Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows 7: merkwürdiges Verhalten (Prozesse beenden sehr langsam, Bildschirmflackern, seltsame Internetverbindung)

Windows 7: merkwürdiges Verhalten (Prozesse beenden sehr langsam, Bildschirmflackern, seltsame Internetverbindung)


Log-Analyse und Auswertung: Windows 7: merkwürdiges Verhalten (Prozesse beenden sehr langsam, Bildschirmflackern, seltsame Internetverbindung)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 21.11.2013, 02:55   #1
FFrank
 
Windows 7: merkwürdiges Verhalten (Prozesse beenden sehr langsam, Bildschirmflackern, seltsame Internetverbindung) - Standard

Windows 7: merkwürdiges Verhalten (Prozesse beenden sehr langsam, Bildschirmflackern, seltsame Internetverbindung)


Hallo,
vorweg: Vermutlich bin ich nur etwas zu paranoid, aber die Symptome zusammen lassen mich an eine Infektion denken.

Was mir bisher aufgefallen ist:
  • Bildschirmflackern:
    Tritt ab und zu mal auf, wüsste jetzt leider nicht wie ich das beschreiben sollte. Am ehesten erinnert es mich an das Flackern das ein Terminal-Server Benutzer sieht (oder zumindestens früher sah) wenn man sich in die Sitzung eingeklinkt hat. Deswegen vermutlich auch mein Misstrauen...
  • Prozesse brauchen ungewöhnlich lange zum Beenden.
    Beim Start, Ausführung ist alles normal. Beenden dauert allerdings ewig. Aufgefallen ist mir das zuerst bei ping.exe, da es nach der Zusammenfassung, oder einem Abbruch mit Strg+C ca 5-10 Sekunden dauert bis der Prompt wieder erscheint. Das tritt auch bei anderen Programmen wie z.B. tracert oder auch notepad auf.
  • Eine etwas seltsame Internetverbindung, die mich letztlich dazu gebracht hat hier zu posten:
    Und zwar eine Verbindung von von svchost zu 94.254.121.251 über UDP. Die IP gehört wohl zu einem schwedischen Anbieter von Virtual Servern (www.bahnhof.net) Der sich seiner Privacy Richtlinien rühmt, und damit das er Wikileaks gehostet hat.
    Kann natürlich sein, das ich da nur Windows Update oder ähnlichem aufgesessen bin, kommt mir aber irgendwie komisch vor.
    Die mit dem Prozess verbundenen Dienste waren (In Klammern jeweils, als was sich der Dienst auswies):
    • wuauserv (Windows Update)
    • Winmgmt (Windows-Verwaltungsinstrumentation)
    • Themes (Designs)
    • ShellHWDetection (Shellhardwareerkennung)
    • SENS (Benachrichtigungsdienst für Systemereignisse
    • Schedule (Aufgabenplanung)
    • ProfSVC (Benutzerprofildienst)
    • MMCSS (Multimediaklassenplaner)
    • LanmanServer (Server)
    • iphlpsvc (IP-Hilfsdienst)
    • IKEEXT (IKE- und AuthIP IPsec-Schlüsselerstellungsmodule)
    • EapHost (Extensible Authentication-Protokoll)
    • Browser (Computerbrowser)
    • Appinfo (Anwendungsinformationen)
    • AeLookupSvc (Anwendungserfahrung)
So, und nun zu den erstellten Logs. Leider muss ich gestehen das ich bei den FRST Runs zwei Fehler gemacht hab. Beim ersten Run hatte ich bereits einige Prozesse zum Testen abgeschossen, da ich nicht weiß inwiefern das die Ergebnisse beeinflusst, hab ich den Rechner nach dem Durchlauf neugestartet, die erstellten Dateien umbenannt, und einen zweiten Run gestartet. Beim zweiten Run hat dann Comodo einen von FRST gestarteten Prozess in die Sandbox gepackt. Also Autosandbox ausgeschaltet, Dateien umbenannt, dritter Run.
Ich poste hier die Dateien vom 3. Run, bei Bedarf kann ich die anderen Beiden auch hochladen.

Leider sind die Logs von FRST und GMER zu lang (oder ich hab zu viel Müll geschrieben). Deswegen als zip Attachment, sorry.

Lustig ist, das mich GMER etwas an der Nase herumgeführt hat. Nach dem Speichern der Datei auf dem Desktop, und dem Beenden des Programms war keine Datei auf dem Desktop zu finden Lösung war natürlich, das die Datei auf dem Admin Desktop lag, ich aber als normaler Nutzer angemeldet bin. Evtl. nimmt man das in den Erste Schritte Guide auf. Könnte mir vorstellen, das der ein oder andere etwas länger sucht :P

So, Danke schonmal fürs durchhalten bis hierher.
Frank

Alt 21.11.2013, 08:26   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7: merkwürdiges Verhalten (Prozesse beenden sehr langsam, Bildschirmflackern, seltsame Internetverbindung) - Standard

Windows 7: merkwürdiges Verhalten (Prozesse beenden sehr langsam, Bildschirmflackern, seltsame Internetverbindung)


Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________
Alt 21.11.2013, 13:56   #3
FFrank
 
Windows 7: merkwürdiges Verhalten (Prozesse beenden sehr langsam, Bildschirmflackern, seltsame Internetverbindung) - Standard

Windows 7: merkwürdiges Verhalten (Prozesse beenden sehr langsam, Bildschirmflackern, seltsame Internetverbindung)


Ok, dann hier die Logs:

FRST.txt [1]

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013
Ran by Admin (administrator) on FRANK-PC on 21-11-2013 00:29:43
Running from C:\Users\Frank\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(COMODO) D:\Programme\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AMD) C:\Windows\system32\atieclxx.exe
(COMODO) D:\Programme\COMODO\COMODO Internet Security\cavwp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(COMODO) D:\Programme\COMODO\COMODO Internet Security\cistray.exe
(IvoSoft) D:\Programme\ClassicShell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() D:\Programme\Rainlendar2\Rainlendar2.exe
(Skype Technologies S.A.) D:\Programme\Skype\Phone\Skype.exe
(Curse) C:\Users\Frank\AppData\Local\Apps\2.0\CWE663DE.PB3\0J47O43M.VBN\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(COMODO) D:\Programme\COMODO\COMODO Internet Security\cis.exe
(COMODO) D:\Programme\COMODO\COMODO Internet Security\cmdvirth.exe
(Opera Software) D:\Programme\Opera\17.0.1241.53\opera.exe
() D:\Programme\Opera\17.0.1241.53\opera_crashreporter.exe
(Opera Software) D:\Programme\Opera\17.0.1241.53\opera.exe
(Opera Software) D:\Programme\Opera\17.0.1241.53\opera.exe
(Opera Software) D:\Programme\Opera\17.0.1241.53\opera.exe
(Opera Software) D:\Programme\Opera\17.0.1241.53\opera.exe
(Opera Software) D:\Programme\Opera\17.0.1241.53\opera.exe
() D:\Programme\Opera\17.0.1241.53\opera_autoupdate.exe
(Opera Software) D:\Programme\Opera\17.0.1241.53\opera.exe
(Microsoft Corporation) C:\Windows\system32\prevhost.exe
(COMODO) D:\Programme\COMODO\COMODO Internet Security\cis.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Internet Security] - D:\Programme\COMODO\COMODO Internet Security\cistray.exe [1612504 2013-11-11] (COMODO)
HKLM\...\Run: [Classic Start Menu] - D:\Programme\ClassicShell\ClassicStartMenu.exe [152576 2013-10-20] (IvoSoft)
HKCU\...\Run: [Rainlendar2] - D:\Programme\Rainlendar2\Rainlendar2.exe [2598496 2013-03-10] ()
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-25] (Advanced Micro Devices, Inc.)
IMEO\notepad.exe: [Debugger] "C:\Program Files\Notepad2\Notepad2.exe" /z
Startup: C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

==================== Internet (Whitelisted) ====================

BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - D:\Programme\ClassicShell\ClassicExplorer64.dll (IvoSoft)
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - D:\Programme\ClassicShell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Programme\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - D:\Programme\ClassicShell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - D:\Programme\ClassicShell\ClassicExplorer32.dll (IvoSoft)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-10-25] (Advanced Micro Devices, Inc.)
R2 cmdAgent; D:\Programme\COMODO\COMODO Internet Security\cmdagent.exe [6254152 2013-10-20] (COMODO)
R3 cmdvirth; D:\Programme\COMODO\COMODO Internet Security\cmdvirth.exe [164056 2013-09-24] (COMODO)
S2 SkypeUpdate; D:\Programme\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies)

