0x15f4  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:19:17.0637 0x15f4  Beep - ok
17:19:17.0703 0x15f4  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
17:19:17.0743 0x15f4  BFE - ok
17:19:17.0814 0x15f4  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
17:19:17.0882 0x15f4  BITS - ok
17:19:17.0920 0x15f4  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:19:17.0993 0x15f4  blbdrive - ok
17:19:18.0040 0x15f4  [ 91CE0D3DC57DD377E690A2D324022B08, 61874463956C0BCA5139522F34E974E5F638A092E0FD5C59DD30DE61D9AB8B0E ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:19:18.0103 0x15f4  bowser - ok
17:19:18.0125 0x15f4  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:19:18.0287 0x15f4  BrFiltLo - ok
17:19:18.0290 0x15f4  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:19:18.0302 0x15f4  BrFiltUp - ok
17:19:18.0362 0x15f4  [ 8EF0D5C41EC907751B8429162B1239ED, 9CC25F1F93FACA6F6CE23F78EB58590C39A2E3C8A3ACDF400E8A9DE0757EADAE ] Browser         C:\Windows\System32\browser.dll
17:19:18.0408 0x15f4  Browser - ok
17:19:18.0433 0x15f4  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:19:18.0489 0x15f4  Brserid - ok
17:19:18.0508 0x15f4  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:19:18.0561 0x15f4  BrSerWdm - ok
17:19:18.0576 0x15f4  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:19:18.0642 0x15f4  BrUsbMdm - ok
17:19:18.0655 0x15f4  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:19:18.0685 0x15f4  BrUsbSer - ok
17:19:18.0690 0x15f4  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
17:19:18.0725 0x15f4  BTHMODEM - ok
17:19:18.0764 0x15f4  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
17:19:18.0806 0x15f4  bthserv - ok
17:19:18.0831 0x15f4  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:19:18.0865 0x15f4  cdfs - ok
17:19:18.0955 0x15f4  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\drivers\cdrom.sys
17:19:18.0996 0x15f4  cdrom - ok
17:19:19.0057 0x15f4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
17:19:19.0101 0x15f4  CertPropSvc - ok
17:19:19.0143 0x15f4  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:19:19.0156 0x15f4  circlass - ok
17:19:19.0203 0x15f4  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
17:19:19.0216 0x15f4  CLFS - ok
17:19:19.0342 0x15f4  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:19:19.0350 0x15f4  clr_optimization_v2.0.50727_32 - ok
17:19:19.0406 0x15f4  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:19:19.0421 0x15f4  clr_optimization_v2.0.50727_64 - ok
17:19:19.0551 0x15f4  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:19:19.0560 0x15f4  clr_optimization_v4.0.30319_32 - ok
17:19:19.0583 0x15f4  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:19:19.0619 0x15f4  clr_optimization_v4.0.30319_64 - ok
17:19:19.0666 0x15f4  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:19:19.0737 0x15f4  CmBatt - ok
17:19:19.0809 0x15f4  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:19:19.0841 0x15f4  cmdide - ok
17:19:19.0903 0x15f4  [ D5FEA92400F12412B3922087C09DA6A5, C8CD9215D26D3295FE487C96A4FC3F4C8AFED764AE9445D9858D7489823A8A2B ] CNG             C:\Windows\system32\Drivers\cng.sys
17:19:19.0922 0x15f4  CNG - ok
17:19:19.0961 0x15f4  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:19:19.0968 0x15f4  Compbatt - ok
17:19:20.0002 0x15f4  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
17:19:20.0070 0x15f4  CompositeBus - ok
17:19:20.0090 0x15f4  COMSysApp - ok
17:19:20.0106 0x15f4  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
17:19:20.0115 0x15f4  crcdisk - ok
17:19:20.0219 0x15f4  [ 15597883FBE9B056F276ADA3AD87D9AF, B347E0B11228E38313C59C8ED984253A8A1FF482ED137CF5F488C4AFD6B08857 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:19:20.0310 0x15f4  CryptSvc - ok
17:19:20.0386 0x15f4  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
17:19:20.0471 0x15f4  CSC - ok
17:19:20.0532 0x15f4  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
17:19:20.0574 0x15f4  CscService - ok
17:19:20.0642 0x15f4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:19:20.0739 0x15f4  DcomLaunch - ok
17:19:20.0856 0x15f4  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
17:19:20.0905 0x15f4  defragsvc - ok
17:19:20.0978 0x15f4  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:19:21.0038 0x15f4  DfsC - ok
17:19:21.0139 0x15f4  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:19:21.0224 0x15f4  Dhcp - ok
17:19:21.0280 0x15f4  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
17:19:21.0332 0x15f4  discache - ok
17:19:21.0402 0x15f4  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
17:19:21.0412 0x15f4  Disk - ok
17:19:21.0490 0x15f4  [ CD55F5355D8F55D44C9F4ED875705BD6, 321C26E3CD9F376D30F05FBDF00E96399512ED705D867E8B14793D9CE69A1C1F ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:19:21.0544 0x15f4  Dnscache - ok
17:19:21.0598 0x15f4  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:19:21.0654 0x15f4  dot3svc - ok
17:19:21.0710 0x15f4  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
17:19:21.0763 0x15f4  DPS - ok
17:19:21.0874 0x15f4  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:19:21.0934 0x15f4  drmkaud - ok
17:19:22.0017 0x15f4  [ 426D951F2DE2D4DFCBE0D1A42BBBA72F, 0279BED05D51E85B2F94F5F244353E7CCA81B48230C06D5EBFFCE6689D8DCCD7 ] DTSAudioSvc     C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
17:19:22.0029 0x15f4  DTSAudioSvc - ok
17:19:22.0106 0x15f4  [ F5BEE30450E18E6B83A5012C100616FD, 44D0577D159FC2BDF4EAD1DC2C7FD14925D075225EF97608CAC52DEE405B08FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:19:22.0130 0x15f4  DXGKrnl - ok
17:19:22.0240 0x15f4  [ 0AFD37185A051E7957823102298BCF11, 8D2C2AD586CA6E5B39C00C1B683064D6E1F5A6521AEC5E152963AE4B64A36316 ] e1qexpress      C:\Windows\system32\DRIVERS\e1q62x64.sys
17:19:22.0256 0x15f4  e1qexpress - ok
17:19:22.0268 0x15f4  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
17:19:22.0310 0x15f4  EapHost - ok
17:19:22.0464 0x15f4  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
17:19:22.0563 0x15f4  ebdrv - ok
17:19:22.0648 0x15f4  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] EFS             C:\Windows\System32\lsass.exe
17:19:22.0659 0x15f4  EFS - ok
17:19:22.0799 0x15f4  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:19:22.0829 0x15f4  ehRecvr - ok
17:19:22.0850 0x15f4  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
17:19:22.0863 0x15f4  ehSched - ok
17:19:22.0885 0x15f4  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
17:19:22.0922 0x15f4  elxstor - ok
17:19:22.0954 0x15f4  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:19:23.0010 0x15f4  ErrDev - ok
17:19:23.0035 0x15f4  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
17:19:23.0101 0x15f4  EventSystem - ok
17:19:23.0107 0x15f4  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
17:19:23.0137 0x15f4  exfat - ok
17:19:23.0144 0x15f4  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:19:23.0185 0x15f4  fastfat - ok
17:19:23.0260 0x15f4  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
17:19:23.0302 0x15f4  Fax - ok
17:19:23.0316 0x15f4  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:19:23.0335 0x15f4  fdc - ok
17:19:23.0348 0x15f4  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
17:19:23.0395 0x15f4  fdPHost - ok
17:19:23.0409 0x15f4  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:19:23.0456 0x15f4  FDResPub - ok
17:19:23.0472 0x15f4  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:19:23.0481 0x15f4  FileInfo - ok
17:19:23.0485 0x15f4  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:19:23.0513 0x15f4  Filetrace - ok
17:19:23.0516 0x15f4  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:19:23.0541 0x15f4  flpydisk - ok
17:19:23.0605 0x15f4  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:19:23.0626 0x15f4  FltMgr - ok
17:19:23.0729 0x15f4  [ B4447F606BB19FD8AD0BAFB59B90F5D9, 043E686029DE2710305852E3A416176E400F9FD5FB98E4F2A6F14C060FAABED5 ] FontCache       C:\Windows\system32\FntCache.dll
17:19:23.0807 0x15f4  FontCache - ok
17:19:23.0876 0x15f4  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:19:23.0883 0x15f4  FontCache3.0.0.0 - ok
17:19:23.0912 0x15f4  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:19:23.0921 0x15f4  FsDepends - ok
17:19:23.0925 0x15f4  [ E95EF8547DE20CF0603557C0CF7A9462, 55540B06B7B380CA2DA6EEE2D76C6CD6131ADB02B2D0B172A36536863A0C57B6 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:19:23.0947 0x15f4  Fs_Rec - ok
17:19:23.0994 0x15f4  [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:19:24.0040 0x15f4  fvevol - ok
17:19:24.0089 0x15f4  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
17:19:24.0121 0x15f4  gagp30kx - ok
17:19:24.0165 0x15f4  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
17:19:24.0222 0x15f4  gpsvc - ok
17:19:24.0268 0x15f4  [ 4250E0978FBC9B3C0D115CD26C5BA9F4, 5674E267D9053BDF185A73C689CB125EE70AE14C7F2D0E37718379F425EBDC01 ] gzflt           C:\Windows\system32\DRIVERS\gzflt.sys
17:19:24.0278 0x15f4  gzflt - ok
17:19:24.0302 0x15f4  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:19:24.0344 0x15f4  hcw85cir - ok
17:19:24.0423 0x15f4  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:19:24.0457 0x15f4  HdAudAddService - ok
17:19:24.0502 0x15f4  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
17:19:24.0535 0x15f4  HDAudBus - ok
17:19:24.0551 0x15f4  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
17:19:24.0576 0x15f4  HidBatt - ok
17:19:24.0586 0x15f4  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
17:19:24.0600 0x15f4  HidBth - ok
17:19:24.0607 0x15f4  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
17:19:24.0634 0x15f4  HidIr - ok
17:19:24.0652 0x15f4  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
17:19:24.0694 0x15f4  hidserv - ok
17:19:24.0768 0x15f4  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
17:19:24.0807 0x15f4  HidUsb - ok
17:19:24.0851 0x15f4  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:19:24.0910 0x15f4  hkmsvc - ok
17:19:24.0941 0x15f4  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:19:25.0010 0x15f4  HomeGroupListener - ok
17:19:25.0072 0x15f4  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:19:25.0108 0x15f4  HomeGroupProvider - ok
17:19:25.0137 0x15f4  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:19:25.0146 0x15f4  HpSAMD - ok
17:19:25.0288 0x15f4  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:19:25.0393 0x15f4  HTTP - ok
17:19:25.0452 0x15f4  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:19:25.0459 0x15f4  hwpolicy - ok
17:19:25.0522 0x15f4  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
17:19:25.0533 0x15f4  i8042prt - ok
17:19:25.0586 0x15f4  [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:19:25.0601 0x15f4  iaStorV - ok
17:19:25.0684 0x15f4  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:19:25.0707 0x15f4  idsvc - ok
17:19:25.0845 0x15f4  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
17:19:25.0854 0x15f4  iirsp - ok
17:19:25.0912 0x15f4  [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT          C:\Windows\System32\ikeext.dll
17:19:25.0976 0x15f4  IKEEXT - ok
17:19:26.0239 0x15f4  [ 8524178B895E4BC04776B319DA3A70EC, A635EADF6E8BD985B730F2737E8DA36AC71E8FEB759787ECB24D955176622AD2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:19:26.0326 0x15f4  IntcAzAudAddService - ok
17:19:26.0441 0x15f4  [ 42CEE1BA152FA267AE8587B4DE3B7B28, A16989C875F1794E2AB82B24AF63F7E0BFA0CBDDCBB527C73A6B4F6CA574E014 ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
17:19:26.0473 0x15f4  Intel(R) PROSet Monitoring Service - ok
17:19:26.0507 0x15f4  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
17:19:26.0514 0x15f4  intelide - ok
17:19:26.0534 0x15f4  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:19:26.0562 0x15f4  intelppm - ok
17:19:26.0586 0x15f4  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:19:26.0631 0x15f4  IPBusEnum - ok
17:19:26.0672 0x15f4  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:19:26.0754 0x15f4  IpFilterDriver - ok
17:19:26.0824 0x15f4  [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:19:26.0887 0x15f4  iphlpsvc - ok
17:19:26.0943 0x15f4  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:19:26.0974 0x15f4  IPMIDRV - ok
17:19:27.0001 0x15f4  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:19:27.0055 0x15f4  IPNAT - ok
17:19:27.0089 0x15f4  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:19:27.0134 0x15f4  IRENUM - ok
17:19:27.0148 0x15f4  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:19:27.0158 0x15f4  isapnp - ok
17:19:27.0184 0x15f4  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:19:27.0199 0x15f4  iScsiPrt - ok
17:19:27.0234 0x15f4  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
17:19:27.0242 0x15f4  kbdclass - ok
17:19:27.0274 0x15f4  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
17:19:27.0307 0x15f4  kbdhid - ok
17:19:27.0329 0x15f4  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] KeyIso          C:\Windows\system32\lsass.exe
17:19:27.0344 0x15f4  KeyIso - ok
17:19:27.0381 0x15f4  [ CCD53B5BD33CE0C889E830D839C8B66E, 51B7556DA7DAA0BC75E00E53099776016A55FAA115D5A4E6830E12A0A0869C10 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:19:27.0391 0x15f4  KSecDD - ok
17:19:27.0436 0x15f4  [ 9FF918A261752C12639E8AD4208D2C2F, B60F7A730C92F2BF7E85A6CA14DD7671AEECEE154CEC83B1E23EF268C25C9E5E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:19:27.0448 0x15f4  KSecPkg - ok
17:19:27.0466 0x15f4  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:19:27.0499 0x15f4  ksthunk - ok
17:19:27.0576 0x15f4  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:19:27.0643 0x15f4  KtmRm - ok
17:19:27.0666 0x15f4  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:19:27.0718 0x15f4  LanmanServer - ok
17:19:27.0739 0x15f4  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:19:27.0792 0x15f4  LanmanWorkstation - ok
17:19:27.0855 0x15f4  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:19:27.0907 0x15f4  lltdio - ok
17:19:27.0940 0x15f4  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:19:28.0014 0x15f4  lltdsvc - ok
17:19:28.0036 0x15f4  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:19:28.0061 0x15f4  lmhosts - ok
17:19:28.0081 0x15f4  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
17:19:28.0091 0x15f4  LSI_FC - ok
17:19:28.0112 0x15f4  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
17:19:28.0149 0x15f4  LSI_SAS - ok
17:19:28.0153 0x15f4  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:19:28.0161 0x15f4  LSI_SAS2 - ok
17:19:28.0165 0x15f4  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:19:28.0174 0x15f4  LSI_SCSI - ok
17:19:28.0219 0x15f4  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
17:19:28.0261 0x15f4  luafv - ok
17:19:28.0335 0x15f4  [ 0307CF4184F4F22DB75F36ACCCEF7ED1, 32EAC5DADDD70175EA7AD4FC0A8624BECB138B9ED9E66AF74AC4A06EEB3EB4B7 ] mbamchameleon   C:\Windows\system32\drivers\mbamchameleon.sys
17:19:28.0345 0x15f4  mbamchameleon - ok
17:19:28.0399 0x15f4  [ E9CD058C79EA15B4AA93E259FA713B07, 2B09F65188D8782F9C797545F2F791EC7EAB85D8914B2C0B30BD869C412E3980 ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
17:19:28.0409 0x15f4  MBAMSwissArmy - ok
17:19:28.0458 0x15f4  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:19:28.0471 0x15f4  Mcx2Svc - ok
17:19:28.0474 0x15f4  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
17:19:28.0511 0x15f4  megasas - ok
17:19:28.0536 0x15f4  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
17:19:28.0550 0x15f4  MegaSR - ok
17:19:28.0568 0x15f4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
17:19:28.0613 0x15f4  MMCSS - ok
17:19:28.0622 0x15f4  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
17:19:28.0660 0x15f4  Modem - ok
17:19:28.0704 0x15f4  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:19:28.0730 0x15f4  monitor - ok
17:19:28.0751 0x15f4  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
17:19:28.0759 0x15f4  mouclass - ok
17:19:28.0837 0x15f4  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:19:28.0901 0x15f4  mouhid - ok
17:19:28.0929 0x15f4  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:19:28.0937 0x15f4  mountmgr - ok
17:19:29.0058 0x15f4  [ 03D14BF1DC59130002F6B8BA3AD89DB9, 1729CCD8AAF51CDB86ED67569974D0B6B1CFFA5F90EF6E6004B0D8A305D88C27 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:19:29.0067 0x15f4  MozillaMaintenance - ok
17:19:29.0103 0x15f4  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:19:29.0112 0x15f4  mpio - ok
17:19:29.0173 0x15f4  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:19:29.0201 0x15f4  mpsdrv - ok
17:19:29.0260 0x15f4  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:19:29.0326 0x15f4  MpsSvc - ok
17:19:29.0360 0x15f4  [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:19:29.0399 0x15f4  MRxDAV - ok
17:19:29.0440 0x15f4  [ FAF015B07E3A2874A790A39B7D2C579F, C614B0E80B38EBF7C670EEB833F5E476B33042097DA07206D6C5EE3E52B9A427 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:19:29.0500 0x15f4  mrxsmb - ok
17:19:29.0552 0x15f4  [ 08E2345DF129082BCDFFDC1440F9C00D, 2ADF69F49DF8C43D4440B6C8A62085C51518CA895A88D37264C60A0B4B1EC55F ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:19:29.0598 0x15f4  mrxsmb10 - ok
17:19:29.0634 0x15f4  [ 108D87409C5812EF47D81E22843E8C9D, CAE9B91B6BD1DF1552463BD63A06288F5D3E0B81B040BC1C7EC0C2A0119CCECA ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:19:29.0708 0x15f4  mrxsmb20 - ok
17:19:29.0741 0x15f4  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:19:29.0748 0x15f4  msahci - ok
17:19:29.0791 0x15f4  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:19:29.0800 0x15f4  msdsm - ok