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-09-24] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [709144 2013-11-14] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48872 2013-09-24] (COMODO)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31136 2013-11-06] (REALiX(tm))
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [96800 2013-09-24] (COMODO)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52832 2013-11-08] (hxxp://libusb-win32.sourceforge.net)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-21 00:29 - 2013-11-21 00:29 - 00006264 _____ C:\Users\Frank\Downloads\FRST.txt
2013-11-21 00:27 - 2013-11-21 00:27 - 00023407 _____ C:\Users\Frank\Downloads\Addition2.txt
2013-11-21 00:25 - 2013-11-21 00:27 - 00182926 _____ C:\Users\Frank\Downloads\FRST2.txt
2013-11-21 00:04 - 2013-11-21 00:06 - 00022999 _____ C:\Users\Frank\Downloads\Addition1.txt
2013-11-20 23:49 - 2013-11-21 00:06 - 00182182 _____ C:\Users\Frank\Downloads\FRST1.txt
2013-11-20 23:45 - 2013-11-20 23:45 - 00000000 ____D C:\FRST
2013-11-20 23:41 - 2013-11-20 23:41 - 00377856 _____ C:\Users\Frank\Downloads\8441b6d4.exe
2013-11-20 23:40 - 2013-11-20 23:40 - 01957964 _____ (Farbar) C:\Users\Frank\Downloads\FRST64.exe
2013-11-20 23:39 - 2013-11-20 23:39 - 00000472 _____ C:\Users\Frank\Downloads\defogger_disable.log
2013-11-20 23:39 - 2013-11-20 23:39 - 00000000 _____ C:\Users\Admin\defogger_reenable
2013-11-20 23:38 - 2013-11-20 23:38 - 00050477 _____ C:\Users\Frank\Downloads\Defogger.exe
2013-11-20 23:00 - 2013-11-20 23:00 - 02701261 _____ C:\Users\Frank\Documents\seltsamerprozess.xcf
2013-11-20 23:00 - 2013-11-20 23:00 - 00027119 _____ C:\Users\Frank\AppData\Local\recently-used.xbel
2013-11-20 22:05 - 2013-11-20 22:05 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2013-11-20 22:03 - 2013-11-20 22:05 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Notepad++
2013-11-20 22:01 - 2013-11-20 22:01 - 00013516 _____ C:\Users\Frank\Documents\.test.dmp
2013-11-20 10:04 - 2013-11-20 10:11 - 52800336 _____ C:\Users\Frank\Downloads\fritzbox-labor-3272-26627.zip
2013-11-19 13:33 - 2013-11-19 13:34 - 17686528 _____ (AVM Berlin) C:\Users\Frank\Downloads\FRITZ.Box_3272.05.50.recover-image.exe
2013-11-19 12:41 - 2013-11-20 22:38 - 00000320 _____ C:\Users\Frank\Desktop\Neues Textdokument.txt
2013-11-19 09:20 - 2013-11-19 09:20 - 00001895 _____ C:\Users\Frank\Downloads\recover.txt
2013-11-19 09:19 - 2013-11-19 09:19 - 00387969 _____ C:\Users\Frank\Downloads\AVM Service-Portal.htm
2013-11-19 09:19 - 2013-11-19 09:19 - 00002456 _____ C:\Users\Frank\Downloads\FRITZ!BoxInternet.htm
2013-11-19 09:19 - 2013-11-19 09:19 - 00000000 ____D C:\Users\Frank\Downloads\FRITZ!BoxInternet_files
2013-11-19 09:19 - 2013-11-19 09:19 - 00000000 ____D C:\Users\Frank\Downloads\AVM Service-Portal_files
2013-11-19 09:18 - 2013-11-19 09:18 - 00002456 _____ C:\Users\Frank\Downloads\FRITZ!BoxRepeater.htm
2013-11-19 09:18 - 2013-11-19 09:18 - 00002452 _____ C:\Users\Frank\Downloads\FRITZ!BoxWlan.htm
2013-11-19 09:18 - 2013-11-19 09:18 - 00000000 ____D C:\Users\Frank\Downloads\FRITZ!BoxWlan_files
2013-11-19 09:18 - 2013-11-19 09:18 - 00000000 ____D C:\Users\Frank\Downloads\FRITZ!BoxRepeater_files
2013-11-19 09:17 - 2013-11-19 09:17 - 00002448 _____ C:\Users\Frank\Downloads\FRITZ!Box.htm
2013-11-19 09:17 - 2013-11-19 09:17 - 00000000 ____D C:\Users\Frank\Downloads\FRITZ!Box_files
2013-11-19 09:11 - 2013-11-19 09:11 - 00137147 _____ C:\Users\Frank\Downloads\FRITZ.Box Fon WLAN 7141 (UI) 40.04.76_19.11.13_0911.export
2013-11-19 09:09 - 2013-11-19 09:09 - 07529784 _____ (AVM Berlin) C:\Users\Frank\Downloads\fritz.box_fon_wlan_7141.04.76.recover-image.exe
2013-11-16 08:31 - 2013-11-16 08:31 - 00533569 _____ C:\Users\Frank\Downloads\2DSDV.rar
2013-11-15 23:22 - 2013-11-15 23:22 - 00031232 ___SH C:\Users\Frank\Thumbs.db
2013-11-15 23:15 - 2013-11-15 23:19 - 47882360 _____ C:\Users\Frank\Downloads\calibre-portable-installer-1.11.0.exe
2013-11-15 23:09 - 2013-11-15 23:09 - 00474121 _____ C:\Users\Frank\Downloads\1DLW.rar
2013-11-15 16:59 - 2013-11-15 17:00 - 01467128 _____ C:\Users\Frank\Downloads\SystemCheck_deDE.exe
2013-11-15 14:59 - 2013-11-19 12:24 - 00000000 ____D C:\Users\Frank\AppData\Local\PasswordSafe
2013-11-15 14:59 - 2013-11-15 14:59 - 00000000 ____D C:\Users\Frank\Documents\My Safes
2013-11-15 14:59 - 2013-11-15 14:59 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Password Safe
2013-11-15 14:50 - 2013-11-15 14:51 - 13998435 _____ C:\Users\Frank\Downloads\pwsafe-3.32.exe
2013-11-14 19:00 - 2013-11-14 19:00 - 00000688 _____ C:\Users\Frank\Desktop\TeamSpeak 3 Client.lnk
2013-11-14 17:35 - 2013-11-21 00:25 - 02071544 _____ C:\Windows\system32\Drivers\fvstore.dat
2013-11-14 17:28 - 2013-11-15 23:27 - 00000000 ___HD C:\VTRoot
2013-11-13 13:13 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 13:13 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 13:13 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 13:13 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 13:13 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 13:13 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 13:13 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 13:13 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 13:13 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 13:13 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 13:13 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 13:13 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 13:13 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 13:13 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 13:13 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 13:13 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 13:13 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 13:13 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 13:13 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 13:13 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 13:13 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 13:13 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 13:13 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 13:13 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 13:13 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 13:13 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 13:13 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 13:12 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 13:12 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 13:12 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 13:12 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 10:26 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 10:26 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 10:26 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 10:26 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 10:26 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 10:26 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 10:26 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 10:26 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 10:26 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 10:26 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 10:26 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 10:26 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 10:26 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 10:26 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 10:26 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 10:26 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 10:26 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 10:26 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 10:26 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 10:26 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 10:26 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 10:26 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 10:26 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 10:26 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 10:26 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 10:26 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 10:26 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 10:26 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 10:26 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 10:26 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-12 14:18 - 2013-11-12 14:18 - 00000000 ____D C:\dummy
2013-11-12 12:41 - 2013-11-21 00:20 - 00000000 ____D C:\Users\Frank\AppData\Roaming\ClassicShell
2013-11-12 12:36 - 2013-11-12 12:36 - 00000000 ____D C:\Users\Admin\AppData\Roaming\LibreOffice
2013-11-12 03:59 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-11-12 03:59 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-11-12 03:59 - 2012-08-23 15:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2013-11-12 03:59 - 2012-08-23 15:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-11-12 03:59 - 2012-08-23 14:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-11-12 03:59 - 2012-08-23 14:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-11-12 03:59 - 2012-08-23 14:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-11-12 03:59 - 2012-08-23 14:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-11-12 03:59 - 2012-08-23 14:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-11-12 03:59 - 2012-08-23 14:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-11-12 03:59 - 2012-08-23 14:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-11-12 03:59 - 2012-08-23 14:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-11-12 03:59 - 2012-08-23 14:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-11-12 03:59 - 2012-08-23 13:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-11-12 03:59 - 2012-08-23 12:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-11-12 03:59 - 2012-08-23 12:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-11-12 03:59 - 2012-08-23 12:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-11-12 03:59 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-11-12 03:59 - 2012-08-23 11:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-11-12 03:59 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2013-11-12 03:59 - 2012-08-23 11:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-11-12 03:59 - 2012-08-23 11:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-11-12 03:59 - 2012-08-23 10:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-11-12 03:59 - 2012-08-23 09:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-11-12 03:59 - 2012-08-23 09:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-11-12 03:57 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-11-12 03:57 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-11-12 03:57 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-11-12 03:57 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-11-12 03:57 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-11-12 03:57 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-11-12 03:57 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-11-12 03:57 - 2012-05-04 12:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2013-11-12 03:57 - 2012-05-04 10:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-11-12 03:00 - 2013-11-12 03:00 - 00000000 ____D C:\Users\Frank\AppData\Local\doublecmd
2013-11-12 02:00 - 2013-11-12 13:31 - 00000000 ____D C:\Users\Frank\AppData\Roaming\doublecmd
2013-11-12 02:00 - 2013-11-12 02:00 - 00000705 _____ C:\Users\Public\Desktop\Double Commander.lnk
2013-11-12 01:52 - 2013-11-12 01:58 - 00000000 ____D C:\Users\Admin\.mucommander
2013-11-12 00:18 - 2013-11-12 13:07 - 00007591 _____ C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2013-11-12 00:10 - 2013-11-12 00:10 - 00001183 _____ C:\Users\Frank\Desktop\Control Panel.lnk
2013-11-11 20:29 - 2013-11-12 03:31 - 00000000 ____D C:\Users\Frank\AppData\Local\GHISLER
2013-11-11 20:16 - 2013-11-12 03:31 - 00000000 ____D C:\Users\Frank\AppData\Roaming\GHISLER
2013-11-11 20:16 - 2013-11-11 20:16 - 00000000 ____D C:\Users\Admin\AppData\Roaming\GHISLER
2013-11-08 14:09 - 2013-11-08 14:09 - 00000000 ____D C:\Users\Frank\AppData\Roaming\ArgyllCMS
2013-11-08 13:55 - 2013-11-08 15:53 - 00000000 ____D C:\Users\Frank\AppData\Roaming\dispcalGUI
2013-11-08 13:54 - 2013-11-08 13:54 - 00000000 ____D C:\ProgramData\dispcalGUI
2013-11-08 13:47 - 2013-11-08 13:46 - 00052832 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\Drivers\libusb0.sys
2013-11-08 09:18 - 2013-11-19 11:03 - 00000000 ____D C:\Users\Frank\AppData\Local\The Witcher
2013-11-08 09:18 - 2013-11-08 10:44 - 00000000 ____D C:\Users\Frank\Documents\The Witcher
2013-11-08 01:48 - 2013-11-08 01:57 - 00000000 ____D C:\Users\Frank\Desktop\Witcher3
2013-11-08 01:10 - 2013-11-08 01:39 - 00000000 ____D C:\Users\Public\Documents\The Witcher
2013-11-07 13:13 - 2013-11-07 14:41 - 00000000 ____D C:\Users\Frank\AppData\Roaming\TeamViewer
2013-11-07 09:33 - 2013-11-20 21:54 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Skype
2013-11-07 09:33 - 2013-11-07 09:33 - 00000000 ____D C:\ProgramData\Skype
2013-11-07 09:12 - 2013-11-07 09:13 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Mozilla
2013-11-07 09:12 - 2013-11-07 09:12 - 00000000 ____D C:\Users\Frank\AppData\Local\Mozilla
2013-11-07 09:12 - 2013-11-07 09:12 - 00000000 ____D C:\ProgramData\Mozilla
2013-11-07 09:12 - 2013-11-07 09:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-06 23:59 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-11-06 23:59 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-11-06 23:59 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-11-06 23:59 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2013-11-06 23:59 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-11-06 23:59 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-11-06 23:59 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2013-11-06 23:59 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2013-11-06 23:59 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-11-06 23:59 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2013-11-06 23:59 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2013-11-06 23:59 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-11-06 23:59 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2013-11-06 23:59 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-11-06 23:59 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-11-06 23:59 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-11-06 23:59 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2013-11-06 23:59 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-11-06 23:59 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-11-06 23:59 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2013-11-06 23:59 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2013-11-06 23:59 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-11-06 23:59 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2013-11-06 23:59 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-11-06 23:59 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2013-11-06 23:59 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2013-11-06 23:59 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2013-11-06 23:59 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2013-11-06 23:59 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2013-11-06 23:59 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2013-11-06 23:59 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2013-11-06 23:59 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2013-11-06 23:59 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2013-11-06 23:59 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2013-11-06 23:59 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-11-06 23:59 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-11-06 23:59 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2013-11-06 23:59 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-11-06 23:59 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2013-11-06 23:59 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2013-11-06 23:59 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2013-11-06 23:59 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2013-11-06 23:59 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2013-11-06 23:59 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2013-11-06 23:59 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2013-11-06 23:59 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2013-11-06 23:59 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2013-11-06 23:59 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2013-11-06 23:59 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2013-11-06 23:59 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2013-11-06 23:59 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2013-11-06 23:59 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2013-11-06 23:59 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2013-11-06 23:59 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2013-11-06 23:59 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2013-11-06 23:59 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2013-11-06 23:59 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2013-11-06 23:59 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-11-06 23:59 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2013-11-06 23:59 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-11-06 23:59 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2013-11-06 23:59 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2013-11-06 23:59 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2013-11-06 23:59 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2013-11-06 23:59 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2013-11-06 23:59 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2013-11-06 23:59 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2013-11-06 23:59 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2013-11-06 23:59 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2013-11-06 23:59 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-11-06 23:59 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2013-11-06 23:59 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-11-06 23:59 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-11-06 23:59 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2013-11-06 23:59 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-11-06 23:59 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2013-11-06 23:59 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-11-06 23:59 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2013-11-06 23:59 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2013-11-06 23:59 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2013-11-06 23:59 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2013-11-06 23:59 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2013-11-06 23:59 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2013-11-06 23:59 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2013-11-06 23:59 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2013-11-06 23:59 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2013-11-06 23:59 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2013-11-06 23:59 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2013-11-06 23:59 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2013-11-06 23:59 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2013-11-06 23:59 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2013-11-06 23:59 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2013-11-06 23:59 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2013-11-06 23:59 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2013-11-06 23:59 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2013-11-06 23:59 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2013-11-06 23:59 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2013-11-06 23:59 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2013-11-06 23:59 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2013-11-06 23:59 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2013-11-06 23:59 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2013-11-06 23:59 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2013-11-06 23:59 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2013-11-06 23:59 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2013-11-06 23:59 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2013-11-06 23:59 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2013-11-06 23:59 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2013-11-06 23:59 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2013-11-06 23:59 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2013-11-06 23:59 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2013-11-06 23:59 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2013-11-06 23:59 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2013-11-06 23:59 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2013-11-06 23:59 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2013-11-06 23:59 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2013-11-06 23:59 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2013-11-06 23:59 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2013-11-06 23:59 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2013-11-06 23:59 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2013-11-06 23:59 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2013-11-06 23:59 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2013-11-06 23:59 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2013-11-06 23:59 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2013-11-06 23:59 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2013-11-06 23:59 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2013-11-06 23:59 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2013-11-06 23:59 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2013-11-06 23:59 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2013-11-06 23:59 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2013-11-06 23:59 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2013-11-06 23:59 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2013-11-06 23:59 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2013-11-06 23:59 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2013-11-06 23:59 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2013-11-06 23:59 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2013-11-06 23:59 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2013-11-06 23:59 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2013-11-06 23:59 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2013-11-06 23:59 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2013-11-06 23:59 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2013-11-06 23:59 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2013-11-06 23:59 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2013-11-06 23:59 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2013-11-06 23:59 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2013-11-06 23:59 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2013-11-06 23:59 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2013-11-06 23:59 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2013-11-06 23:59 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-11-06 23:59 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2013-11-06 23:59 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2013-11-06 23:59 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2013-11-06 23:59 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2013-11-06 23:59 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2013-11-06 23:59 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2013-11-06 23:59 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2013-11-06 23:59 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2013-11-06 23:59 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2013-11-06 23:59 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2013-11-06 23:59 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2013-11-06 23:59 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2013-11-06 23:59 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2013-11-06 23:59 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2013-11-06 23:59 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2013-11-06 23:59 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2013-11-06 23:59 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2013-11-06 23:59 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2013-11-06 23:59 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2013-11-06 23:59 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2013-11-06 23:59 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2013-11-06 23:59 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2013-11-06 23:59 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2013-11-06 23:59 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2013-11-06 23:59 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2013-11-06 23:59 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2013-11-06 23:59 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2013-11-06 23:59 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2013-11-06 23:59 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2013-11-06 23:59 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2013-11-06 23:59 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2013-11-06 23:59 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2013-11-06 23:58 - 2013-11-08 01:41 - 00027522 _____ C:\Windows\DirectX.log
2013-11-06 23:58 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2013-11-06 23:58 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2013-11-06 23:43 - 2013-11-06 23:59 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-11-06 23:43 - 2013-11-06 23:43 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2013-11-06 23:42 - 2013-11-06 23:42 - 00000715 _____ C:\Users\Admin\Desktop\MSI Afterburner.lnk
2013-11-06 23:42 - 2013-11-06 23:42 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2013-11-06 22:56 - 2013-11-06 22:56 - 00031136 _____ (REALiX(tm)) C:\Windows\system32\Drivers\HWiNFO64A.SYS
2013-11-06 22:55 - 2013-11-06 22:55 - 00000000 ____D C:\Program Files\HWiNFO64
2013-11-05 17:01 - 2013-11-05 17:09 - 00007121 _____ C:\Users\Frank\Documents\grey1.xcf
2013-11-04 15:31 - 2013-11-04 15:31 - 00000630 _____ C:\Users\Admin\Desktop\ICC3D.lnk
2013-11-04 15:31 - 2013-11-04 15:31 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICC3D
2013-11-04 15:10 - 2013-11-04 15:10 - 00000660 _____ C:\Users\Admin\Desktop\ICC Profile Inspector.lnk
2013-11-04 10:39 - 2013-11-13 12:50 - 00000000 ____D C:\Users\Frank\Desktop\Monitoreinstellung
2013-11-04 10:11 - 2013-11-16 08:54 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Jaangle
2013-11-04 10:07 - 2013-11-04 10:07 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Comodo
2013-11-04 10:05 - 2013-11-04 10:05 - 00000650 _____ C:\Users\Frank\Desktop\Jaangle.lnk
2013-11-04 10:05 - 2013-11-04 10:05 - 00000650 _____ C:\Users\Admin\Desktop\Jaangle.lnk
2013-11-04 10:05 - 2013-11-04 10:05 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jaangle
2013-11-04 08:21 - 2013-11-04 08:30 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Comodo
2013-11-04 08:12 - 2013-11-04 08:12 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
2013-11-04 07:13 - 2013-11-21 00:21 - 01400720 _____ C:\Windows\system32\Drivers\sfi.dat
2013-11-04 07:13 - 2013-11-04 07:13 - 00000593 _____ C:\Users\Public\Desktop\Gemeinsamer Bereich.lnk
2013-11-04 07:13 - 2013-11-04 07:13 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
2013-11-04 07:12 - 2013-11-04 08:22 - 00000000 ____D C:\ProgramData\Comodo
2013-11-04 07:12 - 2013-11-04 07:13 - 00000000 ___SD C:\ProgramData\Shared Space
2013-11-04 07:12 - 2013-11-04 07:12 - 00000000 ____D C:\ProgramData\Comodo Downloader
2013-11-03 06:13 - 2013-11-03 06:13 - 00000000 ____D C:\Users\Frank\AppData\Roaming\GalileoPress
2013-11-03 02:47 - 2013-11-20 23:00 - 00000000 ____D C:\Users\Frank\AppData\Local\gtk-2.0
2013-11-03 01:37 - 2013-11-08 17:52 - 00000000 ____D C:\Users\Frank\AppData\Roaming\gtk-2.0
2013-11-03 01:27 - 2013-11-03 01:27 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KDE  Release
2013-11-03 01:27 - 2013-11-03 01:27 - 00000000 ____D C:\Users\Frank\AppData\Local\RawTherapee4.0.11
2013-11-03 00:55 - 2013-11-03 01:00 - 00000000 ____D C:\Users\Frank\.thumbnails
2013-11-03 00:26 - 2013-11-03 00:26 - 00000000 ____D C:\Users\Frank\AppData\Roaming\.marble
2013-11-02 21:55 - 2013-11-04 06:13 - 00000000 ____D C:\Users\Frank\Desktop\Catus-Latest
2013-11-02 21:15 - 2013-11-02 21:14 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-02 21:14 - 2013-11-02 21:14 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-02 21:14 - 2013-11-02 21:14 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-02 21:14 - 2013-11-02 21:14 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-11-01 02:10 - 2013-11-01 02:10 - 00000732 _____ C:\Users\Frank\Desktop\digiKam.lnk
2013-11-01 01:57 - 2013-11-01 02:00 - 00000000 ____D C:\Users\Frank\AppData\Roaming\.kde
2013-10-31 23:19 - 2013-11-21 00:24 - 00000000 ____D C:\Users\Frank\.rainlendar2
2013-10-31 23:19 - 2013-11-03 15:11 - 00000000 ____D C:\Users\Admin\.rainlendar2
2013-10-31 22:26 - 2013-04-17 08:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-10-31 22:26 - 2013-04-17 07:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-10-31 22:26 - 2011-03-11 07:41 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2013-10-31 22:26 - 2011-03-11 07:41 - 00189824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2013-10-31 22:26 - 2011-03-11 07:41 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2013-10-31 22:26 - 2011-03-11 07:41 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2013-10-31 22:26 - 2011-03-11 07:41 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2013-10-31 22:26 - 2011-03-11 07:41 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2013-10-31 22:26 - 2011-03-11 07:33 - 02565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2013-10-31 22:26 - 2011-03-11 07:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2013-10-31 22:26 - 2011-03-11 06:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2013-10-31 22:26 - 2011-03-11 06:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2013-10-31 22:26 - 2011-03-11 05:37 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2013-10-31 20:34 - 2013-11-20 23:39 - 00000000 ____D C:\Users\Admin
2013-10-31 20:34 - 2013-10-31 20:34 - 00070352 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-31 20:34 - 2013-10-31 20:34 - 00001421 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-31 20:34 - 2013-10-31 20:34 - 00000020 ___SH C:\Users\Admin\ntuser.ini
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 _SHDL C:\Users\Admin\Vorlagen
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 _SHDL C:\Users\Admin\Startmenü
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 _SHDL C:\Users\Admin\Netzwerkumgebung
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 _SHDL C:\Users\Admin\Lokale Einstellungen
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 _SHDL C:\Users\Admin\Eigene Dateien
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 _SHDL C:\Users\Admin\Druckumgebung
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 _SHDL C:\Users\Admin\Documents\Eigene Musik
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 _SHDL C:\Users\Admin\Documents\Eigene Bilder
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 _SHDL C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 _SHDL C:\Users\Admin\AppData\Local\Verlauf
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 _SHDL C:\Users\Admin\AppData\Local\Anwendungsdaten
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 _SHDL C:\Users\Admin\Anwendungsdaten
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 ___RD C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 ___RD C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 ____D C:\Users\Admin\AppData\Roaming\ATI
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Adobe
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 ____D C:\Users\Admin\AppData\Local\VirtualStore
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 ____D C:\Users\Admin\AppData\Local\ATI
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 ____D C:\Users\Admin\AppData\Local\AMD
2013-10-31 20:34 - 2009-07-14 05:54 - 00000000 ___RD C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-10-31 20:34 - 2009-07-14 05:49 - 00000000 ___RD C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-10-31 19:56 - 2013-10-31 19:56 - 00000000 ____D C:\Users\Frank\AppData\Roaming\LibreOffice
2013-10-31 19:38 - 2013-11-20 23:01 - 00000000 ____D C:\Users\Frank\.gimp-2.8
2013-10-31 19:38 - 2013-10-31 19:38 - 00000000 ____D C:\Users\Frank\AppData\Local\gegl-0.2
2013-10-31 18:58 - 2013-10-31 18:58 - 00000000 ____D C:\Users\Frank\AppData\Roaming\vlc
2013-10-31 18:49 - 2013-10-31 18:49 - 00000000 ____D C:\Users\Frank\AppData\Roaming\IrfanView
2013-10-31 18:35 - 2013-11-01 00:21 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Free Download Manager
2013-10-31 18:05 - 2013-11-21 00:20 - 00023992 _____ C:\Users\Frank\AppData\Roaming\Notepad2.ini
2013-10-31 18:05 - 2013-10-31 18:05 - 00000000 ____D C:\Program Files\Notepad2
2013-10-31 17:49 - 2013-10-31 17:50 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Notepad++
2013-10-31 17:49 - 2013-10-31 17:49 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2013-10-31 17:43 - 2013-10-31 17:43 - 00000986 _____ C:\Users\Frank\Desktop\Opera.lnk
2013-10-31 17:05 - 2013-10-31 17:10 - 00000000 ____D C:\Users\Frank\EBooks
2013-10-31 16:59 - 2013-11-11 21:38 - 00000000 ____D C:\Users\Frank\Projekte
2013-10-31 16:46 - 2013-11-13 13:12 - 00000000 ____D C:\Windows\system32\MRT
2013-10-31 16:46 - 2013-11-13 13:11 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-31 06:43 - 2013-10-31 06:43 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-31 06:43 - 2013-10-31 06:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-10-31 06:43 - 2013-10-31 06:43 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-10-31 06:43 - 2013-10-31 06:43 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-10-31 06:43 - 2013-10-31 06:43 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-10-31 06:43 - 2013-10-31 06:43 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-10-31 06:43 - 2013-10-31 06:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-10-31 06:43 - 2013-10-31 06:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-31 06:43 - 2013-10-31 06:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-10-31 06:43 - 2013-10-31 06:43 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-10-31 06:43 - 2013-10-31 06:43 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-10-31 06:43 - 2013-10-31 06:43 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-10-31 06:43 - 2013-10-31 06:43 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-10-31 06:43 - 2013-10-31 06:43 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-10-31 06:43 - 2013-10-31 06:43 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-10-31 06:43 - 2013-10-31 06:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-10-31 06:43 - 2013-10-31 06:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-10-31 06:43 - 2013-10-31 06:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-10-31 06:43 - 2013-10-31 06:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-10-31 06:43 - 2013-10-31 06:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-10-31 06:43 - 2013-10-31 06:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-10-31 06:39 - 2013-10-31 06:39 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-31 06:38 - 2013-10-31 06:49 - 00013955 _____ C:\Windows\IE10_main.log
2013-10-31 06:31 - 2010-02-23 09:16 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2013-10-31 06:23 - 2013-10-31 06:28 - 00004293 _____ C:\Windows\IE9_main.log
2013-10-31 06:14 - 2012-07-26 04:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2013-10-31 06:14 - 2012-07-26 04:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2013-10-31 06:14 - 2012-07-26 04:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-10-31 06:14 - 2012-07-26 04:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-10-31 06:14 - 2012-07-26 04:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2013-10-31 06:14 - 2012-07-26 03:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2013-10-31 06:14 - 2012-07-26 03:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2013-10-31 06:14 - 2012-06-02 15:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-10-31 06:11 - 2012-03-01 07:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2013-10-31 06:11 - 2012-03-01 07:33 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-10-31 06:11 - 2012-03-01 07:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2013-10-31 06:11 - 2012-03-01 06:33 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-10-31 06:11 - 2012-03-01 06:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2013-10-31 05:29 - 2013-10-31 05:29 - 00000000 ____D C:\Users\Frank\AppData\Local\Blizzard Entertainment
2013-10-31 05:05 - 2013-10-31 05:05 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2013-10-31 05:00 - 2013-10-31 05:00 - 00000000 ____D C:\ProgramData\Battle.net
2013-10-31 04:46 - 2013-09-21 17:19 - 00029251 _____ C:\Users\Frank\Desktop\baum.ods
2013-10-31 04:45 - 2013-10-31 04:46 - 00000000 ____D C:\Users\Frank\AppData\Roaming\SumatraPDF
2013-10-31 04:45 - 2013-10-31 04:45 - 00000000 ____D C:\Program Files (x86)\SumatraPDF
2013-10-31 04:40 - 2013-10-31 17:17 - 00000000 ____D C:\Users\Frank\Documents\Bewerbung
2013-10-31 04:40 - 2013-10-31 04:40 - 00000000 ____D C:\Users\Frank\Documents\Text
2013-10-31 04:40 - 2013-10-31 04:40 - 00000000 ____D C:\Users\Frank\Documents\Tabellen
2013-10-31 04:40 - 2013-10-31 04:40 - 00000000 ____D C:\Users\Frank\Documents\referenzen
2013-10-31 04:40 - 2013-10-31 04:40 - 00000000 ____D C:\Users\Frank\Documents\Rechnungen
2013-10-31 04:40 - 2013-10-31 04:40 - 00000000 ____D C:\Users\Frank\Documents\pdf
2013-10-31 04:40 - 2013-10-31 04:40 - 00000000 ____D C:\Users\Frank\Documents\ktechlab
2013-10-31 04:40 - 2013-10-31 04:40 - 00000000 ____D C:\Users\Frank\Documents\Inkscape
2013-10-31 04:40 - 2013-10-31 04:40 - 00000000 ____D C:\Users\Frank\Documents\freemind
2013-10-31 04:40 - 2009-11-05 21:15 - 00001675 _____ C:\Users\Frank\Documents\noitulos_rsa
2013-10-31 04:40 - 2009-11-05 21:15 - 00000400 _____ C:\Users\Frank\Documents\noitulos_rsa.pub
2013-10-31 04:40 - 2009-10-06 22:32 - 00004088 _____ C:\Users\Frank\Documents\pwd.psafe3
2013-10-31 04:40 - 2009-10-06 22:31 - 00004264 _____ C:\Users\Frank\Documents\pwd.psafe3~
2013-10-31 04:40 - 2009-09-06 20:07 - 00001716 _____ C:\Users\Frank\Documents\pwsafe.cfg
2013-10-31 04:40 - 2009-03-26 23:08 - 00004584 _____ C:\Users\Frank\Documents\pwd.ibak
2013-10-31 04:40 - 2009-02-11 18:15 - 02048000 _____ (SourceForge.net) C:\Users\Frank\Documents\pwsafe.exe
2013-10-31 04:40 - 2006-10-01 14:04 - 00004576 _____ C:\Users\Frank\Documents\pwd.dat
2013-10-31 04:39 - 2013-10-31 18:08 - 00000089 _____ C:\Users\Frank\Desktop\test.txt
2013-10-31 04:34 - 2013-10-31 04:35 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Curse Advertising
2013-10-31 04:32 - 2013-11-21 00:24 - 00000000 ____D C:\Users\Frank\AppData\Local\Deployment
2013-10-31 04:30 - 2013-10-31 17:18 - 00000000 ____D C:\Users\Frank\Projekte Alt
2013-10-31 04:30 - 2013-10-31 04:32 - 00000000 ____D C:\Users\Frank\AppData\Local\Apps\2.0
2013-10-31 04:18 - 2013-10-31 17:42 - 00001066 _____ C:\Users\Frank\Desktop\WoW.lnk
2013-10-31 04:16 - 2013-11-20 07:18 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{97C7CA33-6C76-460D-9713-52E49EED273B}
2013-10-31 04:02 - 2013-10-31 04:02 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Macromedia
2013-10-31 04:02 - 2013-10-31 04:02 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Adobe
2013-10-31 03:59 - 2013-10-31 03:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-31 03:59 - 2013-10-31 03:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-31 03:59 - 2013-10-31 03:59 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-10-31 03:59 - 2013-10-31 03:59 - 00000000 ____D C:\Windows\system32\Macromed
2013-10-31 03:54 - 2013-10-31 04:01 - 00000000 ____D C:\Users\Frank\AppData\Local\Adobe
2013-10-31 03:48 - 2013-10-31 03:48 - 00000000 ____D C:\Windows\system32\appmgmt
2013-10-31 03:44 - 2013-08-05 03:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-10-31 03:44 - 2013-08-02 03:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-10-31 03:44 - 2013-08-02 03:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-10-31 03:44 - 2013-08-02 03:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-10-31 03:44 - 2013-08-02 03:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-10-31 03:44 - 2013-08-02 03:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-10-31 03:44 - 2013-08-02 03:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 03:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 02:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-10-31 03:44 - 2013-08-02 02:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-10-31 03:44 - 2013-08-02 02:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-10-31 03:44 - 2013-08-02 02:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 02:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 02:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-10-31 03:44 - 2013-08-02 01:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-10-31 03:44 - 2013-08-02 01:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 01:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 01:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-10-31 03:44 - 2013-08-02 01:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-10-31 03:44 - 2013-07-19 02:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-10-31 03:44 - 2013-07-19 02:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-10-31 03:44 - 2013-07-09 06:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-10-31 03:44 - 2013-07-09 06:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-10-31 03:44 - 2013-07-09 06:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-10-31 03:44 - 2013-07-09 05:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-10-31 03:44 - 2013-07-09 05:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-10-31 03:44 - 2013-07-09 05:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-10-31 03:44 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-31 03:44 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-31 03:44 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-31 03:44 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-31 03:44 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-31 03:44 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-31 03:44 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-31 03:44 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-31 03:44 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-31 03:44 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-31 03:44 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-31 03:44 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-31 03:44 - 2013-04-26 00:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-10-31 03:44 - 2013-04-12 15:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-10-31 03:44 - 2013-03-31 23:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-10-31 03:44 - 2013-03-19 06:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-10-31 03:44 - 2013-03-19 06:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-10-31 03:44 - 2013-02-27 07:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-10-31 03:44 - 2013-02-27 06:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-10-31 03:44 - 2012-10-09 19:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2013-10-31 03:44 - 2012-10-09 19:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2013-10-31 03:44 - 2012-10-09 18:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2013-10-31 03:44 - 2012-10-09 18:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2013-10-31 03:44 - 2012-08-22 19:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-10-31 03:44 - 2012-07-04 21:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2013-10-31 03:44 - 2012-01-04 11:44 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2013-10-31 03:44 - 2012-01-04 09:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2013-10-31 03:44 - 2011-12-30 07:26 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2013-10-31 03:44 - 2011-12-30 06:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2013-10-31 03:44 - 2011-11-17 07:35 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2013-10-31 03:44 - 2011-11-17 06:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2013-10-31 03:44 - 2011-10-26 06:25 - 01572864 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2013-10-31 03:44 - 2011-10-26 05:32 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2013-10-31 03:44 - 2011-07-09 03:46 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2013-10-31 03:44 - 2011-06-16 06:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2013-10-31 03:44 - 2011-06-16 05:33 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2013-10-31 03:44 - 2011-06-15 11:02 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll
2013-10-31 03:44 - 2011-06-15 11:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll
2013-10-31 03:44 - 2011-06-15 11:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll
2013-10-31 03:44 - 2011-06-15 11:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll
2013-10-31 03:44 - 2011-06-15 09:55 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2013-10-31 03:44 - 2011-06-15 09:55 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2013-10-31 03:44 - 2011-06-15 09:55 - 00122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2013-10-31 03:44 - 2011-06-15 09:55 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2013-10-31 03:44 - 2011-06-15 09:55 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2013-10-31 03:44 - 2011-05-04 06:25 - 02315776 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2013-10-31 03:44 - 2011-05-04 06:22 - 02223616 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2013-10-31 03:44 - 2011-05-04 06:22 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2013-10-31 03:44 - 2011-05-04 06:22 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2013-10-31 03:44 - 2011-05-04 06:22 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2013-10-31 03:44 - 2011-05-04 06:22 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2013-10-31 03:44 - 2011-05-04 06:19 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2013-10-31 03:44 - 2011-05-04 06:19 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2013-10-31 03:44 - 2011-05-04 06:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2013-10-31 03:44 - 2011-05-04 05:34 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2013-10-31 03:44 - 2011-05-04 05:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2013-10-31 03:44 - 2011-05-04 05:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2013-10-31 03:44 - 2011-05-04 05:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2013-10-31 03:44 - 2011-05-04 05:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2013-10-31 03:44 - 2011-05-04 05:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2013-10-31 03:44 - 2011-05-04 05:28 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2013-10-31 03:44 - 2011-05-04 05:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2013-10-31 03:44 - 2011-05-04 05:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2013-10-31 03:44 - 2011-04-27 03:40 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2013-10-31 03:44 - 2011-04-27 03:39 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2013-10-31 03:44 - 2011-04-09 07:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2013-10-31 03:44 - 2011-04-09 06:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2013-10-31 03:44 - 2011-03-11 07:34 - 01395712 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2013-10-31 03:44 - 2011-03-11 07:34 - 01359872 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2013-10-31 03:44 - 2011-03-11 06:33 - 01164288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2013-10-31 03:44 - 2011-03-11 06:33 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2013-10-31 03:44 - 2011-02-25 07:19 - 02871808 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2013-10-31 03:44 - 2011-02-25 06:30 - 02616320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2013-10-31 03:44 - 2010-12-23 11:42 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2013-10-31 03:44 - 2010-12-23 11:42 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2013-10-31 03:44 - 2010-12-23 11:36 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2013-10-31 03:44 - 2010-12-23 06:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2013-10-31 03:44 - 2010-12-23 06:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2013-10-31 03:44 - 2010-12-23 06:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
__________________
Alt 21.11.2013, 13:59   #4
FFrank
 
Windows 7: merkwürdiges Verhalten (Prozesse beenden sehr langsam, Bildschirmflackern, seltsame Internetverbindung) - Standard

Windows 7: merkwürdiges Verhalten (Prozesse beenden sehr langsam, Bildschirmflackern, seltsame Internetverbindung)


FRST.txt [2]
Code:
ATTFilter
2013-10-31 03:43 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-31 03:43 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-31 03:43 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-31 03:43 - 2013-07-25 10:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-10-31 03:43 - 2013-07-25 09:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-10-31 03:43 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-31 03:43 - 2013-07-09 06:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-10-31 03:43 - 2013-07-09 05:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-10-31 03:43 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-31 03:43 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-31 03:43 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-31 03:43 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-31 03:43 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-31 03:43 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-31 03:43 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-31 03:43 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-31 03:43 - 2013-06-15 05:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-10-31 03:43 - 2013-06-04 07:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-10-31 03:43 - 2013-06-04 05:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-10-31 03:43 - 2013-02-12 05:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-10-31 03:43 - 2012-12-07 14:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2013-10-31 03:43 - 2012-12-07 14:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2013-10-31 03:43 - 2012-12-07 13:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-10-31 03:43 - 2012-12-07 13:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-10-31 03:43 - 2012-12-07 12:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2013-10-31 03:43 - 2012-12-07 12:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2013-10-31 03:43 - 2012-12-07 12:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2013-10-31 03:43 - 2012-12-07 12:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2013-10-31 03:43 - 2012-12-07 12:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2013-10-31 03:43 - 2012-12-07 12:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2013-10-31 03:43 - 2012-12-07 12:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2013-10-31 03:43 - 2012-12-07 12:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2013-10-31 03:43 - 2012-12-07 12:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2013-10-31 03:43 - 2012-12-07 12:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2013-10-31 03:43 - 2012-12-07 12:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2013-10-31 03:43 - 2012-12-07 12:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2013-10-31 03:43 - 2012-12-07 12:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2013-10-31 03:43 - 2012-12-07 12:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2013-10-31 03:43 - 2012-12-07 11:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-10-31 03:43 - 2012-12-07 11:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-10-31 03:43 - 2012-12-07 11:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-10-31 03:43 - 2012-12-07 11:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-10-31 03:43 - 2012-12-07 11:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-10-31 03:43 - 2012-12-07 11:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-10-31 03:43 - 2012-12-07 11:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-10-31 03:43 - 2012-12-07 11:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-10-31 03:43 - 2012-12-07 11:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-10-31 03:43 - 2012-12-07 11:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-10-31 03:43 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-10-31 03:43 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-10-31 03:43 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-10-31 03:43 - 2012-12-07 11:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-10-31 03:43 - 2012-11-28 23:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-10-31 03:43 - 2012-11-28 23:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-10-31 03:43 - 2012-11-28 23:56 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-10-31 03:43 - 2012-11-22 06:44 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2013-10-31 03:43 - 2012-11-22 05:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-10-31 03:43 - 2012-11-02 06:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2013-10-31 03:43 - 2012-11-02 06:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2013-10-31 03:43 - 2012-11-01 06:43 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2013-10-31 03:43 - 2012-11-01 06:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2013-10-31 03:43 - 2012-11-01 05:47 - 01389568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-10-31 03:43 - 2012-11-01 05:47 - 01236992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-10-31 03:43 - 2012-10-03 18:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2013-10-31 03:43 - 2012-10-03 18:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2013-10-31 03:43 - 2012-10-03 18:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2013-10-31 03:43 - 2012-10-03 18:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2013-10-31 03:43 - 2012-10-03 18:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2013-10-31 03:43 - 2012-10-03 18:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2013-10-31 03:43 - 2012-10-03 17:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2013-10-31 03:43 - 2012-10-03 17:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2013-10-31 03:43 - 2012-10-03 17:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2013-10-31 03:43 - 2012-10-03 17:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-10-31 03:43 - 2012-08-21 22:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2013-10-31 03:43 - 2012-05-01 06:40 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2013-10-31 03:43 - 2012-04-26 06:41 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2013-10-31 03:43 - 2012-04-26 06:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2013-10-31 03:43 - 2012-04-26 06:34 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2013-10-31 03:43 - 2012-01-13 08:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-10-31 03:43 - 2011-04-29 04:06 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2013-10-31 03:43 - 2011-04-29 04:05 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2013-10-31 03:43 - 2011-04-29 04:05 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2013-10-31 03:43 - 2011-04-22 23:15 - 00027520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2013-10-31 03:43 - 2011-03-03 07:24 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2013-10-31 03:43 - 2011-03-03 07:24 - 00183296 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2013-10-31 03:43 - 2011-03-03 07:21 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2013-10-31 03:43 - 2011-03-03 06:38 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2013-10-31 03:43 - 2011-03-03 06:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2013-10-31 03:43 - 2010-06-26 04:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2013-10-31 03:43 - 2010-06-26 04:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2013-10-31 03:42 - 2013-10-31 03:48 - 00000000 ____D C:\Program Files (x86)\Overwolf
2013-10-31 03:42 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-31 03:42 - 2012-04-28 04:55 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2013-10-31 03:42 - 2011-08-17 06:26 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2013-10-31 03:42 - 2011-08-17 06:25 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2013-10-31 03:42 - 2011-08-17 05:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2013-10-31 03:42 - 2011-08-17 05:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2013-10-31 03:41 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-31 03:41 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-31 03:41 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-31 03:41 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-31 03:41 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-31 03:40 - 2013-11-15 21:06 - 00000000 ____D C:\Users\Frank\AppData\Roaming\TS3Client
2013-10-31 03:40 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-31 03:40 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-31 03:40 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-31 03:40 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-31 03:40 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-31 03:40 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-31 03:40 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-31 03:40 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-31 03:40 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-31 03:40 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-31 03:39 - 2012-11-30 06:45 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-10-31 03:39 - 2012-11-30 06:45 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-10-31 03:39 - 2012-11-30 06:43 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-10-31 03:39 - 2012-11-30 00:17 - 00420064 _____ C:\Windows\SysWOW64\locale.nls
2013-10-31 03:39 - 2012-11-30 00:15 - 00420064 _____ C:\Windows\system32\locale.nls
2013-10-31 03:39 - 2012-09-25 23:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2013-10-31 03:39 - 2012-09-25 23:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2013-10-31 03:39 - 2012-08-11 01:56 - 00715776 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-10-31 03:39 - 2012-08-11 00:56 - 00542208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-10-31 03:39 - 2012-04-07 13:31 - 03216384 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2013-10-31 03:39 - 2012-04-07 12:26 - 02342400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2013-10-31 03:39 - 2012-03-17 08:58 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2013-10-31 03:38 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-31 03:38 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-31 03:38 - 2013-07-26 03:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-10-31 03:38 - 2013-07-26 03:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-10-31 03:38 - 2013-07-26 02:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-10-31 03:38 - 2013-07-26 02:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-10-31 03:38 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-31 03:38 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-31 03:38 - 2013-05-13 06:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-10-31 03:38 - 2013-05-13 04:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-10-31 03:38 - 2013-05-13 04:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-10-31 03:38 - 2013-05-13 04:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-10-31 03:38 - 2013-05-10 06:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-10-31 03:38 - 2013-05-10 04:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-10-31 03:38 - 2013-04-26 06:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-10-31 03:38 - 2013-04-26 05:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-10-31 03:38 - 2013-04-10 07:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-10-31 03:38 - 2013-01-24 07:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-10-31 03:38 - 2013-01-03 07:00 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-10-31 03:38 - 2012-11-23 04:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-10-31 03:38 - 2012-08-22 19:12 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-10-31 03:38 - 2012-07-04 23:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2013-10-31 03:38 - 2012-07-04 23:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2013-10-31 03:38 - 2012-07-04 23:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2013-10-31 03:38 - 2012-07-04 22:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2013-10-31 03:38 - 2012-07-04 22:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2013-10-31 03:38 - 2012-06-06 07:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2013-10-31 03:38 - 2012-06-06 06:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2013-10-31 03:38 - 2012-05-14 06:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-10-31 03:38 - 2012-05-05 09:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2013-10-31 03:38 - 2012-05-05 08:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2013-10-31 03:38 - 2012-02-11 07:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2013-10-31 03:38 - 2012-02-11 07:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2013-10-31 03:38 - 2011-12-16 09:46 - 00634880 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2013-10-31 03:38 - 2011-12-16 08:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2013-10-31 03:38 - 2011-11-19 15:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2013-10-31 03:38 - 2011-11-19 15:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2013-10-31 03:38 - 2011-10-15 07:31 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2013-10-31 03:38 - 2011-10-15 06:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2013-10-31 03:38 - 2011-08-27 06:37 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-10-31 03:38 - 2011-08-27 06:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2013-10-31 03:38 - 2011-08-27 05:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-10-31 03:38 - 2011-08-27 05:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2013-10-31 03:38 - 2011-05-24 12:42 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2013-10-31 03:38 - 2011-05-24 11:40 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2013-10-31 03:38 - 2011-05-24 11:40 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2013-10-31 03:38 - 2011-05-24 11:39 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2013-10-31 03:38 - 2011-05-24 11:37 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2013-10-31 03:38 - 2011-05-03 06:29 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2013-10-31 03:38 - 2011-05-03 05:30 - 00741376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2013-10-31 03:38 - 2011-02-23 05:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2013-10-31 03:38 - 2011-02-18 11:51 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
2013-10-31 03:38 - 2011-02-18 06:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2013-10-31 03:38 - 2011-02-12 12:34 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe
2013-10-31 03:38 - 2011-02-05 18:10 - 00642944 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2013-10-31 03:38 - 2011-02-05 18:10 - 00020352 _____ (Microsoft Corporation) C:\Windows\system32\kdusb.dll
2013-10-31 03:38 - 2011-02-05 18:10 - 00019328 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll
2013-10-31 03:38 - 2011-02-05 18:10 - 00017792 _____ (Microsoft Corporation) C:\Windows\system32\kdcom.dll
2013-10-31 03:38 - 2011-02-05 18:06 - 00605552 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2013-10-31 03:38 - 2011-02-05 18:06 - 00566208 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2013-10-31 03:38 - 2011-02-05 18:06 - 00518672 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2013-10-31 03:38 - 2011-02-03 12:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-10-31 03:24 - 2013-10-31 03:24 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Opera Software
2013-10-31 03:24 - 2013-10-31 03:24 - 00000000 ____D C:\Users\Frank\AppData\Local\Opera Software
2013-10-31 03:14 - 2012-02-17 07:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2013-10-31 03:14 - 2012-02-17 06:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2013-10-31 03:14 - 2012-02-17 05:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2013-10-31 03:10 - 2012-06-02 23:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-10-31 03:10 - 2012-06-02 23:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-10-31 03:10 - 2012-06-02 23:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-10-31 03:10 - 2012-06-02 23:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-10-31 03:10 - 2012-06-02 23:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-10-31 03:10 - 2012-06-02 23:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-10-31 03:10 - 2012-06-02 23:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-10-31 03:09 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-10-31 03:09 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-10-31 03:07 - 2013-10-31 03:07 - 00000000 ____D C:\OEMSettings
2013-10-31 03:06 - 2013-10-31 03:06 - 00000000 ____D C:\Program Files (x86)\NETGEAR
2013-10-31 03:06 - 2009-11-18 17:47 - 00446976 _____ (NETGEAR Inc.                           ) C:\Windows\system32\Drivers\wg111v3.sys
2013-10-31 03:05 - 2013-10-31 03:05 - 00000000 ____D C:\Windows\Downloaded Installations
2013-10-31 02:59 - 2013-10-31 02:59 - 00000017 _____ C:\Users\Frank\AppData\Local\resmon.resmoncfg
2013-10-31 02:51 - 2013-10-31 21:25 - 00070352 _____ C:\Users\Frank\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-31 02:51 - 2013-10-31 02:51 - 00000000 ____D C:\Users\Frank\AppData\Roaming\ATI
2013-10-31 02:51 - 2013-10-31 02:51 - 00000000 ____D C:\Users\Frank\AppData\Local\ATI
2013-10-31 02:51 - 2013-10-31 02:51 - 00000000 ____D C:\Users\Frank\AppData\Local\AMD
2013-10-31 02:51 - 2013-10-31 02:51 - 00000000 ____D C:\ProgramData\ATI
2013-10-31 02:51 - 2013-10-31 02:51 - 00000000 _____ C:\Windows\ativpsrm.bin
2013-10-31 02:50 - 2013-10-31 02:50 - 00066451 _____ C:\Windows\SysWOW64\CCCInstall_201310310250023003.log
2013-10-31 02:50 - 2013-10-31 02:50 - 00000000 ____D C:\Program Files\AMD
2013-10-31 02:50 - 2013-10-31 02:50 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-10-31 02:50 - 2013-10-31 02:50 - 00000000 ____D C:\Program Files (x86)\AMD
2013-10-31 02:49 - 2013-10-31 02:50 - 00000000 ____D C:\ProgramData\AMD
2013-10-31 02:48 - 2013-10-31 02:48 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-10-31 02:48 - 2013-10-31 02:48 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2013-10-31 02:46 - 2013-10-31 07:23 - 01591896 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-31 02:45 - 2013-10-31 02:48 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-31 02:43 - 2013-10-31 02:49 - 00000000 ____D C:\AMD
2013-10-31 02:41 - 2011-06-10 06:34 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2013-10-31 02:40 - 2013-10-31 02:40 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-10-31 02:40 - 2013-10-31 02:40 - 00000000 ____D C:\Program Files\Realtek
2013-10-31 02:40 - 2010-11-23 11:44 - 01247848 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2013-10-31 02:40 - 2010-11-23 11:16 - 02565736 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2013-10-31 02:40 - 2010-11-22 04:39 - 00626792 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2013-10-31 02:40 - 2010-11-18 08:01 - 02813544 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2013-10-31 02:40 - 2010-11-18 08:01 - 02186344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2013-10-31 02:40 - 2010-11-18 04:49 - 00121744 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2013-10-31 02:40 - 2010-11-15 15:56 - 02580824 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2013-10-31 02:40 - 2010-11-15 15:56 - 01870680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
2013-10-31 02:40 - 2010-11-11 06:27 - 00083048 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInst64.dll
2013-10-31 02:40 - 2010-11-08 11:36 - 00544768 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2013-10-31 02:40 - 2010-11-08 00:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2013-10-31 02:40 - 2010-11-08 00:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2013-10-31 02:40 - 2010-11-08 00:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2013-10-31 02:40 - 2010-11-08 00:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2013-10-31 02:40 - 2010-11-08 00:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2013-10-31 02:40 - 2010-11-08 00:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2013-10-31 02:40 - 2010-11-03 11:31 - 01146984 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2013-10-31 02:40 - 2010-11-03 11:31 - 00332392 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2013-10-31 02:40 - 2010-11-03 11:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2013-10-31 02:40 - 2010-11-02 02:35 - 01718616 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2013-10-31 02:40 - 2010-11-02 02:35 - 00127832 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2013-10-31 02:40 - 2010-11-02 02:34 - 00421720 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2013-10-31 02:40 - 2010-11-02 02:34 - 00108888 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2013-10-31 02:40 - 2010-11-02 02:34 - 00074584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2013-10-31 02:40 - 2010-10-03 06:46 - 00341336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2013-10-31 02:40 - 2010-09-27 02:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2013-10-31 02:40 - 2010-07-22 09:48 - 00220496 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\system32\SFNHK64.dll
2013-10-31 02:40 - 2010-07-22 09:48 - 00081232 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\system32\SFCOM64.dll
2013-10-31 02:40 - 2010-07-22 09:48 - 00078160 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\system32\SFAPO64.dll
2013-10-31 02:40 - 2010-07-22 09:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2013-10-31 02:40 - 2010-05-06 10:34 - 00334680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2013-10-31 02:40 - 2009-11-24 02:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2013-10-31 02:40 - 2009-11-24 02:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2013-10-31 02:40 - 2009-11-24 02:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2013-10-31 02:40 - 2009-11-24 02:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2013-10-31 02:40 - 2009-11-18 11:42 - 02197264 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2013-10-31 02:39 - 2013-11-08 01:11 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-10-31 02:39 - 2013-10-31 02:41 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-10-31 02:39 - 2010-11-03 11:29 - 01327208 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2013-10-31 02:39 - 2010-11-03 11:29 - 01179752 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2013-10-31 02:39 - 2010-11-03 11:29 - 01111656 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2013-10-31 02:39 - 2010-11-03 11:29 - 00504936 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2013-10-31 02:39 - 2010-11-03 11:29 - 00491112 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2013-10-31 02:39 - 2010-11-03 11:29 - 00475752 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2013-10-31 02:39 - 2010-11-03 11:29 - 00317032 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2013-10-31 02:39 - 2010-11-03 11:29 - 00269928 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2013-10-31 02:39 - 2010-11-03 11:29 - 00266856 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2013-10-31 02:39 - 2010-11-03 11:29 - 00126056 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2013-10-31 02:39 - 2010-11-03 11:29 - 00125544 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2013-10-31 02:39 - 2010-11-03 11:29 - 00125032 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2013-10-31 02:39 - 2010-10-29 03:29 - 01937312 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2013-10-31 02:39 - 2010-10-28 03:46 - 01251944 ____R (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2013-10-31 02:39 - 2010-07-22 09:37 - 00200800 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2013-10-31 02:39 - 2009-11-17 11:12 - 00108960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2013-10-31 02:26 - 2013-10-31 02:26 - 00000000 ____D C:\Program Files\ATI
2013-10-31 02:26 - 2009-08-23 23:55 - 00016440 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\Drivers\AtiPcie.sys
2013-10-31 02:25 - 2013-10-31 02:49 - 00000000 ____D C:\Program Files\ATI Technologies
2013-10-31 02:19 - 2013-10-31 02:41 - 00001769 _____ C:\Windows\Language_trs.ini
2013-10-31 02:19 - 2013-10-31 02:38 - 00028254 _____ C:\Windows\Ascd_tmp.ini
2013-10-31 02:17 - 2013-11-20 22:59 - 00000000 ____D C:\Users\Frank
2013-10-31 02:17 - 2013-11-03 05:57 - 00000000 ____D C:\Users\Frank\AppData\Local\VirtualStore
2013-10-31 02:17 - 2013-10-31 16:41 - 00000000 ___RD C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-31 02:17 - 2013-10-31 16:41 - 00000000 ___RD C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-31 02:17 - 2013-10-31 02:17 - 00000020 ___SH C:\Users\Frank\ntuser.ini
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Frank\Vorlagen
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Frank\Startmenü
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Frank\Netzwerkumgebung
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Frank\Lokale Einstellungen
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Frank\Eigene Dateien
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Frank\Druckumgebung
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Frank\Documents\Eigene Musik
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Frank\Documents\Eigene Bilder
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Frank\AppData\Local\Verlauf
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Frank\AppData\Local\Anwendungsdaten
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Frank\Anwendungsdaten
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Default\Vorlagen
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Programme
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\ProgramData\Vorlagen
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\ProgramData\Favoriten
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Dokumente und Einstellungen
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 __SHD C:\Recovery
2013-10-31 02:17 - 2009-07-14 05:54 - 00000000 ___RD C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-10-31 02:17 - 2009-07-14 05:49 - 00000000 ___RD C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-10-31 02:14 - 2013-10-31 02:14 - 00001355 _____ C:\Windows\TSSysprep.log
2013-10-31 02:12 - 2013-11-21 00:24 - 01481745 _____ C:\Windows\WindowsUpdate.log
2013-10-31 02:12 - 2013-10-31 02:12 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-10-31 02:09 - 2013-10-31 02:17 - 00000000 ____D C:\Windows\Panther
2013-10-25 17:39 - 2013-10-25 17:39 - 09763576 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2013-10-25 17:39 - 2013-10-25 17:39 - 08412168 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2013-10-25 17:39 - 2013-10-25 17:39 - 08287008 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2013-10-25 17:39 - 2013-10-25 17:39 - 06630232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2013-10-25 17:39 - 2013-10-25 17:39 - 01318040 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2013-10-25 17:39 - 2013-10-25 17:39 - 01099704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2013-10-25 17:39 - 2013-10-25 17:39 - 00157736 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2013-10-25 17:39 - 2013-10-25 17:39 - 00143304 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2013-10-25 17:39 - 2013-10-25 17:39 - 00142304 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2013-10-25 17:39 - 2013-10-25 17:39 - 00126336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2013-10-25 17:39 - 2013-10-25 17:39 - 00115512 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2013-10-25 17:39 - 2013-10-25 17:39 - 00098496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2013-10-25 17:39 - 2013-10-25 17:39 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2013-10-25 17:39 - 2013-10-25 17:39 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2013-10-25 17:39 - 2013-10-25 17:39 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2013-10-25 17:39 - 2013-10-25 17:39 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2013-10-25 17:38 - 2013-10-25 17:38 - 08927704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2013-10-25 17:38 - 2013-10-25 17:38 - 07751408 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2013-10-25 17:36 - 2013-10-25 17:36 - 13198848 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2013-10-25 17:23 - 2013-10-25 17:23 - 01187342 _____ C:\Windows\system32\amdocl_as64.exe
2013-10-25 17:23 - 2013-10-25 17:23 - 01061902 _____ C:\Windows\system32\amdocl_ld64.exe
2013-10-25 17:23 - 2013-10-25 17:23 - 00995342 _____ C:\Windows\SysWOW64\amdocl_as32.exe
2013-10-25 17:23 - 2013-10-25 17:23 - 00798734 _____ C:\Windows\SysWOW64\amdocl_ld32.exe
2013-10-25 17:23 - 2013-10-25 17:23 - 00230912 _____ C:\Windows\system32\clinfo.exe
2013-10-25 17:23 - 2013-10-25 17:23 - 00100352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2013-10-25 17:22 - 2013-10-25 17:22 - 29363712 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2013-10-25 17:22 - 2013-10-25 17:22 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2013-10-25 17:22 - 2013-10-25 17:22 - 00083968 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2013-10-25 17:22 - 2013-10-25 17:22 - 00073728 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2013-10-25 17:20 - 2013-10-25 17:20 - 24846848 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2013-10-25 17:17 - 2013-10-25 17:17 - 00063488 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2013-10-25 17:17 - 2013-10-25 17:17 - 00057344 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2013-10-25 17:13 - 2013-10-25 17:13 - 00129536 _____ (AMD) C:\Windows\system32\coinst_13.25.18.dll
2013-10-25 16:59 - 2013-10-25 16:59 - 26350592 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2013-10-25 16:56 - 2013-10-25 16:56 - 00547152 _____ C:\Windows\SysWOW64\atiapfxx.blb
2013-10-25 16:56 - 2013-10-25 16:56 - 00547152 _____ C:\Windows\system32\atiapfxx.blb
2013-10-25 16:56 - 2013-10-25 16:56 - 00368640 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2013-10-25 16:56 - 2013-10-25 16:56 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2013-10-25 16:56 - 2013-10-25 16:56 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2013-10-25 16:56 - 2013-10-25 16:56 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2013-10-25 16:55 - 2013-10-25 16:55 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2013-10-25 16:55 - 2013-10-25 16:55 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2013-10-25 16:52 - 2013-10-25 16:52 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2013-10-25 16:41 - 2013-10-25 16:41 - 22156288 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2013-10-25 16:36 - 2013-10-25 16:36 - 00585216 _____ (AMD) C:\Windows\system32\atieclxx.exe
2013-10-25 16:36 - 2013-10-25 16:36 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2013-10-25 16:36 - 2013-10-25 16:36 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2013-10-25 16:35 - 2013-10-25 16:35 - 00239616 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2013-10-25 16:34 - 2013-10-25 16:34 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2013-10-25 16:21 - 2013-10-25 16:21 - 03399312 _____ C:\Windows\system32\atiumd6a.cap
2013-10-25 16:18 - 2013-10-25 16:18 - 00204952 _____ C:\Windows\SysWOW64\ativvsvl.dat
2013-10-25 16:18 - 2013-10-25 16:18 - 00204952 _____ C:\Windows\system32\ativvsvl.dat
2013-10-25 16:18 - 2013-10-25 16:18 - 00157144 _____ C:\Windows\SysWOW64\ativvsva.dat
2013-10-25 16:18 - 2013-10-25 16:18 - 00157144 _____ C:\Windows\system32\ativvsva.dat
2013-10-25 16:10 - 2013-10-25 16:10 - 03433360 _____ C:\Windows\SysWOW64\atiumdva.cap
2013-10-25 16:06 - 2013-10-25 16:06 - 01145344 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2013-10-25 16:06 - 2013-10-25 16:06 - 00825856 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2013-10-25 16:05 - 2013-10-25 16:05 - 00624128 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2013-10-25 16:05 - 2013-10-25 16:05 - 00100352 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2013-10-25 16:05 - 2013-10-25 16:05 - 00096768 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2013-10-25 16:05 - 2013-10-25 16:05 - 00074752 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2013-10-25 16:05 - 2013-10-25 16:05 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2013-10-25 16:05 - 2013-10-25 16:05 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2013-10-25 16:02 - 2013-10-25 16:02 - 00096256 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2013-10-25 16:02 - 2013-10-25 16:02 - 00090112 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2013-10-25 16:02 - 2013-10-25 16:02 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2013-10-25 16:01 - 2013-10-25 16:01 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2013-10-25 16:01 - 2013-10-25 16:01 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2013-10-25 12:33 - 2013-10-25 12:33 - 00051200 _____ C:\Windows\system32\kdbsdk64.dll
2013-10-25 12:28 - 2013-10-25 12:28 - 00038912 _____ C:\Windows\SysWOW64\kdbsdk32.dll