17:19:29.0811 0x15f4  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
17:19:29.0842 0x15f4  MSDTC - ok
17:19:29.0859 0x15f4  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:19:29.0888 0x15f4  Msfs - ok
17:19:29.0894 0x15f4  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:19:29.0946 0x15f4  mshidkmdf - ok
17:19:29.0984 0x15f4  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:19:29.0991 0x15f4  msisadrv - ok
17:19:30.0034 0x15f4  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:19:30.0101 0x15f4  MSiSCSI - ok
17:19:30.0104 0x15f4  msiserver - ok
17:19:30.0130 0x15f4  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:19:30.0171 0x15f4  MSKSSRV - ok
17:19:30.0185 0x15f4  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:19:30.0254 0x15f4  MSPCLOCK - ok
17:19:30.0278 0x15f4  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:19:30.0319 0x15f4  MSPQM - ok
17:19:30.0344 0x15f4  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:19:30.0359 0x15f4  MsRPC - ok
17:19:30.0460 0x15f4  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
17:19:30.0469 0x15f4  mssmbios - ok
17:19:30.0491 0x15f4  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:19:30.0564 0x15f4  MSTEE - ok
17:19:30.0574 0x15f4  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
17:19:30.0627 0x15f4  MTConfig - ok
17:19:30.0697 0x15f4  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
17:19:30.0705 0x15f4  Mup - ok
17:19:30.0746 0x15f4  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
17:19:30.0814 0x15f4  napagent - ok
17:19:30.0851 0x15f4  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:19:30.0900 0x15f4  NativeWifiP - ok
17:19:30.0986 0x15f4  [ 79B47FD40D9A817E932F9D26FAC0A81C, 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:19:31.0011 0x15f4  NDIS - ok
17:19:31.0033 0x15f4  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:19:31.0081 0x15f4  NdisCap - ok
17:19:31.0110 0x15f4  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:19:31.0137 0x15f4  NdisTapi - ok
17:19:31.0171 0x15f4  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:19:31.0210 0x15f4  Ndisuio - ok
17:19:31.0233 0x15f4  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:19:31.0284 0x15f4  NdisWan - ok
17:19:31.0313 0x15f4  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:19:31.0370 0x15f4  NDProxy - ok
17:19:31.0392 0x15f4  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:19:31.0434 0x15f4  NetBIOS - ok
17:19:31.0453 0x15f4  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:19:31.0502 0x15f4  NetBT - ok
17:19:31.0513 0x15f4  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] Netlogon        C:\Windows\system32\lsass.exe
17:19:31.0525 0x15f4  Netlogon - ok
17:19:31.0557 0x15f4  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
17:19:31.0605 0x15f4  Netman - ok
17:19:31.0636 0x15f4  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:19:31.0740 0x15f4  NetMsmqActivator - ok
17:19:31.0745 0x15f4  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:19:31.0755 0x15f4  NetPipeActivator - ok
17:19:31.0780 0x15f4  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
17:19:31.0823 0x15f4  netprofm - ok
17:19:31.0828 0x15f4  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:19:31.0837 0x15f4  NetTcpActivator - ok
17:19:31.0841 0x15f4  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:19:31.0850 0x15f4  NetTcpPortSharing - ok
17:19:31.0880 0x15f4  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
17:19:31.0888 0x15f4  nfrd960 - ok
17:19:31.0921 0x15f4  [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:19:31.0984 0x15f4  NlaSvc - ok
17:19:32.0013 0x15f4  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:19:32.0056 0x15f4  Npfs - ok
17:19:32.0097 0x15f4  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
17:19:32.0155 0x15f4  nsi - ok
17:19:32.0159 0x15f4  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:19:32.0202 0x15f4  nsiproxy - ok
17:19:32.0304 0x15f4  [ 05D78AA5CB5F3F5C31160BDB955D0B7C, E3CD3FAF52ED11A8FB96D667510F1EDCA49053705AA3A13F560F8F6EC995CA45 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:19:32.0342 0x15f4  Ntfs - ok
17:19:32.0358 0x15f4  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
17:19:32.0385 0x15f4  Null - ok
17:19:32.0430 0x15f4  [ 7E4355930B28C2798D9F09AB9F81151F, 941C730F3B75BDF99639E76350031EDD15F18D8D860F3B1282C28B62096E7717 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
17:19:32.0444 0x15f4  NVHDA - ok
17:19:32.0775 0x15f4  [ 7C28BA74B766F3470128107DA764F711, 43738B3B7F7A493D2B0102B889612A1E91545F38BA82CD911D63361F08048314 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:19:32.0985 0x15f4  nvlddmkm - ok
17:19:33.0046 0x15f4  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:19:33.0056 0x15f4  nvraid - ok
17:19:33.0102 0x15f4  [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:19:33.0112 0x15f4  nvstor - ok
17:19:33.0169 0x15f4  [ 2A4F832243E869FD7564AA90402D74BD, E730A517EB6D49036B6FC196BFC930ED93EDB4FD4FA7EB1EB69A434BB94AE3C0 ] nvsvc           C:\Windows\system32\nvvsvc.exe
17:19:33.0196 0x15f4  nvsvc - ok
17:19:33.0238 0x15f4  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:19:33.0249 0x15f4  nv_agp - ok
17:19:33.0267 0x15f4  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:19:33.0302 0x15f4  ohci1394 - ok
17:19:33.0380 0x15f4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:19:33.0420 0x15f4  p2pimsvc - ok
17:19:33.0478 0x15f4  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
17:19:33.0497 0x15f4  p2psvc - ok
17:19:33.0593 0x15f4  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
17:19:33.0605 0x15f4  Parport - ok
17:19:33.0776 0x15f4  [ 871EADAC56B0A4C6512BBE32753CCF79, F9FD9DBA55274BB72B897550988DCDFD0F2D9367BE641DFDE07D240052DDC180 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:19:33.0784 0x15f4  partmgr - ok
17:19:33.0832 0x15f4  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:19:33.0889 0x15f4  PcaSvc - ok
17:19:33.0925 0x15f4  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
17:19:33.0936 0x15f4  pci - ok
17:19:33.0965 0x15f4  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
17:19:33.0971 0x15f4  pciide - ok
17:19:34.0013 0x15f4  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
17:19:34.0023 0x15f4  pcmcia - ok
17:19:34.0045 0x15f4  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:19:34.0092 0x15f4  pcw - ok
17:19:34.0160 0x15f4  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:19:34.0237 0x15f4  PEAUTH - ok
17:19:34.0399 0x15f4  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
17:19:34.0450 0x15f4  PeerDistSvc - ok
17:19:35.0402 0x15f4  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:19:35.0431 0x15f4  PerfHost - ok
17:19:35.0765 0x15f4  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
17:19:35.0843 0x15f4  pla - ok
17:19:35.0916 0x15f4  [ B806E50427511BCF4AD8E8239C3E25FA, AB89B48ECCF90F701B314D18BE531CDA5ABE1636C17B994A5E4BE5AAC136B4E3 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:19:35.0973 0x15f4  PlugPlay - ok
17:19:35.0997 0x15f4  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:19:36.0024 0x15f4  PNRPAutoReg - ok
17:19:36.0052 0x15f4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:19:36.0069 0x15f4  PNRPsvc - ok
17:19:36.0119 0x15f4  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:19:36.0177 0x15f4  PolicyAgent - ok
17:19:36.0271 0x15f4  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
17:19:36.0315 0x15f4  Power - ok
17:19:36.0377 0x15f4  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:19:36.0441 0x15f4  PptpMiniport - ok
17:19:36.0471 0x15f4  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
17:19:36.0554 0x15f4  Processor - ok
17:19:36.0625 0x15f4  [ 5C78838B4D166D1A27DB3A8A820C799A, BBF7E1D0B6754CF06BF3936671FDF5BF6E845CA5678D0940EA54E9212B539B7F ] ProfSvc         C:\Windows\system32\profsvc.dll
17:19:36.0678 0x15f4  ProfSvc - ok
17:19:36.0712 0x15f4  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] ProtectedStorage C:\Windows\system32\lsass.exe
17:19:36.0723 0x15f4  ProtectedStorage - ok
17:19:36.0788 0x15f4  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:19:36.0835 0x15f4  Psched - ok
17:19:36.0964 0x15f4  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
17:19:36.0999 0x15f4  ql2300 - ok
17:19:37.0015 0x15f4  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
17:19:37.0024 0x15f4  ql40xx - ok
17:19:37.0056 0x15f4  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
17:19:37.0119 0x15f4  QWAVE - ok
17:19:37.0158 0x15f4  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:19:37.0198 0x15f4  QWAVEdrv - ok
17:19:37.0238 0x15f4  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:19:37.0294 0x15f4  RasAcd - ok
17:19:37.0369 0x15f4  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:19:37.0394 0x15f4  RasAgileVpn - ok