==================== One Month Modified Files and Folders =======

2013-11-21 00:29 - 2013-11-21 00:29 - 00006264 _____ C:\Users\Frank\Downloads\FRST.txt
2013-11-21 00:28 - 2009-07-14 05:45 - 00022512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-21 00:28 - 2009-07-14 05:45 - 00022512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-21 00:27 - 2013-11-21 00:27 - 00023407 _____ C:\Users\Frank\Downloads\Addition2.txt
2013-11-21 00:27 - 2013-11-21 00:25 - 00182926 _____ C:\Users\Frank\Downloads\FRST2.txt
2013-11-21 00:26 - 2011-04-12 08:43 - 00698688 _____ C:\Windows\system32\perfh007.dat
2013-11-21 00:26 - 2011-04-12 08:43 - 00148828 _____ C:\Windows\system32\perfc007.dat
2013-11-21 00:26 - 2009-07-14 06:13 - 01618320 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-21 00:25 - 2013-11-14 17:35 - 02071544 _____ C:\Windows\system32\Drivers\fvstore.dat
2013-11-21 00:24 - 2013-10-31 23:19 - 00000000 ____D C:\Users\Frank\.rainlendar2
2013-11-21 00:24 - 2013-10-31 04:32 - 00000000 ____D C:\Users\Frank\AppData\Local\Deployment
2013-11-21 00:24 - 2013-10-31 02:12 - 01481745 _____ C:\Windows\WindowsUpdate.log
2013-11-21 00:21 - 2013-11-04 07:13 - 01400720 _____ C:\Windows\system32\Drivers\sfi.dat
2013-11-21 00:21 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-21 00:21 - 2009-07-14 05:51 - 00046578 _____ C:\Windows\setupact.log
2013-11-21 00:20 - 2013-11-12 12:41 - 00000000 ____D C:\Users\Frank\AppData\Roaming\ClassicShell
2013-11-21 00:20 - 2013-10-31 18:05 - 00023992 _____ C:\Users\Frank\AppData\Roaming\Notepad2.ini
2013-11-21 00:06 - 2013-11-21 00:04 - 00022999 _____ C:\Users\Frank\Downloads\Addition1.txt
2013-11-21 00:06 - 2013-11-20 23:49 - 00182182 _____ C:\Users\Frank\Downloads\FRST1.txt
2013-11-20 23:45 - 2013-11-20 23:45 - 00000000 ____D C:\FRST
2013-11-20 23:41 - 2013-11-20 23:41 - 00377856 _____ C:\Users\Frank\Downloads\8441b6d4.exe
2013-11-20 23:40 - 2013-11-20 23:40 - 01957964 _____ (Farbar) C:\Users\Frank\Downloads\FRST64.exe
2013-11-20 23:39 - 2013-11-20 23:39 - 00000472 _____ C:\Users\Frank\Downloads\defogger_disable.log
2013-11-20 23:39 - 2013-11-20 23:39 - 00000000 _____ C:\Users\Admin\defogger_reenable
2013-11-20 23:39 - 2013-10-31 20:34 - 00000000 ____D C:\Users\Admin
2013-11-20 23:38 - 2013-11-20 23:38 - 00050477 _____ C:\Users\Frank\Downloads\Defogger.exe
2013-11-20 23:01 - 2013-10-31 19:38 - 00000000 ____D C:\Users\Frank\.gimp-2.8
2013-11-20 23:01 - 2009-07-14 06:08 - 00010962 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-20 23:00 - 2013-11-20 23:00 - 02701261 _____ C:\Users\Frank\Documents\seltsamerprozess.xcf
2013-11-20 23:00 - 2013-11-20 23:00 - 00027119 _____ C:\Users\Frank\AppData\Local\recently-used.xbel
2013-11-20 23:00 - 2013-11-03 02:47 - 00000000 ____D C:\Users\Frank\AppData\Local\gtk-2.0
2013-11-20 22:59 - 2013-10-31 02:17 - 00000000 ____D C:\Users\Frank
2013-11-20 22:38 - 2013-11-19 12:41 - 00000320 _____ C:\Users\Frank\Desktop\Neues Textdokument.txt
2013-11-20 22:05 - 2013-11-20 22:05 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2013-11-20 22:05 - 2013-11-20 22:03 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Notepad++
2013-11-20 22:01 - 2013-11-20 22:01 - 00013516 _____ C:\Users\Frank\Documents\.test.dmp
2013-11-20 21:54 - 2013-11-07 09:33 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Skype
2013-11-20 10:11 - 2013-11-20 10:04 - 52800336 _____ C:\Users\Frank\Downloads\fritzbox-labor-3272-26627.zip
2013-11-20 07:18 - 2013-10-31 04:16 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{97C7CA33-6C76-460D-9713-52E49EED273B}
2013-11-19 13:34 - 2013-11-19 13:33 - 17686528 _____ (AVM Berlin) C:\Users\Frank\Downloads\FRITZ.Box_3272.05.50.recover-image.exe
2013-11-19 12:53 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-19 12:24 - 2013-11-15 14:59 - 00000000 ____D C:\Users\Frank\AppData\Local\PasswordSafe
2013-11-19 11:03 - 2013-11-08 09:18 - 00000000 ____D C:\Users\Frank\AppData\Local\The Witcher
2013-11-19 09:20 - 2013-11-19 09:20 - 00001895 _____ C:\Users\Frank\Downloads\recover.txt
2013-11-19 09:19 - 2013-11-19 09:19 - 00387969 _____ C:\Users\Frank\Downloads\AVM Service-Portal.htm
2013-11-19 09:19 - 2013-11-19 09:19 - 00002456 _____ C:\Users\Frank\Downloads\FRITZ!BoxInternet.htm
2013-11-19 09:19 - 2013-11-19 09:19 - 00000000 ____D C:\Users\Frank\Downloads\FRITZ!BoxInternet_files
2013-11-19 09:19 - 2013-11-19 09:19 - 00000000 ____D C:\Users\Frank\Downloads\AVM Service-Portal_files
2013-11-19 09:18 - 2013-11-19 09:18 - 00002456 _____ C:\Users\Frank\Downloads\FRITZ!BoxRepeater.htm
2013-11-19 09:18 - 2013-11-19 09:18 - 00002452 _____ C:\Users\Frank\Downloads\FRITZ!BoxWlan.htm
2013-11-19 09:18 - 2013-11-19 09:18 - 00000000 ____D C:\Users\Frank\Downloads\FRITZ!BoxWlan_files
2013-11-19 09:18 - 2013-11-19 09:18 - 00000000 ____D C:\Users\Frank\Downloads\FRITZ!BoxRepeater_files
2013-11-19 09:17 - 2013-11-19 09:17 - 00002448 _____ C:\Users\Frank\Downloads\FRITZ!Box.htm
2013-11-19 09:17 - 2013-11-19 09:17 - 00000000 ____D C:\Users\Frank\Downloads\FRITZ!Box_files
2013-11-19 09:11 - 2013-11-19 09:11 - 00137147 _____ C:\Users\Frank\Downloads\FRITZ.Box Fon WLAN 7141 (UI) 40.04.76_19.11.13_0911.export
2013-11-19 09:09 - 2013-11-19 09:09 - 07529784 _____ (AVM Berlin) C:\Users\Frank\Downloads\fritz.box_fon_wlan_7141.04.76.recover-image.exe
2013-11-16 08:54 - 2013-11-04 10:11 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Jaangle
2013-11-16 08:31 - 2013-11-16 08:31 - 00533569 _____ C:\Users\Frank\Downloads\2DSDV.rar
2013-11-15 23:27 - 2013-11-14 17:28 - 00000000 ___HD C:\VTRoot
2013-11-15 23:22 - 2013-11-15 23:22 - 00031232 ___SH C:\Users\Frank\Thumbs.db
2013-11-15 23:19 - 2013-11-15 23:15 - 47882360 _____ C:\Users\Frank\Downloads\calibre-portable-installer-1.11.0.exe
2013-11-15 23:09 - 2013-11-15 23:09 - 00474121 _____ C:\Users\Frank\Downloads\1DLW.rar
2013-11-15 21:06 - 2013-10-31 03:40 - 00000000 ____D C:\Users\Frank\AppData\Roaming\TS3Client
2013-11-15 17:00 - 2013-11-15 16:59 - 01467128 _____ C:\Users\Frank\Downloads\SystemCheck_deDE.exe
2013-11-15 14:59 - 2013-11-15 14:59 - 00000000 ____D C:\Users\Frank\Documents\My Safes
2013-11-15 14:59 - 2013-11-15 14:59 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Password Safe
2013-11-15 14:51 - 2013-11-15 14:50 - 13998435 _____ C:\Users\Frank\Downloads\pwsafe-3.32.exe
2013-11-14 19:00 - 2013-11-14 19:00 - 00000688 _____ C:\Users\Frank\Desktop\TeamSpeak 3 Client.lnk
2013-11-14 12:38 - 2013-09-24 11:54 - 00709144 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
2013-11-14 12:38 - 2013-09-24 11:53 - 00043216 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2013-11-14 06:20 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-13 13:12 - 2013-10-31 16:46 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 13:11 - 2013-10-31 16:46 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 12:50 - 2013-11-04 10:39 - 00000000 ____D C:\Users\Frank\Desktop\Monitoreinstellung
2013-11-12 14:18 - 2013-11-12 14:18 - 00000000 ____D C:\dummy
2013-11-12 13:31 - 2013-11-12 02:00 - 00000000 ____D C:\Users\Frank\AppData\Roaming\doublecmd
2013-11-12 13:07 - 2013-11-12 00:18 - 00007591 _____ C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2013-11-12 12:36 - 2013-11-12 12:36 - 00000000 ____D C:\Users\Admin\AppData\Roaming\LibreOffice
2013-11-12 04:03 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-12 03:31 - 2013-11-11 20:29 - 00000000 ____D C:\Users\Frank\AppData\Local\GHISLER
2013-11-12 03:31 - 2013-11-11 20:16 - 00000000 ____D C:\Users\Frank\AppData\Roaming\GHISLER
2013-11-12 03:00 - 2013-11-12 03:00 - 00000000 ____D C:\Users\Frank\AppData\Local\doublecmd
2013-11-12 02:00 - 2013-11-12 02:00 - 00000705 _____ C:\Users\Public\Desktop\Double Commander.lnk
2013-11-12 01:58 - 2013-11-12 01:52 - 00000000 ____D C:\Users\Admin\.mucommander
2013-11-12 00:10 - 2013-11-12 00:10 - 00001183 _____ C:\Users\Frank\Desktop\Control Panel.lnk
2013-11-11 21:38 - 2013-10-31 16:59 - 00000000 ____D C:\Users\Frank\Projekte
2013-11-11 20:16 - 2013-11-11 20:16 - 00000000 ____D C:\Users\Admin\AppData\Roaming\GHISLER
2013-11-08 17:52 - 2013-11-03 01:37 - 00000000 ____D C:\Users\Frank\AppData\Roaming\gtk-2.0
2013-11-08 15:53 - 2013-11-08 13:55 - 00000000 ____D C:\Users\Frank\AppData\Roaming\dispcalGUI
2013-11-08 14:09 - 2013-11-08 14:09 - 00000000 ____D C:\Users\Frank\AppData\Roaming\ArgyllCMS
2013-11-08 13:54 - 2013-11-08 13:54 - 00000000 ____D C:\ProgramData\dispcalGUI
2013-11-08 13:46 - 2013-11-08 13:47 - 00052832 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\system32\Drivers\libusb0.sys
2013-11-08 10:44 - 2013-11-08 09:18 - 00000000 ____D C:\Users\Frank\Documents\The Witcher
2013-11-08 01:57 - 2013-11-08 01:48 - 00000000 ____D C:\Users\Frank\Desktop\Witcher3
2013-11-08 01:41 - 2013-11-06 23:58 - 00027522 _____ C:\Windows\DirectX.log
2013-11-08 01:39 - 2013-11-08 01:10 - 00000000 ____D C:\Users\Public\Documents\The Witcher
2013-11-08 01:11 - 2013-10-31 02:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-07 14:41 - 2013-11-07 13:13 - 00000000 ____D C:\Users\Frank\AppData\Roaming\TeamViewer
2013-11-07 09:33 - 2013-11-07 09:33 - 00000000 ____D C:\ProgramData\Skype
2013-11-07 09:13 - 2013-11-07 09:12 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Mozilla
2013-11-07 09:12 - 2013-11-07 09:12 - 00000000 ____D C:\Users\Frank\AppData\Local\Mozilla
2013-11-07 09:12 - 2013-11-07 09:12 - 00000000 ____D C:\ProgramData\Mozilla
2013-11-07 09:12 - 2013-11-07 09:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-07 08:53 - 2010-11-21 04:47 - 00005136 _____ C:\Windows\PFRO.log
2013-11-06 23:59 - 2013-11-06 23:43 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-11-06 23:43 - 2013-11-06 23:43 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2013-11-06 23:42 - 2013-11-06 23:42 - 00000715 _____ C:\Users\Admin\Desktop\MSI Afterburner.lnk
2013-11-06 23:42 - 2013-11-06 23:42 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2013-11-06 22:56 - 2013-11-06 22:56 - 00031136 _____ (REALiX(tm)) C:\Windows\system32\Drivers\HWiNFO64A.SYS
2013-11-06 22:55 - 2013-11-06 22:55 - 00000000 ____D C:\Program Files\HWiNFO64
2013-11-05 17:09 - 2013-11-05 17:01 - 00007121 _____ C:\Users\Frank\Documents\grey1.xcf
2013-11-04 15:31 - 2013-11-04 15:31 - 00000630 _____ C:\Users\Admin\Desktop\ICC3D.lnk
2013-11-04 15:31 - 2013-11-04 15:31 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICC3D
2013-11-04 15:10 - 2013-11-04 15:10 - 00000660 _____ C:\Users\Admin\Desktop\ICC Profile Inspector.lnk
2013-11-04 10:07 - 2013-11-04 10:07 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Comodo
2013-11-04 10:05 - 2013-11-04 10:05 - 00000650 _____ C:\Users\Frank\Desktop\Jaangle.lnk
2013-11-04 10:05 - 2013-11-04 10:05 - 00000650 _____ C:\Users\Admin\Desktop\Jaangle.lnk
2013-11-04 10:05 - 2013-11-04 10:05 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jaangle
2013-11-04 08:30 - 2013-11-04 08:21 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Comodo
2013-11-04 08:22 - 2013-11-04 07:12 - 00000000 ____D C:\ProgramData\Comodo
2013-11-04 08:12 - 2013-11-04 08:12 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
2013-11-04 07:13 - 2013-11-04 07:13 - 00000593 _____ C:\Users\Public\Desktop\Gemeinsamer Bereich.lnk
2013-11-04 07:13 - 2013-11-04 07:13 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
2013-11-04 07:13 - 2013-11-04 07:12 - 00000000 ___SD C:\ProgramData\Shared Space
2013-11-04 07:12 - 2013-11-04 07:12 - 00000000 ____D C:\ProgramData\Comodo Downloader
2013-11-04 06:13 - 2013-11-02 21:55 - 00000000 ____D C:\Users\Frank\Desktop\Catus-Latest
2013-11-03 15:11 - 2013-10-31 23:19 - 00000000 ____D C:\Users\Admin\.rainlendar2
2013-11-03 06:13 - 2013-11-03 06:13 - 00000000 ____D C:\Users\Frank\AppData\Roaming\GalileoPress
2013-11-03 05:57 - 2013-10-31 02:17 - 00000000 ____D C:\Users\Frank\AppData\Local\VirtualStore
2013-11-03 01:27 - 2013-11-03 01:27 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KDE  Release
2013-11-03 01:27 - 2013-11-03 01:27 - 00000000 ____D C:\Users\Frank\AppData\Local\RawTherapee4.0.11
2013-11-03 01:00 - 2013-11-03 00:55 - 00000000 ____D C:\Users\Frank\.thumbnails
2013-11-03 00:26 - 2013-11-03 00:26 - 00000000 ____D C:\Users\Frank\AppData\Roaming\.marble
2013-11-02 21:14 - 2013-11-02 21:15 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-02 21:14 - 2013-11-02 21:14 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-02 21:14 - 2013-11-02 21:14 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-02 21:14 - 2013-11-02 21:14 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-11-01 10:51 - 2009-07-14 05:45 - 00323608 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-01 02:10 - 2013-11-01 02:10 - 00000732 _____ C:\Users\Frank\Desktop\digiKam.lnk
2013-11-01 02:00 - 2013-11-01 01:57 - 00000000 ____D C:\Users\Frank\AppData\Roaming\.kde
2013-11-01 00:21 - 2013-10-31 18:35 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Free Download Manager
2013-10-31 21:25 - 2013-10-31 02:51 - 00070352 _____ C:\Users\Frank\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-31 20:34 - 2013-10-31 20:34 - 00070352 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-31 20:34 - 2013-10-31 20:34 - 00001421 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-31 20:34 - 2013-10-31 20:34 - 00000020 ___SH C:\Users\Admin\ntuser.ini
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 _SHDL C:\Users\Admin\Vorlagen
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 _SHDL C:\Users\Admin\Startmenü
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 _SHDL C:\Users\Admin\Netzwerkumgebung
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 _SHDL C:\Users\Admin\Lokale Einstellungen
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 _SHDL C:\Users\Admin\Eigene Dateien
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 _SHDL C:\Users\Admin\Druckumgebung
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 _SHDL C:\Users\Admin\Documents\Eigene Musik
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 _SHDL C:\Users\Admin\Documents\Eigene Bilder
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 _SHDL C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 _SHDL C:\Users\Admin\AppData\Local\Verlauf
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 _SHDL C:\Users\Admin\AppData\Local\Anwendungsdaten
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 _SHDL C:\Users\Admin\Anwendungsdaten
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 ___RD C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 ___RD C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 ____D C:\Users\Admin\AppData\Roaming\ATI
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Adobe
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 ____D C:\Users\Admin\AppData\Local\VirtualStore
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 ____D C:\Users\Admin\AppData\Local\ATI
2013-10-31 20:34 - 2013-10-31 20:34 - 00000000 ____D C:\Users\Admin\AppData\Local\AMD
2013-10-31 19:56 - 2013-10-31 19:56 - 00000000 ____D C:\Users\Frank\AppData\Roaming\LibreOffice
2013-10-31 19:38 - 2013-10-31 19:38 - 00000000 ____D C:\Users\Frank\AppData\Local\gegl-0.2
2013-10-31 18:58 - 2013-10-31 18:58 - 00000000 ____D C:\Users\Frank\AppData\Roaming\vlc
2013-10-31 18:49 - 2013-10-31 18:49 - 00000000 ____D C:\Users\Frank\AppData\Roaming\IrfanView
2013-10-31 18:08 - 2013-10-31 04:39 - 00000089 _____ C:\Users\Frank\Desktop\test.txt
2013-10-31 18:05 - 2013-10-31 18:05 - 00000000 ____D C:\Program Files\Notepad2
2013-10-31 17:50 - 2013-10-31 17:49 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Notepad++
2013-10-31 17:49 - 2013-10-31 17:49 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2013-10-31 17:43 - 2013-10-31 17:43 - 00000986 _____ C:\Users\Frank\Desktop\Opera.lnk
2013-10-31 17:42 - 2013-10-31 04:18 - 00001066 _____ C:\Users\Frank\Desktop\WoW.lnk
2013-10-31 17:18 - 2013-10-31 04:30 - 00000000 ____D C:\Users\Frank\Projekte Alt
2013-10-31 17:17 - 2013-10-31 04:40 - 00000000 ____D C:\Users\Frank\Documents\Bewerbung
2013-10-31 17:10 - 2013-10-31 17:05 - 00000000 ____D C:\Users\Frank\EBooks
2013-10-31 16:41 - 2013-10-31 02:17 - 00000000 ___RD C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-31 16:41 - 2013-10-31 02:17 - 00000000 ___RD C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-31 16:36 - 2011-04-12 08:55 - 00000000 ____D C:\Program Files\Windows Journal
2013-10-31 16:36 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-10-31 16:36 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-10-31 16:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-10-31 16:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-10-31 16:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-10-31 16:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-10-31 16:36 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-10-31 07:23 - 2013-10-31 02:46 - 01591896 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-31 06:49 - 2013-10-31 06:38 - 00013955 _____ C:\Windows\IE10_main.log
2013-10-31 06:43 - 2013-10-31 06:43 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-31 06:43 - 2013-10-31 06:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-10-31 06:43 - 2013-10-31 06:43 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-10-31 06:43 - 2013-10-31 06:43 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-10-31 06:43 - 2013-10-31 06:43 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-10-31 06:43 - 2013-10-31 06:43 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-10-31 06:43 - 2013-10-31 06:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-10-31 06:43 - 2013-10-31 06:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-31 06:43 - 2013-10-31 06:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-10-31 06:43 - 2013-10-31 06:43 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-10-31 06:43 - 2013-10-31 06:43 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-10-31 06:43 - 2013-10-31 06:43 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-10-31 06:43 - 2013-10-31 06:43 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-10-31 06:43 - 2013-10-31 06:43 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-10-31 06:43 - 2013-10-31 06:43 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-10-31 06:43 - 2013-10-31 06:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-10-31 06:43 - 2013-10-31 06:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-10-31 06:43 - 2013-10-31 06:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-10-31 06:43 - 2013-10-31 06:43 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-10-31 06:43 - 2013-10-31 06:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-10-31 06:43 - 2013-10-31 06:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-10-31 06:43 - 2013-10-31 06:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-10-31 06:39 - 2013-10-31 06:39 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-31 06:39 - 2013-10-31 06:39 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-31 06:28 - 2013-10-31 06:23 - 00004293 _____ C:\Windows\IE9_main.log
2013-10-31 05:29 - 2013-10-31 05:29 - 00000000 ____D C:\Users\Frank\AppData\Local\Blizzard Entertainment
2013-10-31 05:05 - 2013-10-31 05:05 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2013-10-31 05:00 - 2013-10-31 05:00 - 00000000 ____D C:\ProgramData\Battle.net
2013-10-31 04:46 - 2013-10-31 04:45 - 00000000 ____D C:\Users\Frank\AppData\Roaming\SumatraPDF
2013-10-31 04:45 - 2013-10-31 04:45 - 00000000 ____D C:\Program Files (x86)\SumatraPDF
2013-10-31 04:40 - 2013-10-31 04:40 - 00000000 ____D C:\Users\Frank\Documents\Text
2013-10-31 04:40 - 2013-10-31 04:40 - 00000000 ____D C:\Users\Frank\Documents\Tabellen
2013-10-31 04:40 - 2013-10-31 04:40 - 00000000 ____D C:\Users\Frank\Documents\referenzen
2013-10-31 04:40 - 2013-10-31 04:40 - 00000000 ____D C:\Users\Frank\Documents\Rechnungen
2013-10-31 04:40 - 2013-10-31 04:40 - 00000000 ____D C:\Users\Frank\Documents\pdf
2013-10-31 04:40 - 2013-10-31 04:40 - 00000000 ____D C:\Users\Frank\Documents\ktechlab
2013-10-31 04:40 - 2013-10-31 04:40 - 00000000 ____D C:\Users\Frank\Documents\Inkscape
2013-10-31 04:40 - 2013-10-31 04:40 - 00000000 ____D C:\Users\Frank\Documents\freemind
2013-10-31 04:35 - 2013-10-31 04:34 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Curse Advertising
2013-10-31 04:32 - 2013-10-31 04:30 - 00000000 ____D C:\Users\Frank\AppData\Local\Apps\2.0
2013-10-31 04:02 - 2013-10-31 04:02 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Macromedia
2013-10-31 04:02 - 2013-10-31 04:02 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Adobe
2013-10-31 04:01 - 2013-10-31 03:54 - 00000000 ____D C:\Users\Frank\AppData\Local\Adobe
2013-10-31 03:59 - 2013-10-31 03:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-31 03:59 - 2013-10-31 03:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-31 03:59 - 2013-10-31 03:59 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-10-31 03:59 - 2013-10-31 03:59 - 00000000 ____D C:\Windows\system32\Macromed
2013-10-31 03:48 - 2013-10-31 03:48 - 00000000 ____D C:\Windows\system32\appmgmt
2013-10-31 03:48 - 2013-10-31 03:42 - 00000000 ____D C:\Program Files (x86)\Overwolf
2013-10-31 03:24 - 2013-10-31 03:24 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Opera Software
2013-10-31 03:24 - 2013-10-31 03:24 - 00000000 ____D C:\Users\Frank\AppData\Local\Opera Software
2013-10-31 03:10 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-10-31 03:07 - 2013-10-31 03:07 - 00000000 ____D C:\OEMSettings
2013-10-31 03:06 - 2013-10-31 03:06 - 00000000 ____D C:\Program Files (x86)\NETGEAR
2013-10-31 03:05 - 2013-10-31 03:05 - 00000000 ____D C:\Windows\Downloaded Installations
2013-10-31 02:59 - 2013-10-31 02:59 - 00000017 _____ C:\Users\Frank\AppData\Local\resmon.resmoncfg
2013-10-31 02:51 - 2013-10-31 02:51 - 00000000 ____D C:\Users\Frank\AppData\Roaming\ATI
2013-10-31 02:51 - 2013-10-31 02:51 - 00000000 ____D C:\Users\Frank\AppData\Local\ATI
2013-10-31 02:51 - 2013-10-31 02:51 - 00000000 ____D C:\Users\Frank\AppData\Local\AMD
2013-10-31 02:51 - 2013-10-31 02:51 - 00000000 ____D C:\ProgramData\ATI
2013-10-31 02:51 - 2013-10-31 02:51 - 00000000 _____ C:\Windows\ativpsrm.bin
2013-10-31 02:50 - 2013-10-31 02:50 - 00066451 _____ C:\Windows\SysWOW64\CCCInstall_201310310250023003.log
2013-10-31 02:50 - 2013-10-31 02:50 - 00000000 ____D C:\Program Files\AMD
2013-10-31 02:50 - 2013-10-31 02:50 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-10-31 02:50 - 2013-10-31 02:50 - 00000000 ____D C:\Program Files (x86)\AMD
2013-10-31 02:50 - 2013-10-31 02:49 - 00000000 ____D C:\ProgramData\AMD
2013-10-31 02:49 - 2013-10-31 02:43 - 00000000 ____D C:\AMD
2013-10-31 02:49 - 2013-10-31 02:25 - 00000000 ____D C:\Program Files\ATI Technologies
2013-10-31 02:48 - 2013-10-31 02:48 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-10-31 02:48 - 2013-10-31 02:48 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2013-10-31 02:48 - 2013-10-31 02:45 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-31 02:41 - 2013-10-31 02:39 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-10-31 02:41 - 2013-10-31 02:19 - 00001769 _____ C:\Windows\Language_trs.ini
2013-10-31 02:41 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\restore
2013-10-31 02:40 - 2013-10-31 02:40 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-10-31 02:40 - 2013-10-31 02:40 - 00000000 ____D C:\Program Files\Realtek
2013-10-31 02:38 - 2013-10-31 02:19 - 00028254 _____ C:\Windows\Ascd_tmp.ini
2013-10-31 02:26 - 2013-10-31 02:26 - 00000000 ____D C:\Program Files\ATI
2013-10-31 02:26 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-10-31 02:17 - 2013-10-31 02:17 - 00000020 ___SH C:\Users\Frank\ntuser.ini
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Frank\Vorlagen
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Frank\Startmenü
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Frank\Netzwerkumgebung
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Frank\Lokale Einstellungen
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Frank\Eigene Dateien
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Frank\Druckumgebung
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Frank\Documents\Eigene Musik
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Frank\Documents\Eigene Bilder
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Frank\AppData\Local\Verlauf
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Frank\AppData\Local\Anwendungsdaten
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Frank\Anwendungsdaten
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Default\Vorlagen
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Programme
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\ProgramData\Vorlagen
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\ProgramData\Favoriten
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 _SHDL C:\Dokumente und Einstellungen
2013-10-31 02:17 - 2013-10-31 02:17 - 00000000 __SHD C:\Recovery
2013-10-31 02:17 - 2013-10-31 02:09 - 00000000 ____D C:\Windows\Panther
2013-10-31 02:17 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-10-31 02:17 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\Recovery
2013-10-31 02:17 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Windows NT
2013-10-31 02:14 - 2013-10-31 02:14 - 00001355 _____ C:\Windows\TSSysprep.log
2013-10-31 02:14 - 2009-07-14 05:46 - 00002790 _____ C:\Windows\DtcInstall.log
2013-10-31 02:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\sysprep
2013-10-31 02:12 - 2013-10-31 02:12 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-10-31 02:10 - 2011-04-12 08:55 - 00000000 ____D C:\Windows\CSC
2013-10-31 02:09 - 2009-07-14 06:38 - 00025600 ___SH C:\Windows\system32\config\BCD-Template.LOG
2013-10-31 02:09 - 2009-07-14 06:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2013-10-25 17:39 - 2013-10-25 17:39 - 09763576 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2013-10-25 17:39 - 2013-10-25 17:39 - 08412168 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2013-10-25 17:39 - 2013-10-25 17:39 - 08287008 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2013-10-25 17:39 - 2013-10-25 17:39 - 06630232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2013-10-25 17:39 - 2013-10-25 17:39 - 01318040 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2013-10-25 17:39 - 2013-10-25 17:39 - 01099704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2013-10-25 17:39 - 2013-10-25 17:39 - 00157736 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2013-10-25 17:39 - 2013-10-25 17:39 - 00143304 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2013-10-25 17:39 - 2013-10-25 17:39 - 00142304 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2013-10-25 17:39 - 2013-10-25 17:39 - 00126336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2013-10-25 17:39 - 2013-10-25 17:39 - 00115512 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2013-10-25 17:39 - 2013-10-25 17:39 - 00098496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2013-10-25 17:39 - 2013-10-25 17:39 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2013-10-25 17:39 - 2013-10-25 17:39 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2013-10-25 17:39 - 2013-10-25 17:39 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2013-10-25 17:39 - 2013-10-25 17:39 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2013-10-25 17:38 - 2013-10-25 17:38 - 08927704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2013-10-25 17:38 - 2013-10-25 17:38 - 07751408 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2013-10-25 17:36 - 2013-10-25 17:36 - 13198848 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2013-10-25 17:23 - 2013-10-25 17:23 - 01187342 _____ C:\Windows\system32\amdocl_as64.exe
2013-10-25 17:23 - 2013-10-25 17:23 - 01061902 _____ C:\Windows\system32\amdocl_ld64.exe
2013-10-25 17:23 - 2013-10-25 17:23 - 00995342 _____ C:\Windows\SysWOW64\amdocl_as32.exe
2013-10-25 17:23 - 2013-10-25 17:23 - 00798734 _____ C:\Windows\SysWOW64\amdocl_ld32.exe
2013-10-25 17:23 - 2013-10-25 17:23 - 00230912 _____ C:\Windows\system32\clinfo.exe
2013-10-25 17:23 - 2013-10-25 17:23 - 00100352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2013-10-25 17:22 - 2013-10-25 17:22 - 29363712 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2013-10-25 17:22 - 2013-10-25 17:22 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2013-10-25 17:22 - 2013-10-25 17:22 - 00083968 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2013-10-25 17:22 - 2013-10-25 17:22 - 00073728 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2013-10-25 17:20 - 2013-10-25 17:20 - 24846848 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2013-10-25 17:17 - 2013-10-25 17:17 - 00063488 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2013-10-25 17:17 - 2013-10-25 17:17 - 00057344 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2013-10-25 17:13 - 2013-10-25 17:13 - 00129536 _____ (AMD) C:\Windows\system32\coinst_13.25.18.dll
2013-10-25 16:59 - 2013-10-25 16:59 - 26350592 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2013-10-25 16:56 - 2013-10-25 16:56 - 00547152 _____ C:\Windows\SysWOW64\atiapfxx.blb
2013-10-25 16:56 - 2013-10-25 16:56 - 00547152 _____ C:\Windows\system32\atiapfxx.blb
2013-10-25 16:56 - 2013-10-25 16:56 - 00368640 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2013-10-25 16:56 - 2013-10-25 16:56 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2013-10-25 16:56 - 2013-10-25 16:56 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2013-10-25 16:56 - 2013-10-25 16:56 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2013-10-25 16:55 - 2013-10-25 16:55 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2013-10-25 16:55 - 2013-10-25 16:55 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2013-10-25 16:52 - 2013-10-25 16:52 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2013-10-25 16:41 - 2013-10-25 16:41 - 22156288 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2013-10-25 16:36 - 2013-10-25 16:36 - 00585216 _____ (AMD) C:\Windows\system32\atieclxx.exe
2013-10-25 16:36 - 2013-10-25 16:36 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2013-10-25 16:36 - 2013-10-25 16:36 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2013-10-25 16:35 - 2013-10-25 16:35 - 00239616 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2013-10-25 16:34 - 2013-10-25 16:34 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2013-10-25 16:21 - 2013-10-25 16:21 - 03399312 _____ C:\Windows\system32\atiumd6a.cap
2013-10-25 16:18 - 2013-10-25 16:18 - 00204952 _____ C:\Windows\SysWOW64\ativvsvl.dat
2013-10-25 16:18 - 2013-10-25 16:18 - 00204952 _____ C:\Windows\system32\ativvsvl.dat
2013-10-25 16:18 - 2013-10-25 16:18 - 00157144 _____ C:\Windows\SysWOW64\ativvsva.dat
2013-10-25 16:18 - 2013-10-25 16:18 - 00157144 _____ C:\Windows\system32\ativvsva.dat
2013-10-25 16:10 - 2013-10-25 16:10 - 03433360 _____ C:\Windows\SysWOW64\atiumdva.cap
2013-10-25 16:06 - 2013-10-25 16:06 - 01145344 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2013-10-25 16:06 - 2013-10-25 16:06 - 00825856 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2013-10-25 16:05 - 2013-10-25 16:05 - 00624128 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2013-10-25 16:05 - 2013-10-25 16:05 - 00100352 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2013-10-25 16:05 - 2013-10-25 16:05 - 00096768 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2013-10-25 16:05 - 2013-10-25 16:05 - 00074752 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2013-10-25 16:05 - 2013-10-25 16:05 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2013-10-25 16:05 - 2013-10-25 16:05 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2013-10-25 16:02 - 2013-10-25 16:02 - 00096256 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2013-10-25 16:02 - 2013-10-25 16:02 - 00090112 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2013-10-25 16:02 - 2013-10-25 16:02 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2013-10-25 16:01 - 2013-10-25 16:01 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2013-10-25 16:01 - 2013-10-25 16:01 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2013-10-25 12:33 - 2013-10-25 12:33 - 00051200 _____ C:\Windows\system32\kdbsdk64.dll
2013-10-25 12:28 - 2013-10-25 12:28 - 00038912 _____ C:\Windows\SysWOW64\kdbsdk32.dll

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\jna1232990580696524905.dll
C:\Users\Admin\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Frank\AppData\Local\Temp\npp.6.5.1.Installer.exe
C:\Users\Frank\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-20 13:46

==================== End Of Log ============================
Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-11-2013
Ran by Admin at 2013-11-21 00:30:21
Running from C:\Users\Frank\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: COMODO Antivirus (Enabled - Up to date) {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Antivirus (Enabled - Up to date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

==================== Installed Programs ======================

7-Zip 9.22 (x64 edition) (Version: 9.22.00.0)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
AMD Accelerated Video Transcoding (Version: 13.20.100.31025)
AMD Catalyst Control Center (x32 Version: 2013.1025.1143.19184)
AMD Catalyst Install Manager (Version: 8.0.915.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2013.1025.1143.19184)
AMD Media Foundation Decoders (Version: 1.0.81025.1204)
AMD Steady Video Plug-In  (Version: 2.06.0000)
AMD Wireless Display v3.0 (Version: 1.0.0.14)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1025.1143.19184)
Catalyst Control Center InstallProxy (x32 Version: 2013.1025.1143.19184)
Catalyst Control Center Localization All (x32 Version: 2013.1025.1143.19184)
CCC Help Chinese Standard (x32 Version: 2013.1025.1142.19184)
CCC Help Chinese Traditional (x32 Version: 2013.1025.1142.19184)
CCC Help Czech (x32 Version: 2013.1025.1142.19184)
CCC Help Danish (x32 Version: 2013.1025.1142.19184)
CCC Help Dutch (x32 Version: 2013.1025.1142.19184)
CCC Help English (x32 Version: 2013.1025.1142.19184)
CCC Help Finnish (x32 Version: 2013.1025.1142.19184)
CCC Help French (x32 Version: 2013.1025.1142.19184)
CCC Help German (x32 Version: 2013.1025.1142.19184)
CCC Help Greek (x32 Version: 2013.1025.1142.19184)
CCC Help Hungarian (x32 Version: 2013.1025.1142.19184)
CCC Help Italian (x32 Version: 2013.1025.1142.19184)
CCC Help Japanese (x32 Version: 2013.1025.1142.19184)
CCC Help Korean (x32 Version: 2013.1025.1142.19184)
CCC Help Norwegian (x32 Version: 2013.1025.1142.19184)
CCC Help Polish (x32 Version: 2013.1025.1142.19184)
CCC Help Portuguese (x32 Version: 2013.1025.1142.19184)
CCC Help Russian (x32 Version: 2013.1025.1142.19184)
CCC Help Spanish (x32 Version: 2013.1025.1142.19184)
CCC Help Swedish (x32 Version: 2013.1025.1142.19184)
CCC Help Thai (x32 Version: 2013.1025.1142.19184)
CCC Help Turkish (x32 Version: 2013.1025.1142.19184)
ccc-utility64 (Version: 2013.1025.1143.19184)
Classic Shell (Version: 4.0.2)
COMODO Internet Security Premium (Version: 6.3.32439.2937)
digiKam 3.4.0 (x32 Version: 3.4.0)
dispcalGUI (x32 Version: 1.5.3.1)
Double Commander 0.5.7 beta
Free Download Manager 3.9.3 (x32)
GIMP 2.8.6 (Version: 2.8.6)
HWiNFO64 Version 4.26 (Version: 4.26)
ICC Profile Inspector 2.4.0 (x32)
ICC3D 1.2.9 (x32 Version: 1.2.9)
IrfanView (remove only) (x32 Version: 4.36)
Jaangle music management (x32)
Java 7 Update 45 (64-bit) (Version: 7.0.450)
LibreOffice 4.1.2.3 (x32 Version: 4.1.2.3)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Mozilla Firefox 25.0 (x86 de) (x32 Version: 25.0)
Mozilla Maintenance Service (x32 Version: 25.0)
MSI Afterburner 3.0.0 Beta 15 (x32 Version: 3.0.0 Beta 15)
NETGEAR WG111v3 wireless USB 2.0 adapter (x32 Version: 1.01.10)
Notepad++ (x32 Version: 6.5.1)
Notepad2 (Notepad Replacement) (Version: 4.2.25 )
Password Safe (x32)
Python 2.7.5 (64-bit) (Version: 2.7.5150)
Rainlendar2 (remove only) (x32)
RawTherapee Version 4.0.11 (Version: 4.0.11)
Realtek Ethernet Controller Driver (x32 Version: 7.41.216.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6251)
RivaTuner Statistics Server 5.3.2 (x32 Version: 5.3.2)
Skype™ 6.10 (x32 Version: 6.10.104)
SumatraPDF (x32 Version: 2.4)
TeamSpeak 3 Client (Version: 3.0.13)
The Witcher Enhanced Edition (x32 Version: 1.4.5.1280)
Total Commander 64-bit (Remove or Repair) (Version: 8.01)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
VLC media player 2.1.0 (Version: 2.1.0)
WinMerge 2.14.0 (x32 Version: 2.14.0)

==================== Restore Points  =========================

20-11-2013 12:53:58 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2277BEEE-799E-4F08-BD82-48CF2B029212} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => D:\Programme\COMODO\COMODO Internet Security\cfpconfg.exe [2013-11-11] (COMODO)
Task: {76A8E37F-58A9-4177-BC43-6EC52A814CF4} - System32\Tasks\COMODO\COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69} => D:\Programme\COMODO\COMODO Internet Security\cis.exe [2013-11-14] (COMODO)
Task: {7C0E5F05-3DE6-4C19-9D35-BE383802E81F} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => D:\Programme\COMODO\COMODO Internet Security\cfpconfg.exe [2013-11-11] (COMODO)
Task: {868AAC5F-72C4-4242-8F26-5C6560A75260} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => D:\Programme\COMODO\COMODO Internet Security\cfpconfg.exe [2013-11-11] (COMODO)
Task: {C5FC84A9-166E-4F19-84A3-9F7B56986246} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => D:\Programme\COMODO\COMODO Internet Security\cfpconfg.exe [2013-11-11] (COMODO)

==================== Loaded Modules (whitelisted) =============

2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () D:\Programme\Notepad++\NppShell_05.dll
2013-10-31 04:34 - 2013-10-31 04:33 - 00014848 _____ () C:\Users\Frank\AppData\Local\Apps\2.0\CWE663DE.PB3\0J47O43M.VBN\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\Curse.CurseClient.WowDb.dll
2013-10-31 04:34 - 2013-10-31 04:33 - 00035840 _____ () C:\Users\Frank\AppData\Local\Apps\2.0\CWE663DE.PB3\0J47O43M.VBN\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\Curse.Advertising.dll
2013-10-31 04:34 - 2013-10-31 04:34 - 00099840 _____ () C:\Users\Frank\AppData\Local\Apps\2.0\CWE663DE.PB3\0J47O43M.VBN\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\Curse.CurseClient.CMOD2.dll
2013-10-25 11:46 - 2013-10-25 11:46 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-05-16 20:01 - 2012-05-16 20:01 - 00140800 _____ () D:\Programme\Rainlendar2\lua52.dll
2013-03-10 18:59 - 2013-03-10 18:59 - 00215648 _____ () D:\Programme\Rainlendar2\plugins\iCalendarPlugin.dll
2012-06-17 14:22 - 2012-06-17 14:22 - 00012800 _____ () D:\Programme\Rainlendar2\lfs.dll
2013-10-31 03:24 - 2013-10-21 07:41 - 00868704 _____ () D:\Programme\Opera\17.0.1241.53\ffmpegsumo.dll
2013-10-31 03:24 - 2013-10-21 07:41 - 00881504 _____ () D:\Programme\Opera\17.0.1241.53\libglesv2.dll
2013-10-31 03:24 - 2013-10-21 07:41 - 00109408 _____ () D:\Programme\Opera\17.0.1241.53\libegl.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: AMD High Definition Audio Device
Description: AMD High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices
Service: AtiHDAudioService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/21/2013 00:23:27 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/20/2013 11:02:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/20/2013 06:58:41 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2013 08:31:35 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: witcher.EXE, Version: 1.5.0.1304, Zeitstempel: 0x4910475c
Name des fehlerhaften Moduls: witcher.EXE, Version: 1.5.0.1304, Zeitstempel: 0x4910475c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x006000d2
ID des fehlerhaften Prozesses: 0x114e88
Startzeit der fehlerhaften Anwendung: 0xwitcher.EXE0
Pfad der fehlerhaften Anwendung: witcher.EXE1
Pfad des fehlerhaften Moduls: witcher.EXE2
Berichtskennung: witcher.EXE3

Error: (11/19/2013 08:28:43 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: witcher.EXE, Version: 1.5.0.1304, Zeitstempel: 0x4910475c
Name des fehlerhaften Moduls: witcher.EXE, Version: 1.5.0.1304, Zeitstempel: 0x4910475c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x005fffe0
ID des fehlerhaften Prozesses: 0x9a1a0
Startzeit der fehlerhaften Anwendung: 0xwitcher.EXE0
Pfad der fehlerhaften Anwendung: witcher.EXE1
Pfad des fehlerhaften Moduls: witcher.EXE2
Berichtskennung: witcher.EXE3

Error: (11/19/2013 03:44:39 AM) (Source: Application Hang) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 804

Startzeit: 01cee471813ff6a8

Endzeit: 2167

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: 7116bfb9-50c4-11e3-b2c0-14dae901afa9

Error: (11/18/2013 04:19:48 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2013 09:13:02 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: witcher.EXE, Version: 1.5.0.1304, Zeitstempel: 0x4910475c
Name des fehlerhaften Moduls: witcher.EXE, Version: 1.5.0.1304, Zeitstempel: 0x4910475c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003e9482
ID des fehlerhaften Prozesses: 0x11b11c
Startzeit der fehlerhaften Anwendung: 0xwitcher.EXE0
Pfad der fehlerhaften Anwendung: witcher.EXE1
Pfad des fehlerhaften Moduls: witcher.EXE2
Berichtskennung: witcher.EXE3

Error: (11/16/2013 06:03:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2013 00:49:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/21/2013 00:24:11 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.