17:19:37.0468 0x15f4  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
17:19:37.0495 0x15f4  RasAuto - ok
17:19:37.0599 0x15f4  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:19:37.0648 0x15f4  Rasl2tp - ok
17:19:37.0728 0x15f4  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
17:19:37.0803 0x15f4  RasMan - ok
17:19:37.0858 0x15f4  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:19:37.0909 0x15f4  RasPppoe - ok
17:19:37.0971 0x15f4  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:19:38.0028 0x15f4  RasSstp - ok
17:19:38.0169 0x15f4  [ 67EAD2898F681B4ECA6E385AA39C8539, BD3D46234DD4FB6232CFF073E75CA8E35E06B416D205DCD6564E30D7548ED6F6 ] Razer Game Scanner Service C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
17:19:38.0220 0x15f4  Razer Game Scanner Service - ok
17:19:38.0259 0x15f4  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:19:38.0293 0x15f4  rdbss - ok
17:19:38.0320 0x15f4  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:19:38.0341 0x15f4  rdpbus - ok
17:19:38.0365 0x15f4  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:19:38.0390 0x15f4  RDPCDD - ok
17:19:38.0433 0x15f4  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
17:19:38.0446 0x15f4  RDPDR - ok
17:19:38.0485 0x15f4  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:19:38.0541 0x15f4  RDPENCDD - ok
17:19:38.0563 0x15f4  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:19:38.0590 0x15f4  RDPREFMP - ok
17:19:38.0645 0x15f4  [ 15B66C206B5CB095BAB980553F38ED23, 3CA50786A8D3D6BAF145AFD22C1ED92C2EB39F5D6AF4F6B09B69610FDE0C5B24 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:19:38.0696 0x15f4  RDPWD - ok
17:19:38.0774 0x15f4  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:19:38.0786 0x15f4  rdyboost - ok
17:19:38.0832 0x15f4  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:19:38.0875 0x15f4  RemoteAccess - ok
17:19:38.0920 0x15f4  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:19:38.0987 0x15f4  RemoteRegistry - ok
17:19:39.0010 0x15f4  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:19:39.0059 0x15f4  RpcEptMapper - ok
17:19:39.0074 0x15f4  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
17:19:39.0151 0x15f4  RpcLocator - ok
17:19:39.0199 0x15f4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
17:19:39.0235 0x15f4  RpcSs - ok
17:19:39.0247 0x15f4  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:19:39.0275 0x15f4  rspndr - ok
17:19:39.0389 0x15f4  [ 8295DB01432C1D1F3D0F4A27AB349730, 7FE8CC442829B8136A96E19F17070C29DA2C5F1B9EA2B5EBACCB965783F96356 ] rzendpt         C:\Windows\system32\DRIVERS\rzendpt.sys
17:19:39.0399 0x15f4  rzendpt - ok
17:19:39.0417 0x15f4  [ 79C63A3D2641B5338A719836A8979A10, A9C3F91BD997EC76C8DB347CA8BCAE3F39914C90FB7CFA75C07DBBCC3C3DFA02 ] rzhnet          C:\Windows\system32\Drivers\rzhnet.sys
17:19:39.0426 0x15f4  rzhnet - ok
17:19:39.0496 0x15f4  [ 5FA5ED95D2B02E92B9BC269A6B0B5039, 9C7CAB795658EC965B350318A9F5FC4EEFD2086C0BD71BAC7DD8B4A4863F6AE7 ] rzjstk          C:\Windows\system32\DRIVERS\rzjstk.sys
17:19:39.0505 0x15f4  rzjstk - ok
17:19:39.0673 0x15f4  [ F17F84511E7DFDEEAB646F0699A006D7, 5237937841FBD1F99A5D6161DEBA26182DDAF617CA98946EE7DB0AB67FC149EA ] rzpmgrk         C:\Windows\system32\drivers\rzpmgrk.sys
17:19:39.0681 0x15f4  rzpmgrk - ok
17:19:39.0872 0x15f4  [ FEF60A37301E1F5A3020FA3487FB2CD7, 0C925468C3376458D0E1EC65E097BD1A81A03901035C0195E8F6EF904EF3F901 ] rzpnk           C:\Windows\system32\drivers\rzpnk.sys
17:19:39.0949 0x15f4  rzpnk - ok
17:19:40.0098 0x15f4  [ 77C5AB228FE307C55FEF0C575E218771, 73C9D4593DA694B2D52817F608E749296D9CC1C44906C97204595476B68AD50F ] rzudd           C:\Windows\system32\DRIVERS\rzudd.sys
17:19:40.0109 0x15f4  rzudd - ok
17:19:40.0197 0x15f4  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
17:19:40.0245 0x15f4  s3cap - ok
17:19:40.0311 0x15f4  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] SamSs           C:\Windows\system32\lsass.exe
17:19:40.0322 0x15f4  SamSs - ok
17:19:40.0407 0x15f4  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:19:40.0416 0x15f4  sbp2port - ok
17:19:40.0524 0x15f4  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:19:40.0558 0x15f4  SCardSvr - ok
17:19:40.0676 0x15f4  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:19:40.0778 0x15f4  scfilter - ok
17:19:40.0952 0x15f4  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
17:19:41.0034 0x15f4  Schedule - ok
17:19:41.0136 0x15f4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:19:41.0161 0x15f4  SCPolicySvc - ok
17:19:41.0251 0x15f4  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:19:41.0362 0x15f4  SDRSVC - ok
17:19:41.0516 0x15f4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:19:41.0562 0x15f4  secdrv - ok
17:19:41.0625 0x15f4  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
17:19:41.0683 0x15f4  seclogon - ok
17:19:41.0770 0x15f4  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
17:19:41.0816 0x15f4  SENS - ok
17:19:41.0873 0x15f4  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:19:41.0914 0x15f4  SensrSvc - ok
17:19:41.0958 0x15f4  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:19:41.0969 0x15f4  Serenum - ok
17:19:41.0994 0x15f4  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:19:42.0049 0x15f4  Serial - ok
17:19:42.0109 0x15f4  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
17:19:42.0158 0x15f4  sermouse - ok
17:19:42.0183 0x15f4  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
17:19:42.0256 0x15f4  SessionEnv - ok
17:19:42.0298 0x15f4  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:19:42.0359 0x15f4  sffdisk - ok
17:19:42.0398 0x15f4  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:19:42.0433 0x15f4  sffp_mmc - ok
17:19:42.0450 0x15f4  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:19:42.0484 0x15f4  sffp_sd - ok
17:19:42.0525 0x15f4  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
17:19:42.0565 0x15f4  sfloppy - ok
17:19:42.0638 0x15f4  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:19:42.0681 0x15f4  SharedAccess - ok
17:19:42.0719 0x15f4  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:19:42.0764 0x15f4  ShellHWDetection - ok
17:19:42.0824 0x15f4  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:19:42.0831 0x15f4  SiSRaid2 - ok
17:19:42.0861 0x15f4  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
17:19:42.0869 0x15f4  SiSRaid4 - ok
17:19:42.0918 0x15f4  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:19:42.0972 0x15f4  Smb - ok
17:19:43.0026 0x15f4  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:19:43.0074 0x15f4  SNMPTRAP - ok
17:19:43.0127 0x15f4  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:19:43.0136 0x15f4  spldr - ok
17:19:43.0171 0x15f4  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
17:19:43.0211 0x15f4  Spooler - ok
17:19:43.0470 0x15f4  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
17:19:43.0592 0x15f4  sppsvc - ok
17:19:43.0632 0x15f4  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:19:43.0694 0x15f4  sppuinotify - ok
17:19:43.0796 0x15f4  [ 2098B8556D1CEC2ACA9A29CD479E3692, D5826407C64F18C16EB36E6F00787CFAFCD9B24B5BD8AD126AD01E6E4134966F ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:19:43.0831 0x15f4  srv - ok
17:19:43.0883 0x15f4  [ D0F73A42040F21F92FD314B42AC5C9E7, A021C4318C9CFA594305458B2643BB0C22DDE1F3D51C93C9F3E7F7AB75B31278 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:19:43.0954 0x15f4  srv2 - ok
17:19:43.0995 0x15f4  [ 2BA8F3250828CCDB4204ECF2C6F40B6A, 22C4FBF9A87C46E69C48B681FF733D68D9CB7B7D73FB14C8C2A06E9009F9860E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:19:44.0069 0x15f4  srvnet - ok
17:19:44.0127 0x15f4  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:19:44.0171 0x15f4  SSDPSRV - ok
17:19:44.0202 0x15f4  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:19:44.0228 0x15f4  SstpSvc - ok
17:19:44.0304 0x15f4  [ EBAA82F7C9B97C0E450449178E007340, D470927CC216C4E3EA23236E6C6464187CD3A49C3A4A456F488FEC8E713EA31B ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
17:19:44.0469 0x15f4  Steam Client Service - ok
17:19:44.0553 0x15f4  [ F82B2FC221CA0E408874884787491667, A9C7FB9C4719484BDA4FB69A8F948DC556CFEA19DFE89D2E63536F2C42725E66 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:19:44.0597 0x15f4  Stereo Service - ok
17:19:44.0615 0x15f4  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
17:19:44.0623 0x15f4  stexstor - ok
17:19:44.0666 0x15f4  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
17:19:44.0720 0x15f4  stisvc - ok
17:19:44.0756 0x15f4  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
17:19:44.0779 0x15f4  storflt - ok
17:19:44.0858 0x15f4  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
17:19:44.0891 0x15f4  StorSvc - ok
17:19:44.0925 0x15f4  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
17:19:44.0932 0x15f4  storvsc - ok