Error: (11/20/2013 11:03:08 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (11/20/2013 11:03:08 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Computerbrowser" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (11/20/2013 11:03:08 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (11/20/2013 11:02:08 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Server" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (11/20/2013 11:01:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/20/2013 11:01:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/20/2013 11:01:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/20/2013 11:01:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Shellhardwareerkennung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/20/2013 11:01:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Benachrichtigungsdienst für Systemereignisse" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (11/21/2013 00:23:27 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/20/2013 11:02:54 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/20/2013 06:58:41 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2013 08:31:35 AM) (Source: Application Error)(User: )
Description: witcher.EXE1.5.0.13044910475cwitcher.EXE1.5.0.13044910475cc0000005006000d2114e8801cee4f929e00eafD:\Programme\Witcher\SYSTEM\witcher.EXED:\Programme\Witcher\SYSTEM\witcher.EXE9e396eeb-50ec-11e3-b2c0-14dae901afa9

Error: (11/19/2013 08:28:43 AM) (Source: Application Error)(User: )
Description: witcher.EXE1.5.0.13044910475cwitcher.EXE1.5.0.13044910475cc0000005005fffe09a1a001cee4b0d2a0003cD:\Programme\Witcher\SYSTEM\witcher.EXED:\Programme\Witcher\SYSTEM\witcher.EXE37c128b0-50ec-11e3-b2c0-14dae901afa9

Error: (11/19/2013 03:44:39 AM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.1756780401cee471813ff6a82167C:\Windows\Explorer.EXE7116bfb9-50c4-11e3-b2c0-14dae901afa9

Error: (11/18/2013 04:19:48 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2013 09:13:02 PM) (Source: Application Error)(User: )
Description: witcher.EXE1.5.0.13044910475cwitcher.EXE1.5.0.13044910475cc0000005003e948211b11c01cee34aff5525baD:\Programme\Witcher\SYSTEM\witcher.EXED:\Programme\Witcher\SYSTEM\witcher.EXEa90de170-4fc4-11e3-bfe1-14dae901afa9

Error: (11/16/2013 06:03:21 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2013 00:49:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-11-06 23:11:31.456
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Programme\RivaTuner\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-06 23:11:31.422
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Programme\RivaTuner\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-06 23:11:30.133
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Programme\RivaTuner\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-06 23:11:30.098
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Programme\RivaTuner\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-06 23:11:29.022
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Programme\RivaTuner\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-06 23:11:28.988
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Programme\RivaTuner\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-06 23:11:27.916
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Programme\RivaTuner\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-06 23:11:27.882
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Programme\RivaTuner\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-06 23:11:00.760
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Programme\RivaTuner\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-11-06 23:11:00.726
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Programme\RivaTuner\RivaTuner64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 26%
Total physical RAM: 8190.12 MB
Available physical RAM: 6018.43 MB
Total Pagefile: 16378.41 MB
Available Pagefile: 13788.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:79.9 GB) (Free:33.53 GB) NTFS
Drive d: () (Fixed) (Total:500 GB) (Free:455.71 GB) NTFS
Drive e: (AVM FRITZ!Box) (CDROM) (Total:0.09 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 2EC720DB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=80 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=500 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Alt 21.11.2013, 14:02   #5
FFrank
 
Windows 7: merkwürdiges Verhalten (Prozesse beenden sehr langsam, Bildschirmflackern, seltsame Internetverbindung) - Standard

Windows 7: merkwürdiges Verhalten (Prozesse beenden sehr langsam, Bildschirmflackern, seltsame Internetverbindung)


GMER.txt [1]
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-11-21 00:55:17
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000DM003-1CH162 rev.CC47 931,51GB
Running: 8441b6d4.exe; Driver: C:\Users\Admin\AppData\Local\Temp\ugloypog.sys


---- User code sections - GMER 2.1 ----

.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                         0000000077b01360 8 bytes JMP 000000016fff00d8
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                       0000000077b01560 8 bytes JMP 000000016fff0110
.text  C:\Windows\system32\csrss.exe[460] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                      0000000077b01b00 8 bytes JMP 000000016fff0148
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                         0000000077b01360 8 bytes JMP 000000016fff00d8
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                       0000000077b01560 8 bytes JMP 000000016fff0110
.text  C:\Windows\system32\csrss.exe[568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                      0000000077b01b00 8 bytes JMP 000000016fff0148
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                0000000077ad3b10 6 bytes {JMP QWORD [RIP+0x856c520]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                     0000000077b013a0 6 bytes {JMP QWORD [RIP+0x851ec90]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                          0000000077b01570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                  0000000077b015e0 6 bytes {JMP QWORD [RIP+0x8bbea50]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                               0000000077b01620 6 bytes {JMP QWORD [RIP+0x8b7ea10]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                     0000000077b016c0 6 bytes {JMP QWORD [RIP+0x8bde970]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                             0000000077b01750 6 bytes {JMP QWORD [RIP+0x8b5e8e0]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                              0000000077b01790 6 bytes {JMP QWORD [RIP+0x8a5e8a0]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                           0000000077b017e0 6 bytes {JMP QWORD [RIP+0x8a7e850]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                0000000077b01800 6 bytes {JMP QWORD [RIP+0x8b9e830]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                           0000000077b019f0 6 bytes {JMP QWORD [RIP+0x8c5e640]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                   0000000077b01b00 6 bytes {JMP QWORD [RIP+0x8a3e530]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                               0000000077b01bd0 6 bytes {JMP QWORD [RIP+0x8afe460]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                  0000000077b01d20 6 bytes {JMP QWORD [RIP+0x8bfe310]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                            0000000077b01d30 6 bytes {JMP QWORD [RIP+0x8c3e300]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                0000000077b020a0 6 bytes {JMP QWORD [RIP+0x8b1df90]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                       0000000077b02130 6 bytes {JMP QWORD [RIP+0x8c1df00]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                      0000000077b029a0 6 bytes {JMP QWORD [RIP+0x8b3d690]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                            0000000077b02a20 6 bytes {JMP QWORD [RIP+0x8a9d610]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                        0000000077b02aa0 6 bytes {JMP QWORD [RIP+0x8abd590]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                     000000007789a420 6 bytes {JMP QWORD [RIP+0x8805c10]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\kernel32.dll!CreateProcessW                                                           00000000778b1b50 6 bytes {JMP QWORD [RIP+0x87ae4e0]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\kernel32.dll!CreateProcessA                                                           0000000077928810 6 bytes {JMP QWORD [RIP+0x8757820]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                   000007fefd9c9055 3 bytes [B5, 6F, 06]
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                           000007fefd9d53c0 5 bytes [FF, 25, 70, AC, 0A]
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx                                                      000007fefe2e4750 6 bytes {JMP QWORD [RIP+0x10b8e0]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\USER32.dll!RegisterRawInputDevices                                                    00000000779b6ef0 6 bytes {JMP QWORD [RIP+0x8a29140]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\USER32.dll!SystemParametersInfoA                                                      00000000779b8184 6 bytes {JMP QWORD [RIP+0x8b07eac]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\USER32.dll!SetParent                                                                  00000000779b8530 6 bytes {JMP QWORD [RIP+0x8a47b00]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\USER32.dll!SetWindowLongA                                                             00000000779b9bcc 6 bytes {JMP QWORD [RIP+0x87a6464]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\USER32.dll!PostMessageA                                                               00000000779ba404 6 bytes {JMP QWORD [RIP+0x87e5c2c]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\USER32.dll!EnableWindow                                                               00000000779baaa0 6 bytes {JMP QWORD [RIP+0x8b45590]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\USER32.dll!MoveWindow                                                                 00000000779baad0 6 bytes {JMP QWORD [RIP+0x8a65560]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\USER32.dll!GetAsyncKeyState                                                           00000000779bc720 6 bytes {JMP QWORD [RIP+0x8a03910]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\USER32.dll!RegisterHotKey                                                             00000000779bcd50 6 bytes {JMP QWORD [RIP+0x8ae32e0]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\USER32.dll!PostThreadMessageA                                                         00000000779bd2b0 6 bytes {JMP QWORD [RIP+0x8822d80]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\USER32.dll!SendMessageA                                                               00000000779bd338 6 bytes {JMP QWORD [RIP+0x8862cf8]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\USER32.dll!SendNotifyMessageW                                                         00000000779bdc40 6 bytes {JMP QWORD [RIP+0x89423f0]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\USER32.dll!SystemParametersInfoW                                                      00000000779bf510 6 bytes {JMP QWORD [RIP+0x8b20b20]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                                          00000000779bf874 6 bytes {JMP QWORD [RIP+0x87607bc]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\USER32.dll!SendMessageTimeoutW                                                        00000000779bfac0 6 bytes {JMP QWORD [RIP+0x88c0570]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\USER32.dll!PostThreadMessageW                                                         00000000779c0b74 6 bytes {JMP QWORD [RIP+0x883f4bc]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\USER32.dll!SetWindowLongW                                                             00000000779c33b0 6 bytes {JMP QWORD [RIP+0x87bcc80]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\USER32.dll!SetWinEventHook + 1                                                        00000000779c4d4d 5 bytes {JMP QWORD [RIP+0x877b2e4]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\USER32.dll!GetKeyState                                                                00000000779c5010 6 bytes {JMP QWORD [RIP+0x89db020]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\USER32.dll!SendMessageCallbackW                                                       00000000779c5438 6 bytes {JMP QWORD [RIP+0x88fabf8]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\USER32.dll!SendMessageW                                                               00000000779c6b50 6 bytes {JMP QWORD [RIP+0x88794e0]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\USER32.dll!PostMessageW                                                               00000000779c76e4 6 bytes {JMP QWORD [RIP+0x87f894c]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\USER32.dll!SendDlgItemMessageW                                                        00000000779cdd90 6 bytes {JMP QWORD [RIP+0x89722a0]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\USER32.dll!GetClipboardData                                                           00000000779ce874 6 bytes {JMP QWORD [RIP+0x8ab17bc]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\USER32.dll!SetClipboardViewer                                                         00000000779cf780 6 bytes {JMP QWORD [RIP+0x8a708b0]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\USER32.dll!SendNotifyMessageA                                                         00000000779d28e4 6 bytes {JMP QWORD [RIP+0x890d74c]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\USER32.dll!mouse_event                                                                00000000779d3894 6 bytes {JMP QWORD [RIP+0x870c79c]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\USER32.dll!GetKeyboardState                                                           00000000779d8a10 6 bytes {JMP QWORD [RIP+0x89a7620]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\USER32.dll!SendMessageTimeoutA                                                        00000000779d8be0 6 bytes {JMP QWORD [RIP+0x8887450]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                                          00000000779d8c20 6 bytes {JMP QWORD [RIP+0x8727410]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\USER32.dll!SendInput                                                                  00000000779d8cd0 6 bytes {JMP QWORD [RIP+0x8987360]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\USER32.dll!BlockInput                                                                 00000000779dad60 6 bytes {JMP QWORD [RIP+0x8a852d0]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\USER32.dll!ExitWindowsEx                                                              0000000077a014e0 6 bytes {JMP QWORD [RIP+0x8b1eb50]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\USER32.dll!keybd_event                                                                0000000077a245a4 6 bytes {JMP QWORD [RIP+0x869ba8c]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\USER32.dll!SendDlgItemMessageA                                                        0000000077a2cc08 6 bytes {JMP QWORD [RIP+0x88f3428]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\USER32.dll!SendMessageCallbackA                                                       0000000077a2df18 6 bytes {JMP QWORD [RIP+0x8872118]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\GDI32.dll!DeleteDC                                                                    000007feffaf22d0 6 bytes JMP 0
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\GDI32.dll!BitBlt                                                                      000007feffaf24b8 6 bytes {JMP QWORD [RIP+0x2cdb78]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\GDI32.dll!MaskBlt                                                                     000007feffaf5be0 6 bytes {JMP QWORD [RIP+0x2fa450]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\GDI32.dll!CreateDCW                                                                   000007feffaf8384 6 bytes {JMP QWORD [RIP+0xa7cac]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\GDI32.dll!CreateDCA                                                                   000007feffaf89c4 6 bytes {JMP QWORD [RIP+0x8766c]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\GDI32.dll!GetPixel                                                                    000007feffaf933c 6 bytes JMP 0
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\GDI32.dll!StretchBlt                                                                  000007feffafb9e8 6 bytes {JMP QWORD [RIP+0x334648]}
.text  C:\Windows\system32\services.exe[604] C:\Windows\system32\GDI32.dll!PlgBlt                                                                      000007feffafc8b0 6 bytes {JMP QWORD [RIP+0x313780]}
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                   0000000077ad3b10 6 bytes {JMP QWORD [RIP+0x856c520]}
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                        0000000077b013a0 6 bytes {JMP QWORD [RIP+0x851ec90]}
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                             0000000077b01570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                     0000000077b015e0 6 bytes {JMP QWORD [RIP+0x8bbea50]}
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                  0000000077b01620 6 bytes {JMP QWORD [RIP+0x8b7ea10]}
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                        0000000077b016c0 6 bytes {JMP QWORD [RIP+0x8bde970]}
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                0000000077b01750 6 bytes {JMP QWORD [RIP+0x8b5e8e0]}
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                 0000000077b01790 6 bytes {JMP QWORD [RIP+0x8a5e8a0]}
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                              0000000077b017e0 6 bytes {JMP QWORD [RIP+0x8a7e850]}
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                   0000000077b01800 6 bytes {JMP QWORD [RIP+0x8b9e830]}
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                              0000000077b019f0 6 bytes {JMP QWORD [RIP+0x8c5e640]}
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                      0000000077b01b00 6 bytes {JMP QWORD [RIP+0x8a3e530]}
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                  0000000077b01bd0 6 bytes {JMP QWORD [RIP+0x8afe460]}
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                     0000000077b01d20 6 bytes {JMP QWORD [RIP+0x8bfe310]}
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                               0000000077b01d30 6 bytes {JMP QWORD [RIP+0x8c3e300]}
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                   0000000077b020a0 6 bytes {JMP QWORD [RIP+0x8b1df90]}
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                          0000000077b02130 6 bytes {JMP QWORD [RIP+0x8c1df00]}
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                         0000000077b029a0 6 bytes {JMP QWORD [RIP+0x8b3d690]}
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                               0000000077b02a20 6 bytes {JMP QWORD [RIP+0x8a9d610]}
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                           0000000077b02aa0 6 bytes {JMP QWORD [RIP+0x8abd590]}
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                        000000007789a420 6 bytes {JMP QWORD [RIP+0x8805c10]}
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\system32\kernel32.dll!CreateProcessW                                                              00000000778b1b50 6 bytes {JMP QWORD [RIP+0x87ae4e0]}
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\system32\kernel32.dll!CreateProcessA                                                              0000000077928810 6 bytes {JMP QWORD [RIP+0x8757820]}
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                      000007fefd9c9055 3 bytes CALL 9000027
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                              000007fefd9d53c0 5 bytes [FF, 25, 70, AC, 0A]
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\system32\GDI32.dll!DeleteDC                                                                       000007feffaf22d0 6 bytes JMP 0
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\system32\GDI32.dll!BitBlt                                                                         000007feffaf24b8 6 bytes JMP 2afb40
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\system32\GDI32.dll!MaskBlt                                                                        000007feffaf5be0 6 bytes {JMP QWORD [RIP+0x2fa450]}
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\system32\GDI32.dll!CreateDCW                                                                      000007feffaf8384 6 bytes {JMP QWORD [RIP+0xa7cac]}
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\system32\GDI32.dll!CreateDCA                                                                      000007feffaf89c4 6 bytes {JMP QWORD [RIP+0x8766c]}
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\system32\GDI32.dll!GetPixel                                                                       000007feffaf933c 6 bytes JMP 0
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\system32\GDI32.dll!StretchBlt                                                                     000007feffafb9e8 6 bytes {JMP QWORD [RIP+0x334648]}
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\system32\GDI32.dll!PlgBlt                                                                         000007feffafc8b0 6 bytes {JMP QWORD [RIP+0x313780]}
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA                                                        000007feffbfa6f0 6 bytes {JMP QWORD [RIP+0xb5940]}
.text  C:\Windows\system32\lsass.exe[612] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                     000007feffc20c10 6 bytes JMP 6200620
.text  C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                     0000000077ad3b10 6 bytes {JMP QWORD [RIP+0x856c520]}
.text  C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                          0000000077b013a0 6 bytes {JMP QWORD [RIP+0x851ec90]}
.text  C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                               0000000077b01570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text  C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                       0000000077b015e0 6 bytes {JMP QWORD [RIP+0x8bbea50]}
.text  C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                    0000000077b01620 6 bytes {JMP QWORD [RIP+0x8b7ea10]}
.text  C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                          0000000077b016c0 6 bytes {JMP QWORD [RIP+0x8bde970]}
.text  C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                  0000000077b01750 6 bytes {JMP QWORD [RIP+0x8b5e8e0]}
.text  C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                   0000000077b01790 6 bytes {JMP QWORD [RIP+0x8a5e8a0]}
.text  C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                0000000077b017e0 6 bytes {JMP QWORD [RIP+0x8a7e850]}
.text  C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                     0000000077b01800 6 bytes {JMP QWORD [RIP+0x8b9e830]}
.text  C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                0000000077b019f0 6 bytes {JMP QWORD [RIP+0x8c5e640]}
.text  C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                        0000000077b01b00 6 bytes {JMP QWORD [RIP+0x8a3e530]}
.text  C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                    0000000077b01bd0 6 bytes {JMP QWORD [RIP+0x8afe460]}
.text  C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                       0000000077b01d20 6 bytes {JMP QWORD [RIP+0x8bfe310]}
.text  C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                 0000000077b01d30 6 bytes {JMP QWORD [RIP+0x8c3e300]}
.text  C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                     0000000077b020a0 6 bytes {JMP QWORD [RIP+0x8b1df90]}
.text  C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                            0000000077b02130 6 bytes {JMP QWORD [RIP+0x8c1df00]}
.text  C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                           0000000077b029a0 6 bytes {JMP QWORD [RIP+0x8b3d690]}
.text  C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                 0000000077b02a20 6 bytes {JMP QWORD [RIP+0x8a9d610]}
.text  C:\Windows\system32\lsm.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                             0000000077b02aa0 6 bytes {JMP QWORD [RIP+0x8abd590]}
.text  C:\Windows\system32\lsm.exe[620] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                        000007fefd9c9055 3 bytes [B5, 6F, 06]
.text  C:\Windows\system32\lsm.exe[620] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                000007fefd9d53c0 5 bytes JMP 0
.text  C:\Windows\system32\lsm.exe[620] C:\Windows\system32\GDI32.dll!DeleteDC                                                                         000007feffaf22d0 6 bytes {JMP QWORD [RIP+0x20dd60]}
.text  C:\Windows\system32\lsm.exe[620] C:\Windows\system32\GDI32.dll!BitBlt                                                                           000007feffaf24b8 6 bytes JMP 320034
.text  C:\Windows\system32\lsm.exe[620] C:\Windows\system32\GDI32.dll!MaskBlt                                                                          000007feffaf5be0 6 bytes JMP 0
.text  C:\Windows\system32\lsm.exe[620] C:\Windows\system32\GDI32.dll!CreateDCW                                                                        000007feffaf8384 6 bytes JMP 0
.text  C:\Windows\system32\lsm.exe[620] C:\Windows\system32\GDI32.dll!CreateDCA                                                                        000007feffaf89c4 6 bytes {JMP QWORD [RIP+0x8766c]}
.text  C:\Windows\system32\lsm.exe[620] C:\Windows\system32\GDI32.dll!GetPixel                                                                         000007feffaf933c 6 bytes {JMP QWORD [RIP+0x1e6cf4]}
.text  C:\Windows\system32\lsm.exe[620] C:\Windows\system32\GDI32.dll!StretchBlt                                                                       000007feffafb9e8 6 bytes JMP 0
.text  C:\Windows\system32\lsm.exe[620] C:\Windows\system32\GDI32.dll!PlgBlt                                                                           000007feffafc8b0 6 bytes JMP 0
.text  C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                 0000000077ad3b10 6 bytes {JMP QWORD [RIP+0x856c520]}
.text  C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                      0000000077b013a0 6 bytes {JMP QWORD [RIP+0x851ec90]}
.text  C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                           0000000077b01570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text  C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                   0000000077b015e0 6 bytes {JMP QWORD [RIP+0x8bbea50]}
.text  C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                0000000077b01620 6 bytes {JMP QWORD [RIP+0x8b7ea10]}
.text  C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                      0000000077b016c0 6 bytes {JMP QWORD [RIP+0x8bde970]}
.text  C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                              0000000077b01750 6 bytes {JMP QWORD [RIP+0x8b5e8e0]}
.text  C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                               0000000077b01790 6 bytes {JMP QWORD [RIP+0x8a5e8a0]}
.text  C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                            0000000077b017e0 6 bytes {JMP QWORD [RIP+0x8a7e850]}
.text  C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                 0000000077b01800 6 bytes {JMP QWORD [RIP+0x8b9e830]}
.text  C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                            0000000077b019f0 6 bytes {JMP QWORD [RIP+0x8c5e640]}
.text  C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                    0000000077b01b00 6 bytes {JMP QWORD [RIP+0x8a3e530]}
.text  C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                0000000077b01bd0 6 bytes {JMP QWORD [RIP+0x8afe460]}
.text  C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                   0000000077b01d20 6 bytes {JMP QWORD [RIP+0x8bfe310]}
.text  C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                             0000000077b01d30 6 bytes {JMP QWORD [RIP+0x8c3e300]}
.text  C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                 0000000077b020a0 6 bytes {JMP QWORD [RIP+0x8b1df90]}
.text  C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                        0000000077b02130 6 bytes {JMP QWORD [RIP+0x8c1df00]}
.text  C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                       0000000077b029a0 6 bytes {JMP QWORD [RIP+0x8b3d690]}
.text  C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                             0000000077b02a20 6 bytes {JMP QWORD [RIP+0x8a9d610]}
.text  C:\Windows\system32\svchost.exe[776] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                         0000000077b02aa0 6 bytes {JMP QWORD [RIP+0x8abd590]}
.text  C:\Windows\system32\svchost.exe[776] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                      000000007789a420 6 bytes {JMP QWORD [RIP+0x8805c10]}
.text  C:\Windows\system32\svchost.exe[776] C:\Windows\system32\kernel32.dll!CreateProcessW                                                            00000000778b1b50 6 bytes {JMP QWORD [RIP+0x87ae4e0]}
.text  C:\Windows\system32\svchost.exe[776] C:\Windows\system32\kernel32.dll!CreateProcessA                                                            0000000077928810 6 bytes {JMP QWORD [RIP+0x8757820]}
.text  C:\Windows\system32\svchost.exe[776] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                    000007fefd9c9055 3 bytes [B5, 6F, 06]
.text  C:\Windows\system32\svchost.exe[776] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                            000007fefd9d53c0 5 bytes [FF, 25, 70, AC, 0A]
.text  C:\Windows\system32\svchost.exe[776] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx                                                       000007fefe2e4750 6 bytes {JMP QWORD [RIP+0x10b8e0]}
.text  C:\Windows\system32\svchost.exe[776] C:\Windows\system32\GDI32.dll!DeleteDC                                                                     000007feffaf22d0 6 bytes JMP 0
.text  C:\Windows\system32\svchost.exe[776] C:\Windows\system32\GDI32.dll!BitBlt                                                                       000007feffaf24b8 6 bytes {JMP QWORD [RIP+0x2cdb78]}
.text  C:\Windows\system32\svchost.exe[776] C:\Windows\system32\GDI32.dll!MaskBlt                                                                      000007feffaf5be0 6 bytes {JMP QWORD [RIP+0x2fa450]}
.text  C:\Windows\system32\svchost.exe[776] C:\Windows\system32\GDI32.dll!CreateDCW                                                                    000007feffaf8384 6 bytes {JMP QWORD [RIP+0xa7cac]}
.text  C:\Windows\system32\svchost.exe[776] C:\Windows\system32\GDI32.dll!CreateDCA                                                                    000007feffaf89c4 6 bytes {JMP QWORD [RIP+0x8766c]}
.text  C:\Windows\system32\svchost.exe[776] C:\Windows\system32\GDI32.dll!GetPixel                                                                     000007feffaf933c 6 bytes JMP 0
.text  C:\Windows\system32\svchost.exe[776] C:\Windows\system32\GDI32.dll!StretchBlt                                                                   000007feffafb9e8 6 bytes {JMP QWORD [RIP+0x334648]}
.text  C:\Windows\system32\svchost.exe[776] C:\Windows\system32\GDI32.dll!PlgBlt                                                                       000007feffafc8b0 6 bytes {JMP QWORD [RIP+0x313780]}
.text  C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                 0000000077ad3b10 6 bytes {JMP QWORD [RIP+0x856c520]}
.text  C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                      0000000077b013a0 6 bytes {JMP QWORD [RIP+0x851ec90]}
.text  C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                           0000000077b01570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text  C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                   0000000077b015e0 6 bytes {JMP QWORD [RIP+0x8bbea50]}
.text  C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                0000000077b01620 6 bytes {JMP QWORD [RIP+0x8b7ea10]}
.text  C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                      0000000077b016c0 6 bytes {JMP QWORD [RIP+0x8bde970]}
.text  C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                              0000000077b01750 6 bytes {JMP QWORD [RIP+0x8b5e8e0]}
.text  C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                               0000000077b01790 6 bytes {JMP QWORD [RIP+0x8a5e8a0]}
.text  C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                            0000000077b017e0 6 bytes {JMP QWORD [RIP+0x8a7e850]}
.text  C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                 0000000077b01800 6 bytes {JMP QWORD [RIP+0x8b9e830]}
.text  C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                            0000000077b019f0 6 bytes {JMP QWORD [RIP+0x8c5e640]}
.text  C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                    0000000077b01b00 6 bytes {JMP QWORD [RIP+0x8a3e530]}
.text  C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                0000000077b01bd0 6 bytes {JMP QWORD [RIP+0x8afe460]}
.text  C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                   0000000077b01d20 6 bytes {JMP QWORD [RIP+0x8bfe310]}
.text  C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                             0000000077b01d30 6 bytes {JMP QWORD [RIP+0x8c3e300]}
.text  C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                 0000000077b020a0 6 bytes {JMP QWORD [RIP+0x8b1df90]}
.text  C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                        0000000077b02130 6 bytes {JMP QWORD [RIP+0x8c1df00]}
.text  C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                       0000000077b029a0 6 bytes {JMP QWORD [RIP+0x8b3d690]}
.text  C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                             0000000077b02a20 6 bytes {JMP QWORD [RIP+0x8a9d610]}
.text  C:\Windows\system32\svchost.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                         0000000077b02aa0 6 bytes {JMP QWORD [RIP+0x8abd590]}
.text  C:\Windows\system32\svchost.exe[848] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                    000007fefd9c9055 3 bytes [B5, 6F, 06]
.text  C:\Windows\system32\svchost.exe[848] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                            000007fefd9d53c0 5 bytes [FF, 25, 70, AC, 0A]
.text  C:\Windows\system32\svchost.exe[848] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx                                                       000007fefe2e4750 6 bytes {JMP QWORD [RIP+0x10b8e0]}
.text  C:\Windows\system32\svchost.exe[848] C:\Windows\system32\GDI32.dll!DeleteDC                                                                     000007feffaf22d0 6 bytes {JMP QWORD [RIP+0x20dd60]}
.text  C:\Windows\system32\svchost.exe[848] C:\Windows\system32\GDI32.dll!BitBlt                                                                       000007feffaf24b8 6 bytes {JMP QWORD [RIP+0x2cdb78]}
.text  C:\Windows\system32\svchost.exe[848] C:\Windows\system32\GDI32.dll!MaskBlt                                                                      000007feffaf5be0 6 bytes JMP 0
.text  C:\Windows\system32\svchost.exe[848] C:\Windows\system32\GDI32.dll!CreateDCW                                                                    000007feffaf8384 6 bytes {JMP QWORD [RIP+0xa7cac]}
.text  C:\Windows\system32\svchost.exe[848] C:\Windows\system32\GDI32.dll!CreateDCA                                                                    000007feffaf89c4 6 bytes {JMP QWORD [RIP+0x8766c]}
.text  C:\Windows\system32\svchost.exe[848] C:\Windows\system32\GDI32.dll!GetPixel                                                                     000007feffaf933c 6 bytes {JMP QWORD [RIP+0x1e6cf4]}
.text  C:\Windows\system32\svchost.exe[848] C:\Windows\system32\GDI32.dll!StretchBlt                                                                   000007feffafb9e8 6 bytes JMP 5cb8ab32
.text  C:\Windows\system32\svchost.exe[848] C:\Windows\system32\GDI32.dll!PlgBlt                                                                       000007feffafc8b0 6 bytes JMP 0
.text  C:\Windows\system32\svchost.exe[848] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA                                                      000007feffbfa6f0 6 bytes {JMP QWORD [RIP+0xb5940]}
.text  C:\Windows\system32\svchost.exe[848] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                   000007feffc20c10 6 bytes {JMP QWORD [RIP+0xaf420]}
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                 0000000077ad3b10 6 bytes {JMP QWORD [RIP+0x856c520]}
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                      0000000077b013a0 6 bytes {JMP QWORD [RIP+0x851ec90]}
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                           0000000077b01570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                   0000000077b015e0 6 bytes {JMP QWORD [RIP+0x8bbea50]}
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                0000000077b01620 6 bytes {JMP QWORD [RIP+0x8b7ea10]}
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                      0000000077b016c0 6 bytes {JMP QWORD [RIP+0x8bde970]}
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                              0000000077b01750 6 bytes {JMP QWORD [RIP+0x8b5e8e0]}
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                               0000000077b01790 6 bytes {JMP QWORD [RIP+0x8a5e8a0]}
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                            0000000077b017e0 6 bytes {JMP QWORD [RIP+0x8a7e850]}
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                 0000000077b01800 6 bytes {JMP QWORD [RIP+0x8b9e830]}
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                            0000000077b019f0 6 bytes {JMP QWORD [RIP+0x8c5e640]}
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                    0000000077b01b00 6 bytes {JMP QWORD [RIP+0x8a3e530]}
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                0000000077b01bd0 6 bytes {JMP QWORD [RIP+0x8afe460]}
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                   0000000077b01d20 6 bytes {JMP QWORD [RIP+0x8bfe310]}
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                             0000000077b01d30 6 bytes {JMP QWORD [RIP+0x8c3e300]}
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                 0000000077b020a0 6 bytes {JMP QWORD [RIP+0x8b1df90]}
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                        0000000077b02130 6 bytes {JMP QWORD [RIP+0x8c1df00]}
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                       0000000077b029a0 6 bytes {JMP QWORD [RIP+0x8b3d690]}
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                             0000000077b02a20 6 bytes {JMP QWORD [RIP+0x8a9d610]}
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                         0000000077b02aa0 6 bytes {JMP QWORD [RIP+0x8abd590]}
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                      000000007789a420 6 bytes {JMP QWORD [RIP+0x8805c10]}
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\system32\kernel32.dll!CreateProcessW                                                            00000000778b1b50 6 bytes {JMP QWORD [RIP+0x87ae4e0]}
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\system32\kernel32.dll!CreateProcessA                                                            0000000077928810 6 bytes {JMP QWORD [RIP+0x8757820]}
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                    000007fefd9c9055 3 bytes [B5, 6F, 06]
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                            000007fefd9d53c0 5 bytes [FF, 25, 70, AC, 0A]
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\system32\GDI32.dll!DeleteDC                                                                     000007feffaf22d0 6 bytes {JMP QWORD [RIP+0x20dd60]}
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\system32\GDI32.dll!BitBlt                                                                       000007feffaf24b8 6 bytes JMP 0
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\system32\GDI32.dll!MaskBlt                                                                      000007feffaf5be0 6 bytes JMP 22c05a0
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\system32\GDI32.dll!CreateDCW                                                                    000007feffaf8384 6 bytes {JMP QWORD [RIP+0xa7cac]}
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\system32\GDI32.dll!CreateDCA                                                                    000007feffaf89c4 6 bytes JMP 67
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\system32\GDI32.dll!GetPixel                                                                     000007feffaf933c 6 bytes {JMP QWORD [RIP+0x1e6cf4]}
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\system32\GDI32.dll!StretchBlt                                                                   000007feffafb9e8 6 bytes JMP 370046
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\system32\GDI32.dll!PlgBlt                                                                       000007feffafc8b0 6 bytes JMP 0
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA                                                      000007feffbfa6f0 6 bytes {JMP QWORD [RIP+0xb5940]}
.text  C:\Windows\system32\svchost.exe[992] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                   000007feffc20c10 6 bytes {JMP QWORD [RIP+0xaf420]}
.text  C:\Windows\system32\atiesrxx.exe[256] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                     000000007789a420 6 bytes {JMP QWORD [RIP+0x8805c10]}
.text  C:\Windows\system32\atiesrxx.exe[256] C:\Windows\system32\kernel32.dll!CreateProcessW                                                           00000000778b1b50 6 bytes {JMP QWORD [RIP+0x87ae4e0]}
.text  C:\Windows\system32\atiesrxx.exe[256] C:\Windows\system32\kernel32.dll!CreateProcessA                                                           0000000077928810 6 bytes {JMP QWORD [RIP+0x8757820]}
.text  C:\Windows\system32\atiesrxx.exe[256] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                   000007fefd9c9055 3 bytes [B5, 6F, 0A]
.text  C:\Windows\system32\atiesrxx.exe[256] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                           000007fefd9d53c0 5 bytes [FF, 25, 70, AC, 0E]
.text  C:\Windows\system32\atiesrxx.exe[256] C:\Windows\system32\GDI32.dll!DeleteDC                                                                    000007feffaf22d0 6 bytes {JMP QWORD [RIP+0x20dd60]}
.text  C:\Windows\system32\atiesrxx.exe[256] C:\Windows\system32\GDI32.dll!BitBlt                                                                      000007feffaf24b8 6 bytes {JMP QWORD [RIP+0x2cdb78]}
.text  C:\Windows\system32\atiesrxx.exe[256] C:\Windows\system32\GDI32.dll!MaskBlt                                                                     000007feffaf5be0 6 bytes {JMP QWORD [RIP+0x2fa450]}
.text  C:\Windows\system32\atiesrxx.exe[256] C:\Windows\system32\GDI32.dll!CreateDCW                                                                   000007feffaf8384 6 bytes {JMP QWORD [RIP+0xa7cac]}
.text  C:\Windows\system32\atiesrxx.exe[256] C:\Windows\system32\GDI32.dll!CreateDCA                                                                   000007feffaf89c4 6 bytes {JMP QWORD [RIP+0x8766c]}
.text  C:\Windows\system32\atiesrxx.exe[256] C:\Windows\system32\GDI32.dll!GetPixel                                                                    000007feffaf933c 6 bytes {JMP QWORD [RIP+0x1e6cf4]}
.text  C:\Windows\system32\atiesrxx.exe[256] C:\Windows\system32\GDI32.dll!StretchBlt                                                                  000007feffafb9e8 6 bytes {JMP QWORD [RIP+0x334648]}
.text  C:\Windows\system32\atiesrxx.exe[256] C:\Windows\system32\GDI32.dll!PlgBlt                                                                      000007feffafc8b0 6 bytes {JMP QWORD [RIP+0x313780]}
.text  C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                 0000000077ad3b10 6 bytes {JMP QWORD [RIP+0x856c520]}
.text  C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                      0000000077b013a0 6 bytes {JMP QWORD [RIP+0x851ec90]}
.text  C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                           0000000077b01570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text  C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                   0000000077b015e0 6 bytes {JMP QWORD [RIP+0x8bbea50]}
.text  C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                0000000077b01620 6 bytes {JMP QWORD [RIP+0x8b7ea10]}
.text  C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                      0000000077b016c0 6 bytes {JMP QWORD [RIP+0x8bde970]}
.text  C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                              0000000077b01750 6 bytes {JMP QWORD [RIP+0x8b5e8e0]}
.text  C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                               0000000077b01790 6 bytes {JMP QWORD [RIP+0x8a5e8a0]}
.text  C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                            0000000077b017e0 6 bytes {JMP QWORD [RIP+0x8a7e850]}
.text  C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                 0000000077b01800 6 bytes {JMP QWORD [RIP+0x8b9e830]}
.text  C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                            0000000077b019f0 6 bytes {JMP QWORD [RIP+0x8c5e640]}
.text  C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                    0000000077b01b00 6 bytes {JMP QWORD [RIP+0x8a3e530]}
.text  C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                0000000077b01bd0 6 bytes {JMP QWORD [RIP+0x8afe460]}
.text  C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                   0000000077b01d20 6 bytes {JMP QWORD [RIP+0x8bfe310]}
.text  C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                             0000000077b01d30 6 bytes {JMP QWORD [RIP+0x8c3e300]}
.text  C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                 0000000077b020a0 6 bytes {JMP QWORD [RIP+0x8b1df90]}
.text  C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                        0000000077b02130 6 bytes {JMP QWORD [RIP+0x8c1df00]}
.text  C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                       0000000077b029a0 6 bytes {JMP QWORD [RIP+0x8b3d690]}
.text  C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                             0000000077b02a20 6 bytes {JMP QWORD [RIP+0x8a9d610]}
.text  C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                         0000000077b02aa0 6 bytes {JMP QWORD [RIP+0x8abd590]}
.text  C:\Windows\System32\svchost.exe[484] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                      000000007789a420 6 bytes {JMP QWORD [RIP+0x8805c10]}
.text  C:\Windows\System32\svchost.exe[484] C:\Windows\system32\kernel32.dll!CreateProcessW                                                            00000000778b1b50 6 bytes {JMP QWORD [RIP+0x87ae4e0]}
.text  C:\Windows\System32\svchost.exe[484] C:\Windows\system32\kernel32.dll!CreateProcessA                                                            0000000077928810 6 bytes {JMP QWORD [RIP+0x8757820]}
.text  C:\Windows\System32\svchost.exe[484] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                    000007fefd9c9055 3 bytes CALL 0
.text  C:\Windows\System32\svchost.exe[484] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                            000007fefd9d53c0 5 bytes [FF, 25, 70, AC, 0A]
.text  C:\Windows\System32\svchost.exe[484] C:\Windows\system32\GDI32.dll!DeleteDC                                                                     000007feffaf22d0 6 bytes {JMP QWORD [RIP+0x20dd60]}
.text  C:\Windows\System32\svchost.exe[484] C:\Windows\system32\GDI32.dll!BitBlt                                                                       000007feffaf24b8 6 bytes JMP 0
.text  C:\Windows\System32\svchost.exe[484] C:\Windows\system32\GDI32.dll!MaskBlt                                                                      000007feffaf5be0 6 bytes JMP a0000000
.text  C:\Windows\System32\svchost.exe[484] C:\Windows\system32\GDI32.dll!CreateDCW                                                                    000007feffaf8384 6 bytes {JMP QWORD [RIP+0xa7cac]}
.text  C:\Windows\System32\svchost.exe[484] C:\Windows\system32\GDI32.dll!CreateDCA                                                                    000007feffaf89c4 6 bytes {JMP QWORD [RIP+0x8766c]}
.text  C:\Windows\System32\svchost.exe[484] C:\Windows\system32\GDI32.dll!GetPixel                                                                     000007feffaf933c 6 bytes {JMP QWORD [RIP+0x1e6cf4]}
.text  C:\Windows\System32\svchost.exe[484] C:\Windows\system32\GDI32.dll!StretchBlt                                                                   000007feffafb9e8 6 bytes JMP 0
.text  C:\Windows\System32\svchost.exe[484] C:\Windows\system32\GDI32.dll!PlgBlt                                                                       000007feffafc8b0 6 bytes JMP 0
.text  C:\Windows\System32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                 0000000077ad3b10 6 bytes JMP 8574218
.text  C:\Windows\System32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                      0000000077b013a0 6 bytes JMP 33e80
.text  C:\Windows\System32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                           0000000077b01570 6 bytes JMP 8ade228
.text  C:\Windows\System32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                   0000000077b015e0 6 bytes JMP 8bb1820
.text  C:\Windows\System32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                0000000077b01620 6 bytes JMP 8b7eeb8
.text  C:\Windows\System32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                      0000000077b016c0 6 bytes JMP 101ade4
.text  C:\Windows\System32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                              0000000077b01750 6 bytes JMP 8b5ea40
.text  C:\Windows\System32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                               0000000077b01790 6 bytes JMP 4145c0
.text  C:\Windows\System32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                            0000000077b017e0 6 bytes JMP 8c9c810
.text  C:\Windows\System32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                 0000000077b01800 6 bytes JMP 8b6e4d1
.text  C:\Windows\System32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                            0000000077b019f0 6 bytes JMP 8d47c98
.text  C:\Windows\System32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                    0000000077b01b00 6 bytes JMP 3fa8400c
.text  C:\Windows\System32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                0000000077b01bd0 6 bytes JMP 8a496d1
.text  C:\Windows\System32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                   0000000077b01d20 6 bytes JMP 8b047a8
.text  C:\Windows\System32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                             0000000077b01d30 6 bytes JMP 37ac0
.text  C:\Windows\System32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                 0000000077b020a0 6 bytes JMP 8a4be11
.text  C:\Windows\System32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                        0000000077b02130 6 bytes JMP 109e64c
.text  C:\Windows\System32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                       0000000077b029a0 6 bytes JMP 8b3ce90
.text  C:\Windows\System32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                             0000000077b02a20 6 bytes JMP d2cc0
.text  C:\Windows\System32\svchost.exe[360] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                         0000000077b02aa0 6 bytes JMP 8ac0920
.text  C:\Windows\System32\svchost.exe[360] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                      000000007789a420 6 bytes JMP 8840159
.text  C:\Windows\System32\svchost.exe[360] C:\Windows\system32\kernel32.dll!CreateProcessW                                                            00000000778b1b50 6 bytes JMP 87b4e01
.text  C:\Windows\System32\svchost.exe[360] C:\Windows\system32\kernel32.dll!CreateProcessA                                                            0000000077928810 6 bytes JMP 85161b1
.text  C:\Windows\System32\svchost.exe[360] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                    000007fefd9c9055 3 bytes CALL 9000027
.text  C:\Windows\System32\svchost.exe[360] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                            000007fefd9d53c0 5 bytes [FF, 25, 70, AC, 0A]
.text  C:\Windows\System32\svchost.exe[360] C:\Windows\system32\GDI32.dll!DeleteDC                                                                     000007feffaf22d0 6 bytes {JMP QWORD [RIP+0x20dd60]}
.text  C:\Windows\System32\svchost.exe[360] C:\Windows\system32\GDI32.dll!BitBlt                                                                       000007feffaf24b8 6 bytes JMP 0
.text  C:\Windows\System32\svchost.exe[360] C:\Windows\system32\GDI32.dll!MaskBlt                                                                      000007feffaf5be0 6 bytes {JMP QWORD [RIP+0x2fa450]}
.text  C:\Windows\System32\svchost.exe[360] C:\Windows\system32\GDI32.dll!CreateDCW                                                                    000007feffaf8384 6 bytes {JMP QWORD [RIP+0xa7cac]}
.text  C:\Windows\System32\svchost.exe[360] C:\Windows\system32\GDI32.dll!CreateDCA                                                                    000007feffaf89c4 6 bytes {JMP QWORD [RIP+0x8766c]}
.text  C:\Windows\System32\svchost.exe[360] C:\Windows\system32\GDI32.dll!GetPixel                                                                     000007feffaf933c 6 bytes {JMP QWORD [RIP+0x1e6cf4]}
.text  C:\Windows\System32\svchost.exe[360] C:\Windows\system32\GDI32.dll!StretchBlt                                                                   000007feffafb9e8 6 bytes {JMP QWORD [RIP+0x334648]}
.text  C:\Windows\System32\svchost.exe[360] C:\Windows\system32\GDI32.dll!PlgBlt                                                                       000007feffafc8b0 6 bytes {JMP QWORD [RIP+0x313780]}
.text  C:\Windows\System32\svchost.exe[360] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA                                                      000007feffbfa6f0 6 bytes {JMP QWORD [RIP+0xb5940]}
.text  C:\Windows\System32\svchost.exe[360] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                   000007feffc20c10 6 bytes JMP 6200620
.text  C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                 0000000077ad3b10 6 bytes {JMP QWORD [RIP+0x856c520]}
.text  C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                      0000000077b013a0 6 bytes {JMP QWORD [RIP+0x851ec90]}
.text  C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                           0000000077b01570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text  C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                   0000000077b015e0 6 bytes {JMP QWORD [RIP+0x8bbea50]}
.text  C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                0000000077b01620 6 bytes {JMP QWORD [RIP+0x8b7ea10]}
.text  C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                      0000000077b016c0 6 bytes {JMP QWORD [RIP+0x8bde970]}
.text  C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                              0000000077b01750 6 bytes {JMP QWORD [RIP+0x8b5e8e0]}
.text  C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                               0000000077b01790 6 bytes {JMP QWORD [RIP+0x8a5e8a0]}
.text  C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                            0000000077b017e0 6 bytes {JMP QWORD [RIP+0x8a7e850]}
.text  C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                 0000000077b01800 6 bytes {JMP QWORD [RIP+0x8b9e830]}
.text  C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                            0000000077b019f0 6 bytes {JMP QWORD [RIP+0x8c5e640]}
.text  C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                    0000000077b01b00 6 bytes {JMP QWORD [RIP+0x8a3e530]}
.text  C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                0000000077b01bd0 6 bytes {JMP QWORD [RIP+0x8afe460]}
.text  C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                   0000000077b01d20 6 bytes {JMP QWORD [RIP+0x8bfe310]}
.text  C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                             0000000077b01d30 6 bytes {JMP QWORD [RIP+0x8c3e300]}
.text  C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                 0000000077b020a0 6 bytes {JMP QWORD [RIP+0x8b1df90]}
.text  C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                        0000000077b02130 6 bytes {JMP QWORD [RIP+0x8c1df00]}
.text  C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                       0000000077b029a0 6 bytes {JMP QWORD [RIP+0x8b3d690]}
.text  C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                             0000000077b02a20 6 bytes {JMP QWORD [RIP+0x8a9d610]}
.text  C:\Windows\system32\svchost.exe[928] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                         0000000077b02aa0 6 bytes {JMP QWORD [RIP+0x8abd590]}
.text  C:\Windows\system32\svchost.exe[928] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                      000000007789a420 6 bytes {JMP QWORD [RIP+0x8805c10]}
.text  C:\Windows\system32\svchost.exe[928] C:\Windows\system32\kernel32.dll!CreateProcessW                                                            00000000778b1b50 6 bytes {JMP QWORD [RIP+0x87ae4e0]}
.text  C:\Windows\system32\svchost.exe[928] C:\Windows\system32\kernel32.dll!CreateProcessA                                                            0000000077928810 6 bytes {JMP QWORD [RIP+0x8757820]}
.text  C:\Windows\system32\svchost.exe[928] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                    000007fefd9c9055 3 bytes CALL 9000027
.text  C:\Windows\system32\svchost.exe[928] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                            000007fefd9d53c0 5 bytes [FF, 25, 70, AC, 0A]
.text  C:\Windows\system32\svchost.exe[928] C:\Windows\system32\GDI32.dll!DeleteDC                                                                     000007feffaf22d0 6 bytes {JMP QWORD [RIP+0x20dd60]}
.text  C:\Windows\system32\svchost.exe[928] C:\Windows\system32\GDI32.dll!BitBlt                                                                       000007feffaf24b8 6 bytes JMP 400003
.text  C:\Windows\system32\svchost.exe[928] C:\Windows\system32\GDI32.dll!MaskBlt                                                                      000007feffaf5be0 6 bytes JMP 0
.text  C:\Windows\system32\svchost.exe[928] C:\Windows\system32\GDI32.dll!CreateDCW                                                                    000007feffaf8384 6 bytes {JMP QWORD [RIP+0xa7cac]}
.text  C:\Windows\system32\svchost.exe[928] C:\Windows\system32\GDI32.dll!CreateDCA                                                                    000007feffaf89c4 6 bytes {JMP QWORD [RIP+0x8766c]}
.text  C:\Windows\system32\svchost.exe[928] C:\Windows\system32\GDI32.dll!GetPixel                                                                     000007feffaf933c 6 bytes {JMP QWORD [RIP+0x1e6cf4]}
.text  C:\Windows\system32\svchost.exe[928] C:\Windows\system32\GDI32.dll!StretchBlt                                                                   000007feffafb9e8 6 bytes JMP 5c0044
.text  C:\Windows\system32\svchost.exe[928] C:\Windows\system32\GDI32.dll!PlgBlt                                                                       000007feffafc8b0 6 bytes JMP 0
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                0000000077ad3b10 6 bytes {JMP QWORD [RIP+0x856c520]}
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                     0000000077b013a0 6 bytes {JMP QWORD [RIP+0x851ec90]}
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                          0000000077b01570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                  0000000077b015e0 6 bytes {JMP QWORD [RIP+0x8bbea50]}
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                               0000000077b01620 6 bytes {JMP QWORD [RIP+0x8b7ea10]}
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                     0000000077b016c0 6 bytes {JMP QWORD [RIP+0x8bde970]}
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                             0000000077b01750 6 bytes {JMP QWORD [RIP+0x8b5e8e0]}
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                              0000000077b01790 6 bytes {JMP QWORD [RIP+0x8a5e8a0]}
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                           0000000077b017e0 6 bytes {JMP QWORD [RIP+0x8a7e850]}
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                0000000077b01800 6 bytes {JMP QWORD [RIP+0x8b9e830]}
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                           0000000077b019f0 6 bytes {JMP QWORD [RIP+0x8c5e640]}
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                   0000000077b01b00 6 bytes {JMP QWORD [RIP+0x8a3e530]}
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                               0000000077b01bd0 6 bytes {JMP QWORD [RIP+0x8afe460]}
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                  0000000077b01d20 6 bytes {JMP QWORD [RIP+0x8bfe310]}
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                            0000000077b01d30 6 bytes {JMP QWORD [RIP+0x8c3e300]}
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                0000000077b020a0 6 bytes {JMP QWORD [RIP+0x8b1df90]}
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                       0000000077b02130 6 bytes {JMP QWORD [RIP+0x8c1df00]}
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                      0000000077b029a0 6 bytes {JMP QWORD [RIP+0x8b3d690]}
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                            0000000077b02a20 6 bytes {JMP QWORD [RIP+0x8a9d610]}
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                        0000000077b02aa0 6 bytes {JMP QWORD [RIP+0x8abd590]}
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                     000000007789a420 6 bytes {JMP QWORD [RIP+0x8805c10]}
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\system32\kernel32.dll!CreateProcessW                                                           00000000778b1b50 6 bytes {JMP QWORD [RIP+0x87ae4e0]}
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\system32\kernel32.dll!CreateProcessA                                                           0000000077928810 6 bytes {JMP QWORD [RIP+0x8757820]}
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                   000007fefd9c9055 3 bytes CALL 0
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                           000007fefd9d53c0 5 bytes [FF, 25, 70, AC, 0A]
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx                                                      000007fefe2e4750 6 bytes {JMP QWORD [RIP+0x10b8e0]}
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\system32\GDI32.dll!DeleteDC                                                                    000007feffaf22d0 6 bytes {JMP QWORD [RIP+0x20dd60]}
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\system32\GDI32.dll!BitBlt                                                                      000007feffaf24b8 6 bytes JMP 200072
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\system32\GDI32.dll!CreateDCW                                                                   000007feffaf8384 6 bytes {JMP QWORD [RIP+0xa7cac]}
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\system32\GDI32.dll!CreateDCA                                                                   000007feffaf89c4 6 bytes {JMP QWORD [RIP+0x8766c]}
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\system32\GDI32.dll!GetPixel                                                                    000007feffaf933c 6 bytes {JMP QWORD [RIP+0x1e6cf4]}
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\system32\GDI32.dll!StretchBlt                                                                  000007feffafb9e8 6 bytes JMP 0
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\system32\GDI32.dll!PlgBlt                                                                      000007feffafc8b0 6 bytes JMP 1
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA                                                     000007feffbfa6f0 6 bytes {JMP QWORD [RIP+0xb5940]}
.text  C:\Windows\system32\svchost.exe[1044] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                  000007feffc20c10 6 bytes {JMP QWORD [RIP+0xaf420]}
.text  C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                   000007fefd9c9055 3 bytes CALL 9000027
.text  C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                           000007fefd9d53c0 5 bytes [FF, 25, 70, AC, 0A]
.text  C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\GDI32.dll!DeleteDC                                                                    000007feffaf22d0 6 bytes {JMP QWORD [RIP+0x20dd60]}
.text  C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\GDI32.dll!BitBlt                                                                      000007feffaf24b8 6 bytes JMP 0
.text  C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\GDI32.dll!MaskBlt                                                                     000007feffaf5be0 6 bytes JMP 0
.text  C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\GDI32.dll!CreateDCW                                                                   000007feffaf8384 6 bytes {JMP QWORD [RIP+0xa7cac]}
.text  C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\GDI32.dll!CreateDCA                                                                   000007feffaf89c4 6 bytes {JMP QWORD [RIP+0x8766c]}
.text  C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\GDI32.dll!GetPixel                                                                    000007feffaf933c 6 bytes {JMP QWORD [RIP+0x1e6cf4]}
.text  C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\GDI32.dll!StretchBlt                                                                  000007feffafb9e8 6 bytes JMP 0
.text  C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\GDI32.dll!PlgBlt                                                                      000007feffafc8b0 6 bytes JMP 0
.text  C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                0000000077ad3b10 6 bytes {JMP QWORD [RIP+0x856c520]}
.text  C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                     0000000077b013a0 6 bytes {JMP QWORD [RIP+0x851ec90]}
.text  C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                          0000000077b01570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text  C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                  0000000077b015e0 6 bytes {JMP QWORD [RIP+0x8bbea50]}
.text  C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                               0000000077b01620 6 bytes {JMP QWORD [RIP+0x8b7ea10]}
.text  C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                     0000000077b016c0 6 bytes {JMP QWORD [RIP+0x8bde970]}
.text  C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                             0000000077b01750 6 bytes {JMP QWORD [RIP+0x8b5e8e0]}
.text  C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                              0000000077b01790 6 bytes {JMP QWORD [RIP+0x8a5e8a0]}
.text  C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                           0000000077b017e0 6 bytes {JMP QWORD [RIP+0x8a7e850]}
.text  C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                0000000077b01800 6 bytes {JMP QWORD [RIP+0x8b9e830]}
.text  C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                           0000000077b019f0 6 bytes {JMP QWORD [RIP+0x8c5e640]}
.text  C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                   0000000077b01b00 6 bytes {JMP QWORD [RIP+0x8a3e530]}
.text  C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                               0000000077b01bd0 6 bytes {JMP QWORD [RIP+0x8afe460]}
.text  C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                  0000000077b01d20 6 bytes {JMP QWORD [RIP+0x8bfe310]}
.text  C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                            0000000077b01d30 6 bytes {JMP QWORD [RIP+0x8c3e300]}
.text  C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                0000000077b020a0 6 bytes {JMP QWORD [RIP+0x8b1df90]}