17:19:44.0977 0x15f4  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
17:19:44.0984 0x15f4  swenum - ok
17:19:45.0026 0x15f4  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
17:19:45.0076 0x15f4  swprv - ok
17:19:45.0139 0x15f4  [ 2D741AB2945FAEB72EFAE720314C58C1, 0F15CBF1F030A6A5C92E580D31ADD1A98F17B09C92906EB5222DB9C528D06C4F ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
17:19:45.0157 0x15f4  SynTP - ok
17:19:45.0248 0x15f4  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
17:19:45.0327 0x15f4  SysMain - ok
17:19:45.0365 0x15f4  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:19:45.0381 0x15f4  TabletInputService - ok
17:19:45.0403 0x15f4  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:19:45.0476 0x15f4  TapiSrv - ok
17:19:45.0506 0x15f4  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
17:19:45.0550 0x15f4  TBS - ok
17:19:45.0611 0x15f4  [ 509383E505C973ED7534A06B3D19688D, 520AE434CCE1D365A45B2035283A4AD915E98D28D06BD73822F6FF865C2AE7DF ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:19:45.0653 0x15f4  Tcpip - ok
17:19:45.0726 0x15f4  [ 509383E505C973ED7534A06B3D19688D, 520AE434CCE1D365A45B2035283A4AD915E98D28D06BD73822F6FF865C2AE7DF ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:19:45.0769 0x15f4  TCPIP6 - ok
17:19:45.0815 0x15f4  [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:19:45.0839 0x15f4  tcpipreg - ok
17:19:45.0863 0x15f4  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:19:45.0919 0x15f4  TDPIPE - ok
17:19:45.0922 0x15f4  [ E4245BDA3190A582D55ED09E137401A9, F59C983882997D68CC7B1B2080AEE9EBE2AE90D478F877559BD2AAA97158A116 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:19:45.0948 0x15f4  TDTCP - ok
17:19:45.0984 0x15f4  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:19:46.0010 0x15f4  tdx - ok
17:19:46.0032 0x15f4  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
17:19:46.0040 0x15f4  TermDD - ok
17:19:46.0133 0x15f4  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
17:19:46.0185 0x15f4  TermService - ok
17:19:46.0194 0x15f4  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
17:19:46.0220 0x15f4  Themes - ok
17:19:46.0231 0x15f4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
17:19:46.0258 0x15f4  THREADORDER - ok
17:19:46.0291 0x15f4  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
17:19:46.0329 0x15f4  TrkWks - ok
17:19:46.0374 0x15f4  [ 3E75A47D2DEFD2683DCA409572FBE8B2, 33964B1A05E045D3B878CDFD9F52A9086B4FA54D6D4D1DC38062D2874CACD4A0 ] trufos          C:\Windows\system32\DRIVERS\trufos.sys
17:19:46.0389 0x15f4  trufos - ok
17:19:46.0492 0x15f4  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:19:46.0543 0x15f4  TrustedInstaller - ok
17:19:46.0572 0x15f4  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30, CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:19:46.0596 0x15f4  tssecsrv - ok
17:19:46.0669 0x15f4  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:19:46.0681 0x15f4  TsUsbFlt - ok
17:19:46.0750 0x15f4  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:19:46.0803 0x15f4  tunnel - ok
17:19:46.0820 0x15f4  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
17:19:46.0828 0x15f4  uagp35 - ok
17:19:46.0861 0x15f4  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:19:46.0913 0x15f4  udfs - ok
17:19:46.0939 0x15f4  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:19:46.0961 0x15f4  UI0Detect - ok
17:19:46.0988 0x15f4  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:19:46.0998 0x15f4  uliagpkx - ok
17:19:47.0056 0x15f4  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
17:19:47.0082 0x15f4  umbus - ok
17:19:47.0094 0x15f4  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
17:19:47.0104 0x15f4  UmPass - ok
17:19:47.0124 0x15f4  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
17:19:47.0149 0x15f4  UmRdpService - ok
17:19:47.0264 0x15f4  [ C1C2C9231EBD263DB9C4F34DBB080B32, 25A046D8CC6674A47F3338E84661BF502D21C571C50643D9EF20D334CC27538C ] UPDATESRV       C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
17:19:47.0288 0x15f4  UPDATESRV - ok
17:19:47.0315 0x15f4  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
17:19:47.0406 0x15f4  upnphost - ok
17:19:47.0440 0x15f4  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A, DE1CDDEEF2285CC8387E88ACB13C000576DC8819DF6DC648C988068B5C83BB15 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
17:19:47.0478 0x15f4  usbaudio - ok
17:19:47.0503 0x15f4  [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829, 5D6E404FE0AB875202CA1A3E8E9D2F4368DF6ACCFA1C872ECFAF8399CBA3A485 ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
17:19:47.0537 0x15f4  usbccgp - ok
17:19:47.0590 0x15f4  [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:19:47.0603 0x15f4  usbcir - ok
17:19:47.0630 0x15f4  [ 74EE782B1D9C241EFE425565854C661C, E8258EA65B0FCAD4E077B176E9D9324646B652D6E651241E397346A39770D065 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
17:19:47.0656 0x15f4  usbehci - ok
17:19:47.0690 0x15f4  [ 504901430B6E03B99EBB6BF26E0868C6, D00C0904B7008305DCA5D1E6FED153DD8875CAD14D80348E59F42A182FA7E832 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
17:19:47.0699 0x15f4  usbfilter - ok
17:19:47.0732 0x15f4  [ DC96BD9CCB8403251BCF25047573558E, 66EBF8A6B3BC0634F32DDCC8BA31F1EB5987E8C6853E1DC26005E3EED0945565 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
17:19:47.0756 0x15f4  usbhub - ok
17:19:47.0771 0x15f4  [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:19:47.0782 0x15f4  usbohci - ok
17:19:47.0801 0x15f4  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:19:47.0821 0x15f4  usbprint - ok
17:19:47.0846 0x15f4  [ D76510CFA0FC09023077F22C2F979D86, 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439 ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
17:19:47.0871 0x15f4  USBSTOR - ok
17:19:47.0889 0x15f4  [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
17:19:47.0907 0x15f4  usbuhci - ok
17:19:47.0938 0x15f4  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
17:19:47.0968 0x15f4  UxSms - ok
17:19:47.0984 0x15f4  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] VaultSvc        C:\Windows\system32\lsass.exe
17:19:47.0999 0x15f4  VaultSvc - ok
17:19:48.0017 0x15f4  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:19:48.0025 0x15f4  vdrvroot - ok
17:19:48.0084 0x15f4  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
17:19:48.0135 0x15f4  vds - ok
17:19:48.0158 0x15f4  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:19:48.0173 0x15f4  vga - ok
17:19:48.0177 0x15f4  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:19:48.0212 0x15f4  VgaSave - ok
17:19:48.0238 0x15f4  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:19:48.0251 0x15f4  vhdmp - ok
17:19:48.0284 0x15f4  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:19:48.0291 0x15f4  viaide - ok
17:19:48.0310 0x15f4  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
17:19:48.0323 0x15f4  vmbus - ok
17:19:48.0346 0x15f4  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
17:19:48.0378 0x15f4  VMBusHID - ok
17:19:48.0400 0x15f4  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:19:48.0409 0x15f4  volmgr - ok
17:19:48.0444 0x15f4  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:19:48.0459 0x15f4  volmgrx - ok
17:19:48.0479 0x15f4  [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:19:48.0493 0x15f4  volsnap - ok
17:19:48.0540 0x15f4  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
17:19:48.0551 0x15f4  vsmraid - ok
17:19:48.0617 0x15f4  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
17:19:48.0717 0x15f4  VSS - ok
17:19:48.0835 0x15f4  [ 964C356C9AEEEE88B8B9B71D94042874, BE2BCA4923B5A246D40935D50827D0C233520BF2548B9DD98DE0310CFEC47EF1 ] VSSERV          C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
17:19:48.0875 0x15f4  VSSERV - ok
17:19:48.0882 0x15f4  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
17:19:48.0910 0x15f4  vwifibus - ok
17:19:48.0941 0x15f4  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
17:19:48.0981 0x15f4  W32Time - ok
17:19:48.0987 0x15f4  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
17:19:49.0000 0x15f4  WacomPen - ok
17:19:49.0070 0x15f4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:19:49.0118 0x15f4  WANARP - ok
17:19:49.0123 0x15f4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:19:49.0151 0x15f4  Wanarpv6 - ok
17:19:49.0230 0x15f4  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
17:19:49.0289 0x15f4  wbengine - ok
17:19:49.0338 0x15f4  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:19:49.0358 0x15f4  WbioSrvc - ok
17:19:49.0405 0x15f4  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:19:49.0430 0x15f4  wcncsvc - ok
17:19:49.0452 0x15f4  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:19:49.0464 0x15f4  WcsPlugInService - ok
17:19:49.0480 0x15f4  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
17:19:49.0487 0x15f4  Wd - ok
17:19:49.0530 0x15f4  [ 441BD2D7B4F98134C3A4F9FA570FD250, FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:19:49.0549 0x15f4  Wdf01000 - ok
17:19:49.0611 0x15f4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:19:50.0500 0x15f4  WdiServiceHost - ok
17:19:50.0611 0x15f4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:19:50.0626 0x15f4  WdiSystemHost - ok
17:19:50.0680 0x15f4  [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient       C:\Windows\System32\webclnt.dll
17:19:50.0745 0x15f4  WebClient - ok
17:19:50.0920 0x15f4  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:19:50.0968 0x15f4  Wecsvc - ok
17:19:51.0009 0x15f4  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:19:51.0036 0x15f4  wercplsupport - ok
17:19:51.0126 0x15f4  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:19:51.0161 0x15f4  WerSvc - ok
17:19:51.0266 0x15f4  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:19:51.0293 0x15f4  WfpLwf - ok
17:19:51.0321 0x15f4  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:19:51.0328 0x15f4  WIMMount - ok
17:19:51.0348 0x15f4  WinDefend - ok
17:19:51.0353 0x15f4  WinHttpAutoProxySvc - ok
17:19:51.0662 0x15f4  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:19:51.0696 0x15f4  Winmgmt - ok
17:19:51.0776 0x15f4  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
17:19:51.0854 0x15f4  WinRM - ok
17:19:51.0959 0x15f4  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:19:52.0016 0x15f4  Wlansvc - ok
17:19:52.0132 0x15f4  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:19:52.0157 0x15f4  WmiAcpi - ok
17:19:52.0229 0x15f4  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:19:52.0264 0x15f4  wmiApSrv - ok
17:19:52.0281 0x15f4  WMPNetworkSvc - ok
17:19:52.0339 0x15f4  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:19:52.0356 0x15f4  WPCSvc - ok
17:19:52.0386 0x15f4  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:19:52.0400 0x15f4  WPDBusEnum - ok
17:19:52.0415 0x15f4  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:19:52.0464 0x15f4  ws2ifsl - ok
17:19:52.0520 0x15f4  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
17:19:52.0563 0x15f4  wscsvc - ok
17:19:52.0566 0x15f4  WSearch - ok
17:19:52.0676 0x15f4  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:19:52.0749 0x15f4  wuauserv - ok
17:19:52.0812 0x15f4  [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:19:52.0924 0x15f4  WudfPf - ok
17:19:52.0939 0x15f4  [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:19:52.0988 0x15f4  wudfsvc - ok
17:19:53.0119 0x15f4  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:19:53.0161 0x15f4  WwanSvc - ok
17:19:53.0210 0x15f4  ================ Scan global ===============================
17:19:53.0256 0x15f4  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
17:19:53.0281 0x15f4  [ E0406AEF04B088D1C49FC78D0546F689, 7ADD4D1C174FAA5405BD94BAF104A5DD56BE00DBDC1ED9F069A95430A7B264AA ] C:\Windows\system32\winsrv.dll
17:19:53.0305 0x15f4  [ E0406AEF04B088D1C49FC78D0546F689, 7ADD4D1C174FAA5405BD94BAF104A5DD56BE00DBDC1ED9F069A95430A7B264AA ] C:\Windows\system32\winsrv.dll
17:19:53.0339 0x15f4  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
17:19:53.0399 0x15f4  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
17:19:53.0412 0x15f4  [ Global ] - ok
17:19:53.0413 0x15f4  ================ Scan MBR ==================================
17:19:53.0435 0x15f4  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
17:19:53.0499 0x15f4  \Device\Harddisk2\DR2 - ok
17:19:53.0511 0x15f4  [ A4A15D6782E6FE1DCE41A606CB3AFFE3 ] \Device\Harddisk0\DR0
17:19:53.0618 0x15f4  \Device\Harddisk0\DR0 - ok
17:19:53.0638 0x15f4  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
17:19:53.0982 0x15f4  \Device\Harddisk1\DR1 - ok
17:19:53.0983 0x15f4  ================ Scan VBR ==================================
17:19:54.0008 0x15f4  [ 24BE7A3F9B8873A31A49670D9A7618FC ] \Device\Harddisk2\DR2\Partition1
17:19:54.0008 0x15f4  \Device\Harddisk2\DR2\Partition1 - ok
17:19:54.0010 0x15f4  [ 560193A279B18C45D9403549C3CE1525 ] \Device\Harddisk2\DR2\Partition2
17:19:54.0053 0x15f4  \Device\Harddisk2\DR2\Partition2 - ok
17:19:54.0055 0x15f4  [ 9740068638A63E0562FD4A3D67B44926 ] \Device\Harddisk0\DR0\Partition1
17:19:54.0077 0x15f4  \Device\Harddisk0\DR0\Partition1 - ok
17:19:54.0110 0x15f4  [ 0F8BB0CB74BBA55455883C47F5E85151 ] \Device\Harddisk1\DR1\Partition1
17:19:54.0174 0x15f4  \Device\Harddisk1\DR1\Partition1 - ok
17:19:54.0206 0x15f4  [ FCE63CE89271CBB6FB9F989D36868EC1 ] \Device\Harddisk1\DR1\Partition2
17:19:54.0223 0x15f4  \Device\Harddisk1\DR1\Partition2 - ok
17:19:54.0237 0x15f4  [ 8F651853C29CC9323EA8F6B70FA251E6 ] \Device\Harddisk1\DR1\Partition3
17:19:54.0455 0x15f4  \Device\Harddisk1\DR1\Partition3 - ok
17:19:54.0455 0x15f4  ================ Scan generic autorun ======================
17:19:54.0981 0x15f4  [ BDBC2F97FC0CA86D390C07021DAA6BF8, F15C0999698AAD78FA36211D799EF90164774A28BC3CF37F39505EC978909BBB ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
17:19:55.0145 0x15f4  RTHDVCPL - ok
17:19:55.0214 0x15f4  [ 938B4FEF3CD3311B241FDB5B50C2568B, 52F93F10A5144CD320E6257E438F7FAA52522A55EA3CBE3D142756B71CC6F531 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
17:19:55.0250 0x15f4  RtHDVBg_DTS - ok
17:19:55.0383 0x15f4  [ 51C494FEE2AB2EAEF3EE7D9329098950, 9EF665FA7627462755D0B1BA5296AA89C972242784A05806AA0AEABC8E08BD4D ] C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
17:19:55.0431 0x15f4  Bdagent - ok
17:19:55.0434 0x15f4  SynTPEnh - ok
17:19:55.0627 0x15f4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
17:19:55.0717 0x15f4  Sidebar - ok
17:19:55.0739 0x15f4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
17:19:55.0863 0x15f4  mctadmin - ok
17:19:55.0890 0x15f4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
17:19:56.0007 0x15f4  Sidebar - ok
17:19:56.0014 0x15f4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
17:19:56.0066 0x15f4  mctadmin - ok
17:19:56.0107 0x15f4  [ 53A6B1ED8BE0F7208FB72EF2580F71EC, 18799E69603DC0F67D56FA7A748FECFEDFD1CFFB8A12DC2B7E75035724B09303 ] C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
17:19:56.0150 0x15f4  Bitdefender-Geldbörse-Agent - ok
17:19:56.0262 0x15f4  [ 73CD25C93C41D174AFFCB140A10A8B1E, C0A481C54F8DF30D6B473215C60141B69FC812215DFCD07871E8F61A927D30DF ] D:\Steam\steam.exe
17:19:56.0367 0x15f4  Steam - ok
17:19:56.0371 0x15f4  Waiting for KSN requests completion. In queue: 86
17:19:57.0371 0x15f4  Waiting for KSN requests completion. In queue: 86
17:19:58.0371 0x15f4  Waiting for KSN requests completion. In queue: 86
17:19:59.0407 0x15f4  AV detected via SS2: Bitdefender Antivirus, C:\Program Files\Bitdefender\Bitdefender 2015\wscfix.exe ( 18.18.0.1254 ), 0x41000 ( enabled : updated )
17:19:59.0408 0x15f4  FW detected via SS2: Bitdefender Firewall, C:\Program Files\Bitdefender\Bitdefender 2015\wscfix.exe ( 18.18.0.1254 ), 0x41010 ( enabled )
17:20:01.0805 0x15f4  ============================================================
17:20:01.0805 0x15f4  Scan finished
17:20:01.0805 0x15f4  ============================================================
17:20:01.0811 0x15a8  Detected object count: 0
17:20:01.0811 0x15a8  Actual detected object count: 0

MBAR

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.05.03.04
  rootkit: v2015.04.21.01

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
iParanoid :: IPARANOID-PC [administrator]

03.05.2015 17:02:56
mbar-log-2015-05-03 (17-02-56).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 326312
Time elapsed: 5 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\System32\rpcss.dll (Trojan.Zekos.Patched764SP0) -> Replace on reboot. [7266972e86890e2b30c0c322e906b027]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

MBAR nach neustart

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.05.03.04
  rootkit: v2015.04.21.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
iParanoid :: IPARANOID-PC [administrator]

03.05.2015 17:17:33
mbar-log-2015-05-03 (17-17-33).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 326687
Time elapsed: 7 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

schrauber · 04.05.2015, 11:37

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

iParanoid · 04.05.2015, 13:30

ComboFix

Code:

ATTFilter

ComboFix 15-04-28.01 - iParanoid 04.05.2015  14:05:06.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.16282.13512 [GMT 2:00]
ausgeführt von:: c:\users\iParanoid\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
FW: Bitdefender Firewall *Enabled* {A23392FD-84B9-F933-2C71-81E751F6EF46}
SP: Bitdefender Spyware-Schutz *Disabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1430650533.bdinstall.bin
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-04-04 bis 2015-05-04  ))))))))))))))))))))))))))))))
.
.
2015-05-04 12:14 . 2015-05-04 12:14	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-05-03 22:15 . 2015-05-03 22:15	--------	d-----w-	c:\windows\Migration
2015-05-03 22:04 . 2012-07-26 07:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2015-05-03 21:56 . 2012-08-23 13:24	15360	----a-w-	c:\windows\system32\RdpGroupPolicyExtension.dll
2015-05-03 21:56 . 2012-08-23 14:10	19456	----a-w-	c:\windows\system32\drivers\rdpvideominiport.sys
2015-05-03 21:56 . 2012-08-23 14:13	243200	----a-w-	c:\windows\system32\rdpudd.dll
2015-05-03 21:56 . 2012-08-23 11:12	192000	----a-w-	c:\windows\SysWow64\rdpendp_winip.dll
2015-05-03 21:56 . 2012-08-23 10:51	228864	----a-w-	c:\windows\system32\rdpendp_winip.dll
2015-05-03 21:56 . 2012-08-23 09:51	3174912	----a-w-	c:\windows\system32\rdpcorets.dll
2015-05-03 21:34 . 2012-07-26 03:08	84992	----a-w-	c:\windows\system32\WUDFSvc.dll
2015-05-03 21:34 . 2012-07-26 03:08	194048	----a-w-	c:\windows\system32\WUDFPlatform.dll
2015-05-03 21:34 . 2012-07-26 02:26	87040	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2015-05-03 21:34 . 2012-07-26 02:26	198656	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2015-05-03 21:34 . 2012-07-26 03:08	229888	----a-w-	c:\windows\system32\WUDFHost.exe
2015-05-03 21:34 . 2012-07-26 03:08	744448	----a-w-	c:\windows\system32\WUDFx.dll
2015-05-03 21:34 . 2012-07-26 03:08	45056	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2015-05-03 21:25 . 2012-03-01 06:46	23408	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2015-05-03 21:25 . 2012-03-01 06:28	5120	----a-w-	c:\windows\system32\wmi.dll
2015-05-03 21:25 . 2012-03-01 05:29	5120	----a-w-	c:\windows\SysWow64\wmi.dll
2015-05-03 21:20 . 2014-03-09 21:48	171160	----a-w-	c:\windows\system32\infocardapi.dll
2015-05-03 21:20 . 2014-03-09 21:48	1389208	----a-w-	c:\windows\system32\icardagt.exe
2015-05-03 21:20 . 2014-03-09 21:47	99480	----a-w-	c:\windows\SysWow64\infocardapi.dll
2015-05-03 21:20 . 2014-03-09 21:47	619672	----a-w-	c:\windows\SysWow64\icardagt.exe
2015-05-03 21:20 . 2014-06-30 22:24	8856	----a-w-	c:\windows\system32\icardres.dll
2015-05-03 21:20 . 2014-06-30 22:14	8856	----a-w-	c:\windows\SysWow64\icardres.dll
2015-05-03 21:20 . 2014-06-06 06:16	35480	----a-w-	c:\windows\SysWow64\TsWpfWrp.exe
2015-05-03 21:20 . 2014-06-06 06:12	35480	----a-w-	c:\windows\system32\TsWpfWrp.exe
2015-05-03 21:18 . 2013-04-25 23:30	1505280	----a-w-	c:\windows\SysWow64\d3d11.dll
2015-05-03 21:17 . 2013-12-04 02:27	485888	----a-w-	c:\windows\system32\secproc_isv.dll
2015-05-03 21:16 . 2011-08-27 05:37	331776	----a-w-	c:\windows\system32\oleacc.dll
2015-05-03 21:12 . 2012-06-06 06:05	495616	----a-w-	c:\program files\Common Files\System\ado\msadox.dll
2015-05-03 21:06 . 2014-07-14 02:02	1216000	----a-w-	c:\windows\system32\rpcrt4.dll
2015-05-03 21:06 . 2014-07-14 01:40	664064	----a-w-	c:\windows\SysWow64\rpcrt4.dll
2015-05-03 16:14 . 2015-05-03 16:14	778416	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-05-03 16:14 . 2015-05-03 16:14	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-03 16:14 . 2015-05-03 16:14	--------	d-----w-	c:\windows\SysWow64\Macromed
2015-05-03 16:14 . 2015-05-03 16:14	--------	d-----w-	c:\windows\system32\Macromed
2015-05-03 15:38 . 2015-05-03 15:38	--------	d-----w-	c:\programdata\Riot Games
2015-05-03 15:35 . 2008-07-31 08:41	68616	----a-w-	c:\windows\SysWow64\XAPOFX1_1.dll
2015-05-03 15:35 . 2008-07-31 08:40	509448	----a-w-	c:\windows\SysWow64\XAudio2_2.dll
2015-05-03 15:35 . 2008-07-12 06:18	467984	----a-w-	c:\windows\SysWow64\d3dx10_39.dll
2015-05-03 15:35 . 2008-07-12 06:18	3851784	----a-w-	c:\windows\SysWow64\D3DX9_39.dll
2015-05-03 15:35 . 2008-07-12 06:18	1493528	----a-w-	c:\windows\SysWow64\D3DCompiler_39.dll
2015-05-03 15:02 . 2015-05-03 15:02	--------	d-----w-	c:\programdata\Malwarebytes
2015-05-03 15:02 . 2015-05-04 07:46	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-05-03 15:02 . 2015-05-03 18:36	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-03 15:01 . 2015-05-03 18:35	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-05-03 14:58 . 2015-05-03 14:58	--------	d-----w-	c:\windows\system32\SPReview
2015-05-03 14:57 . 2015-05-03 14:57	--------	d-----w-	c:\windows\system32\EventProviders
2015-05-03 14:55 . 2010-11-20 13:27	2193920	----a-w-	c:\windows\system32\themecpl.dll
2015-05-03 13:57 . 2007-12-31 22:04	--------	d-----w-	c:\program files (x86)\Common Files\Steam
2015-05-03 11:54 . 2015-03-03 17:47	129600	----a-w-	c:\windows\system32\drivers\rzpnk.sys
2015-05-03 11:54 . 2015-02-04 23:24	37184	----a-w-	c:\windows\system32\drivers\rzpmgrk.sys
2015-05-03 11:52 . 2015-05-03 11:52	--------	d-----w-	c:\program files\Synaptics
2015-05-03 11:49 . 2015-05-03 11:50	--------	d-----w-	c:\windows\system32\MRT
2015-05-03 11:06 . 2015-05-03 11:06	76944	----a-w-	c:\windows\system32\drivers\bdvedisk.sys
2015-05-03 11:06 . 2015-05-03 11:06	74000	----a-w-	c:\windows\system32\bdsandboxuiskin32.dll
2015-05-03 11:04 . 2015-05-03 11:54	--------	d-----w-	c:\programdata\Razer
2015-05-03 11:04 . 2007-12-31 22:05	--------	d-----w-	c:\program files (x86)\Razer
2015-05-03 11:03 . 2015-05-03 11:36	--------	d-----w-	c:\programdata\BDLogging
2015-05-03 11:03 . 2009-07-14 12:21	1721576	----a-w-	c:\windows\system32\WdfCoInstaller01009.dll
2015-05-03 11:03 . 2015-01-09 09:59	82824	----a-w-	c:\windows\system32\drivers\bdsandbox.sys
2015-05-03 11:03 . 2015-01-09 09:44	74000	----a-w-	c:\windows\SysWow64\bdsandboxuiskin32.dll
2015-05-03 11:03 . 2014-12-15 16:04	93600	----a-w-	c:\windows\system32\drivers\BdfNdisf6.sys
2015-05-03 11:03 . 2007-04-11 09:11	511328	----a-w-	c:\windows\capicom.dll
2015-05-03 11:03 . 2015-01-23 14:30	262544	----a-w-	c:\windows\system32\drivers\avchv.sys
2015-05-03 11:03 . 2015-01-14 11:13	677104	----a-w-	c:\windows\system32\drivers\avckf.sys
2015-05-03 11:03 . 2015-01-14 11:07	1306464	----a-w-	c:\windows\system32\drivers\avc3.sys
2015-05-03 11:01 . 2015-04-08 20:32	560968	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2015-05-03 10:57 . 2015-05-03 10:57	--------	d-----w-	C:\NVIDIA
2015-05-03 10:56 . 2015-05-03 11:05	--------	d-----w-	c:\programdata\Bitdefender
2015-05-03 10:56 . 2015-02-24 15:52	160544	----a-w-	c:\windows\system32\drivers\gzflt.sys
2015-05-03 10:56 . 2015-01-09 09:44	84848	----a-w-	c:\windows\system32\BDSandBoxUISkin.dll
2015-05-03 10:56 . 2015-01-09 09:44	33360	----a-w-	c:\windows\system32\BDSandBoxUH.dll
2015-05-03 10:56 . 2015-05-03 10:56	--------	d-----w-	c:\program files\Bitdefender
2015-05-03 10:56 . 2014-10-15 15:14	452040	----a-w-	c:\windows\system32\drivers\trufos.sys
2015-05-03 10:55 . 2015-05-03 10:56	--------	d-----w-	c:\program files\Common Files\Bitdefender
2015-05-03 10:32 . 2011-04-09 06:58	142336	----a-w-	c:\windows\system32\poqexec.exe
2015-05-03 10:32 . 2011-04-09 05:56	123904	----a-w-	c:\windows\SysWow64\poqexec.exe
2015-05-03 10:30 . 2015-05-03 10:30	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2015-05-03 10:29 . 2015-03-23 01:51	726528	----a-w-	c:\windows\system32\generaltel.dll
2015-05-03 10:29 . 2015-03-23 01:51	769536	----a-w-	c:\windows\system32\invagent.dll
2015-05-03 10:29 . 2015-03-23 01:51	419840	----a-w-	c:\windows\system32\devinv.dll
2015-05-03 10:29 . 2015-03-23 01:51	957952	----a-w-	c:\windows\system32\appraiser.dll
2015-05-03 10:29 . 2015-03-23 01:51	30720	----a-w-	c:\windows\system32\acmigration.dll
2015-05-03 10:29 . 2015-01-27 23:23	1239720	----a-w-	c:\windows\system32\aitstatic.exe
2015-05-03 04:39 . 2015-04-19 22:58	12032440	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{8633EDCB-D714-45CB-930A-A155DF2D5821}\mpengine.dll
2015-05-03 04:39 . 2015-02-24 02:17	295552	------w-	c:\windows\system32\MpSigStub.exe
2015-05-03 04:38 . 2015-04-09 00:58	1540240	----a-w-	c:\windows\system32\nvhdagenco6420103.dll
2015-05-03 04:37 . 2015-05-04 12:16	--------	d-----w-	c:\programdata\NVIDIA
2015-05-03 04:37 . 2015-04-08 21:30	6841488	----a-w-	c:\windows\system32\nvcpl.dll
2015-05-03 04:37 . 2015-04-08 21:30	3478344	----a-w-	c:\windows\system32\nvsvc64.dll
2015-05-03 04:37 . 2015-04-08 21:30	936264	----a-w-	c:\windows\system32\nvvsvc.exe
2015-05-03 04:37 . 2015-04-08 21:30	62608	----a-w-	c:\windows\system32\nvshext.dll
2015-05-03 04:37 . 2015-04-08 21:30	2558608	----a-w-	c:\windows\system32\nvsvcr.dll
2015-05-03 04:37 . 2015-04-08 21:30	385168	----a-w-	c:\windows\system32\nvmctray.dll
2015-05-03 04:37 . 2015-04-08 17:52	4336074	----a-w-	c:\windows\system32\nvcoproc.bin
2015-05-03 04:37 . 2015-05-03 04:37	--------	d-----w-	C:\temp
2015-05-03 04:37 . 2015-05-03 11:01	--------	d-----w-	c:\programdata\NVIDIA Corporation
2015-05-03 04:37 . 2015-05-03 11:02	--------	d-----w-	c:\program files (x86)\NVIDIA Corporation
2015-05-03 04:36 . 2012-09-07 01:17	1760104	----a-w-	c:\windows\system32\nvdispco64.dll
2015-05-03 04:36 . 2012-09-07 01:17	1482600	----a-w-	c:\windows\system32\nvdispgenco64.dll
2015-05-03 04:36 . 2015-04-09 00:58	14617288	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2015-05-03 04:36 . 2015-04-09 00:58	12689592	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2015-05-03 04:36 . 2015-04-09 00:58	2935416	----a-w-	c:\windows\SysWow64\nvapi.dll
2015-05-03 04:35 . 2015-05-03 11:01	--------	d-----w-	c:\program files\NVIDIA Corporation
2015-05-03 04:34 . 2015-05-03 04:34	--------	d-----w-	c:\windows\system32\appmgmt
2015-05-03 03:02 . 2015-05-03 02:11	--------	d-----w-	c:\windows\Panther
2015-05-03 02:27 . 2015-05-03 02:27	--------	d-----w-	c:\program files\Intel
2015-05-03 02:27 . 2012-07-25 15:54	538496	----a-r-	c:\windows\system32\PROUnstl.exe
2015-05-03 02:26 . 2012-04-02 21:29	511152	----a-w-	c:\windows\system32\drivers\e1q62x64.sys
2015-05-03 02:26 . 2012-03-15 08:37	72360	----a-w-	c:\windows\system32\e1qmsg.dll
2015-05-03 02:26 . 2009-05-26 17:05	36472	----a-w-	c:\windows\system32\NicCo36.dll
2015-05-03 02:26 . 2012-03-28 08:59	99520	----a-w-	c:\windows\system32\NicInstQ.dll
2015-05-03 02:25 . 2015-05-03 02:25	--------	d-----w-	c:\program files (x86)\ASM104xUSB3
2015-05-03 02:25 . 2015-05-03 02:25	--------	d-----w-	c:\program files (x86)\ASM106xSATA
2015-05-03 02:23 . 2015-05-03 02:23	--------	d-----w-	c:\program files\Realtek
2015-05-03 02:23 . 2015-05-03 02:23	--------	d-----w-	c:\windows\SysWow64\RTCOM
2015-05-03 02:23 . 2012-01-30 03:43	836544	----a-w-	c:\windows\system32\tadefxapo264.dll
2015-05-03 02:23 . 2012-01-10 02:20	65944	----a-w-	c:\windows\system32\tepeqapo64.dll
2015-05-03 02:23 . 2011-03-17 04:17	1361336	----a-w-	c:\windows\system32\tosade.dll
2015-05-03 02:23 . 2011-03-07 09:11	148416	----a-w-	c:\windows\system32\tadefxapo.dll
2015-05-03 02:19 . 2015-05-03 02:19	--------	d-----w-	c:\windows\AsusInstAll
2015-05-03 02:19 . 2015-05-03 02:19	--------	d-----w-	c:\program files (x86)\AMD APP
2015-05-03 02:19 . 2015-05-03 02:19	--------	dc----w-	c:\windows\system32\DRVSTORE
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-03 15:00 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2015-05-03 15:00 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2015-03-14 05:49 . 2015-03-14 05:49	9728	----a-w-	c:\windows\SysWow64\RzStats.IPC.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender-Geldbörse-Agent"="c:\program files\Bitdefender\Bitdefender 2015\bdwtxag.exe" [2015-01-15 790880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2015-04-22 590144]
"RzSBHelper"="c:\program files (x86)\Razer\SwitchBlade\RzSBHelper.exe" [2014-12-30 84992]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
RazerFPSStartup.lnk - c:\programdata\Razer\SwitchBlade\Apps\Razer\65BFE244-2354-4E41-ADC9-CCF6BE3B5F75\RzFPS\RzFPS.exe [2012-8-28 1260032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2015\bdparentalservice.exe;c:\program files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [x]
R3 bdfwfpf_pc;bdfwfpf_pc;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [x]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys;c:\windows\SYSNATIVE\drivers\bdsandbox.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]
S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys;c:\windows\SYSNATIVE\drivers\rzpnk.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2015\updatesrv.exe;c:\program files\Bitdefender\Bitdefender 2015\updatesrv.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
S3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
S3 rzhnet;Razer Inc. External Display Driver;c:\windows\system32\Drivers\rzhnet.sys;c:\windows\SYSNATIVE\Drivers\rzhnet.sys [x]
S3 rzjstk;Razer Virtual Joystick Driver;c:\windows\system32\DRIVERS\rzjstk.sys;c:\windows\SYSNATIVE\DRIVERS\rzjstk.sys [x]
S3 rzudd;Razer Keyboard Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2015-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-03 16:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-08-07 6827664]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-08-06 1215632]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2015\bdagent.exe" [2015-03-12 1691112]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\iParanoid\AppData\Roaming\Mozilla\Firefox\Profiles\hl7oh2e9.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programdata\Razer\SwitchBlade\DeathStalker\Razer\1068AAE3-6299-4086-A7F6-0600F5F1D1E5\RzHome.exe
c:\program files (x86)\Razer\SwitchBlade\RzAppManager.exe
c:\programdata\Razer\Synapse\RzStats\RzStats.Manager.exe
c:\program files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
c:\users\iParanoid\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
c:\programdata\Razer\SwitchBlade\Apps\Razer\91845076-CD47-435F-A442-CEB373A3ADE8\RzNumpad.exe
c:\programdata\Razer\SwitchBlade\Apps\Razer\945749A0-B4C2-4EB5-A93E-44DC10FDAF4D\RzWidget.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-05-04  14:28:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-05-04 12:28
.
Vor Suchlauf: 8 Verzeichnis(se), 935.783.239.680 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 935.919.775.744 Bytes frei
.
- - End Of File - - 7D3A2E65EA0BCE011B88FEE91F428D12
A4A15D6782E6FE1DCE41A606CB3AFFE3