Alt 21.11.2013, 14:03   #6
FFrank
 
Windows 7: merkwürdiges Verhalten (Prozesse beenden sehr langsam, Bildschirmflackern, seltsame Internetverbindung) - Standard

Windows 7: merkwürdiges Verhalten (Prozesse beenden sehr langsam, Bildschirmflackern, seltsame Internetverbindung)


GMER.txt [2]
Code:
ATTFilter
.text  C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                       0000000077b02130 6 bytes {JMP QWORD [RIP+0x8c1df00]}
.text  C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                      0000000077b029a0 6 bytes {JMP QWORD [RIP+0x8b3d690]}
.text  C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                            0000000077b02a20 6 bytes {JMP QWORD [RIP+0x8a9d610]}
.text  C:\Windows\System32\spoolsv.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                        0000000077b02aa0 6 bytes {JMP QWORD [RIP+0x8abd590]}
.text  C:\Windows\System32\spoolsv.exe[1484] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                     000000007789a420 6 bytes {JMP QWORD [RIP+0x8805c10]}
.text  C:\Windows\System32\spoolsv.exe[1484] C:\Windows\system32\kernel32.dll!CreateProcessW                                                           00000000778b1b50 6 bytes {JMP QWORD [RIP+0x87ae4e0]}
.text  C:\Windows\System32\spoolsv.exe[1484] C:\Windows\system32\kernel32.dll!CreateProcessA                                                           0000000077928810 6 bytes {JMP QWORD [RIP+0x8757820]}
.text  C:\Windows\System32\spoolsv.exe[1484] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                   000007fefd9c9055 3 bytes CALL 0
.text  C:\Windows\System32\spoolsv.exe[1484] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                           000007fefd9d53c0 5 bytes JMP 0
.text  C:\Windows\System32\spoolsv.exe[1484] C:\Windows\system32\GDI32.dll!DeleteDC                                                                    000007feffaf22d0 6 bytes {JMP QWORD [RIP+0x31dd60]}
.text  C:\Windows\System32\spoolsv.exe[1484] C:\Windows\system32\GDI32.dll!BitBlt                                                                      000007feffaf24b8 6 bytes {JMP QWORD [RIP+0x33db78]}
.text  C:\Windows\System32\spoolsv.exe[1484] C:\Windows\system32\GDI32.dll!MaskBlt                                                                     000007feffaf5be0 6 bytes {JMP QWORD [RIP+0x35a450]}
.text  C:\Windows\System32\spoolsv.exe[1484] C:\Windows\system32\GDI32.dll!CreateDCW                                                                   000007feffaf8384 6 bytes {JMP QWORD [RIP+0x2c7cac]}
.text  C:\Windows\System32\spoolsv.exe[1484] C:\Windows\system32\GDI32.dll!CreateDCA                                                                   000007feffaf89c4 6 bytes {JMP QWORD [RIP+0x1f766c]}
.text  C:\Windows\System32\spoolsv.exe[1484] C:\Windows\system32\GDI32.dll!GetPixel                                                                    000007feffaf933c 6 bytes {JMP QWORD [RIP+0x2f6cf4]}
.text  C:\Windows\System32\spoolsv.exe[1484] C:\Windows\system32\GDI32.dll!StretchBlt                                                                  000007feffafb9e8 6 bytes {JMP QWORD [RIP+0x394648]}
.text  C:\Windows\System32\spoolsv.exe[1484] C:\Windows\system32\GDI32.dll!PlgBlt                                                                      000007feffafc8b0 6 bytes {JMP QWORD [RIP+0x373780]}
.text  C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                0000000077ad3b10 6 bytes {JMP QWORD [RIP+0x856c520]}
.text  C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                     0000000077b013a0 6 bytes {JMP QWORD [RIP+0x851ec90]}
.text  C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                          0000000077b01570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text  C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                  0000000077b015e0 6 bytes {JMP QWORD [RIP+0x8bbea50]}
.text  C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                               0000000077b01620 6 bytes {JMP QWORD [RIP+0x8b7ea10]}
.text  C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                     0000000077b016c0 6 bytes {JMP QWORD [RIP+0x8bde970]}
.text  C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                             0000000077b01750 6 bytes {JMP QWORD [RIP+0x8b5e8e0]}
.text  C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                              0000000077b01790 6 bytes {JMP QWORD [RIP+0x8a5e8a0]}
.text  C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                           0000000077b017e0 6 bytes {JMP QWORD [RIP+0x8a7e850]}
.text  C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                0000000077b01800 6 bytes {JMP QWORD [RIP+0x8b9e830]}
.text  C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                           0000000077b019f0 6 bytes {JMP QWORD [RIP+0x8c5e640]}
.text  C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                   0000000077b01b00 6 bytes {JMP QWORD [RIP+0x8a3e530]}
.text  C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                               0000000077b01bd0 6 bytes {JMP QWORD [RIP+0x8afe460]}
.text  C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                  0000000077b01d20 6 bytes {JMP QWORD [RIP+0x8bfe310]}
.text  C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                            0000000077b01d30 6 bytes {JMP QWORD [RIP+0x8c3e300]}
.text  C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                0000000077b020a0 6 bytes {JMP QWORD [RIP+0x8b1df90]}
.text  C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                       0000000077b02130 6 bytes {JMP QWORD [RIP+0x8c1df00]}
.text  C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                      0000000077b029a0 6 bytes {JMP QWORD [RIP+0x8b3d690]}
.text  C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                            0000000077b02a20 6 bytes {JMP QWORD [RIP+0x8a9d610]}
.text  C:\Windows\system32\svchost.exe[1524] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                        0000000077b02aa0 6 bytes {JMP QWORD [RIP+0x8abd590]}
.text  C:\Windows\system32\svchost.exe[1524] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                     000000007789a420 6 bytes {JMP QWORD [RIP+0x8805c10]}
.text  C:\Windows\system32\svchost.exe[1524] C:\Windows\system32\kernel32.dll!CreateProcessW                                                           00000000778b1b50 6 bytes {JMP QWORD [RIP+0x87ae4e0]}
.text  C:\Windows\system32\svchost.exe[1524] C:\Windows\system32\kernel32.dll!CreateProcessA                                                           0000000077928810 6 bytes {JMP QWORD [RIP+0x8757820]}
.text  C:\Windows\system32\svchost.exe[1524] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                   000007fefd9c9055 3 bytes [B5, 6F, 06]
.text  C:\Windows\system32\svchost.exe[1524] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                           000007fefd9d53c0 5 bytes [FF, 25, 70, AC, 0A]
.text  C:\Windows\system32\svchost.exe[1524] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx                                                      000007fefe2e4750 6 bytes {JMP QWORD [RIP+0x10b8e0]}
.text  C:\Windows\system32\svchost.exe[1524] C:\Windows\system32\GDI32.dll!DeleteDC                                                                    000007feffaf22d0 6 bytes {JMP QWORD [RIP+0x20dd60]}
.text  C:\Windows\system32\svchost.exe[1524] C:\Windows\system32\GDI32.dll!BitBlt                                                                      000007feffaf24b8 6 bytes JMP 0
.text  C:\Windows\system32\svchost.exe[1524] C:\Windows\system32\GDI32.dll!MaskBlt                                                                     000007feffaf5be0 6 bytes JMP 0
.text  C:\Windows\system32\svchost.exe[1524] C:\Windows\system32\GDI32.dll!CreateDCW                                                                   000007feffaf8384 6 bytes {JMP QWORD [RIP+0xa7cac]}
.text  C:\Windows\system32\svchost.exe[1524] C:\Windows\system32\GDI32.dll!CreateDCA                                                                   000007feffaf89c4 6 bytes {JMP QWORD [RIP+0x8766c]}
.text  C:\Windows\system32\svchost.exe[1524] C:\Windows\system32\GDI32.dll!GetPixel                                                                    000007feffaf933c 6 bytes {JMP QWORD [RIP+0x1e6cf4]}
.text  C:\Windows\system32\svchost.exe[1524] C:\Windows\system32\GDI32.dll!StretchBlt                                                                  000007feffafb9e8 6 bytes JMP 334640
.text  C:\Windows\system32\svchost.exe[1524] C:\Windows\system32\GDI32.dll!PlgBlt                                                                      000007feffafc8b0 6 bytes JMP 0
.text  C:\Windows\system32\svchost.exe[1524] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA                                                     000007feffbfa6f0 6 bytes {JMP QWORD [RIP+0xb5940]}
.text  C:\Windows\system32\svchost.exe[1524] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                  000007feffc20c10 6 bytes {JMP QWORD [RIP+0xaf420]}
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                0000000077ad3b10 6 bytes {JMP QWORD [RIP+0x856c520]}
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                     0000000077b013a0 6 bytes {JMP QWORD [RIP+0x851ec90]}
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                          0000000077b01570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                  0000000077b015e0 6 bytes {JMP QWORD [RIP+0x8bbea50]}
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                               0000000077b01620 6 bytes {JMP QWORD [RIP+0x8b7ea10]}
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                     0000000077b016c0 6 bytes {JMP QWORD [RIP+0x8bde970]}
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                             0000000077b01750 6 bytes {JMP QWORD [RIP+0x8b5e8e0]}
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                              0000000077b01790 6 bytes {JMP QWORD [RIP+0x8a5e8a0]}
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                           0000000077b017e0 6 bytes {JMP QWORD [RIP+0x8a7e850]}
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                0000000077b01800 6 bytes {JMP QWORD [RIP+0x8b9e830]}
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                           0000000077b019f0 6 bytes {JMP QWORD [RIP+0x8c5e640]}
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                   0000000077b01b00 6 bytes {JMP QWORD [RIP+0x8a3e530]}
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                               0000000077b01bd0 6 bytes {JMP QWORD [RIP+0x8afe460]}
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                  0000000077b01d20 6 bytes {JMP QWORD [RIP+0x8bfe310]}
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                            0000000077b01d30 6 bytes {JMP QWORD [RIP+0x8c3e300]}
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                0000000077b020a0 6 bytes {JMP QWORD [RIP+0x8b1df90]}
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                       0000000077b02130 6 bytes {JMP QWORD [RIP+0x8c1df00]}
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                      0000000077b029a0 6 bytes {JMP QWORD [RIP+0x8b3d690]}
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                            0000000077b02a20 6 bytes {JMP QWORD [RIP+0x8a9d610]}
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1568] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                        0000000077b02aa0 6 bytes {JMP QWORD [RIP+0x8abd590]}
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1568] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                     000000007789a420 6 bytes {JMP QWORD [RIP+0x8805c10]}
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1568] C:\Windows\system32\kernel32.dll!CreateProcessW                           00000000778b1b50 6 bytes {JMP QWORD [RIP+0x87ae4e0]}
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1568] C:\Windows\system32\kernel32.dll!CreateProcessA                           0000000077928810 6 bytes {JMP QWORD [RIP+0x8757820]}
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1568] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                   000007fefd9c9055 3 bytes [B5, 6F, 0A]
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1568] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters           000007fefd9d53c0 5 bytes [FF, 25, 70, AC, 0E]
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1568] C:\Windows\system32\GDI32.dll!DeleteDC                                    000007feffaf22d0 6 bytes {JMP QWORD [RIP+0x20dd60]}
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1568] C:\Windows\system32\GDI32.dll!BitBlt                                      000007feffaf24b8 6 bytes {JMP QWORD [RIP+0x2cdb78]}
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1568] C:\Windows\system32\GDI32.dll!MaskBlt                                     000007feffaf5be0 6 bytes JMP 0
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1568] C:\Windows\system32\GDI32.dll!CreateDCW                                   000007feffaf8384 6 bytes {JMP QWORD [RIP+0xa7cac]}
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1568] C:\Windows\system32\GDI32.dll!CreateDCA                                   000007feffaf89c4 6 bytes {JMP QWORD [RIP+0x8766c]}
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1568] C:\Windows\system32\GDI32.dll!GetPixel                                    000007feffaf933c 6 bytes JMP 0
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1568] C:\Windows\system32\GDI32.dll!StretchBlt                                  000007feffafb9e8 6 bytes JMP 0
.text  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1568] C:\Windows\system32\GDI32.dll!PlgBlt                                      000007feffafc8b0 6 bytes JMP 3a0043
.text  C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                0000000077ad3b10 6 bytes {JMP QWORD [RIP+0x856c520]}
.text  C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                     0000000077b013a0 6 bytes {JMP QWORD [RIP+0x851ec90]}
.text  C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                          0000000077b01570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text  C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                  0000000077b015e0 6 bytes {JMP QWORD [RIP+0x8bbea50]}
.text  C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                               0000000077b01620 6 bytes {JMP QWORD [RIP+0x8b7ea10]}
.text  C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                     0000000077b016c0 6 bytes {JMP QWORD [RIP+0x8bde970]}
.text  C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                             0000000077b01750 6 bytes {JMP QWORD [RIP+0x8b5e8e0]}
.text  C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                              0000000077b01790 6 bytes {JMP QWORD [RIP+0x8a5e8a0]}
.text  C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                           0000000077b017e0 6 bytes {JMP QWORD [RIP+0x8a7e850]}
.text  C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                0000000077b01800 6 bytes {JMP QWORD [RIP+0x8b9e830]}
.text  C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                           0000000077b019f0 6 bytes {JMP QWORD [RIP+0x8c5e640]}
.text  C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                   0000000077b01b00 6 bytes {JMP QWORD [RIP+0x8a3e530]}
.text  C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                               0000000077b01bd0 6 bytes {JMP QWORD [RIP+0x8afe460]}
.text  C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                  0000000077b01d20 6 bytes {JMP QWORD [RIP+0x8bfe310]}
.text  C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                            0000000077b01d30 6 bytes {JMP QWORD [RIP+0x8c3e300]}
.text  C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                0000000077b020a0 6 bytes {JMP QWORD [RIP+0x8b1df90]}
.text  C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                       0000000077b02130 6 bytes {JMP QWORD [RIP+0x8c1df00]}
.text  C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                      0000000077b029a0 6 bytes {JMP QWORD [RIP+0x8b3d690]}
.text  C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                            0000000077b02a20 6 bytes {JMP QWORD [RIP+0x8a9d610]}
.text  C:\Windows\system32\svchost.exe[1696] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                        0000000077b02aa0 6 bytes {JMP QWORD [RIP+0x8abd590]}
.text  C:\Windows\system32\svchost.exe[1696] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                     000000007789a420 6 bytes {JMP QWORD [RIP+0x8805c10]}
.text  C:\Windows\system32\svchost.exe[1696] C:\Windows\system32\kernel32.dll!CreateProcessW                                                           00000000778b1b50 6 bytes {JMP QWORD [RIP+0x87ae4e0]}
.text  C:\Windows\system32\svchost.exe[1696] C:\Windows\system32\kernel32.dll!CreateProcessA                                                           0000000077928810 6 bytes {JMP QWORD [RIP+0x8757820]}
.text  C:\Windows\system32\svchost.exe[1696] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                   000007fefd9c9055 3 bytes CALL 9000027
.text  C:\Windows\system32\svchost.exe[1696] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                           000007fefd9d53c0 5 bytes [FF, 25, 70, AC, 0A]
.text  C:\Windows\system32\svchost.exe[1696] C:\Windows\system32\GDI32.dll!DeleteDC                                                                    000007feffaf22d0 6 bytes {JMP QWORD [RIP+0x20dd60]}
.text  C:\Windows\system32\svchost.exe[1696] C:\Windows\system32\GDI32.dll!BitBlt                                                                      000007feffaf24b8 6 bytes {JMP QWORD [RIP+0x2cdb78]}
.text  C:\Windows\system32\svchost.exe[1696] C:\Windows\system32\GDI32.dll!MaskBlt                                                                     000007feffaf5be0 6 bytes {JMP QWORD [RIP+0x2fa450]}
.text  C:\Windows\system32\svchost.exe[1696] C:\Windows\system32\GDI32.dll!CreateDCW                                                                   000007feffaf8384 6 bytes {JMP QWORD [RIP+0xa7cac]}
.text  C:\Windows\system32\svchost.exe[1696] C:\Windows\system32\GDI32.dll!CreateDCA                                                                   000007feffaf89c4 6 bytes {JMP QWORD [RIP+0x8766c]}
.text  C:\Windows\system32\svchost.exe[1696] C:\Windows\system32\GDI32.dll!GetPixel                                                                    000007feffaf933c 6 bytes JMP 0
.text  C:\Windows\system32\svchost.exe[1696] C:\Windows\system32\GDI32.dll!StretchBlt                                                                  000007feffafb9e8 6 bytes JMP 0
.text  C:\Windows\system32\svchost.exe[1696] C:\Windows\system32\GDI32.dll!PlgBlt                                                                      000007feffafc8b0 6 bytes JMP 0
.text  C:\Windows\system32\atieclxx.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                               0000000077ad3b10 6 bytes {JMP QWORD [RIP+0x856c520]}
.text  C:\Windows\system32\atieclxx.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                    0000000077b013a0 6 bytes {JMP QWORD [RIP+0x851ec90]}
.text  C:\Windows\system32\atieclxx.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                         0000000077b01570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text  C:\Windows\system32\atieclxx.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                 0000000077b015e0 6 bytes {JMP QWORD [RIP+0x8bbea50]}
.text  C:\Windows\system32\atieclxx.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                              0000000077b01620 6 bytes {JMP QWORD [RIP+0x8b7ea10]}
.text  C:\Windows\system32\atieclxx.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                    0000000077b016c0 6 bytes {JMP QWORD [RIP+0x8bde970]}
.text  C:\Windows\system32\atieclxx.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                            0000000077b01750 6 bytes {JMP QWORD [RIP+0x8b5e8e0]}
.text  C:\Windows\system32\atieclxx.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                             0000000077b01790 6 bytes {JMP QWORD [RIP+0x8a5e8a0]}
.text  C:\Windows\system32\atieclxx.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                          0000000077b017e0 6 bytes {JMP QWORD [RIP+0x8a7e850]}
.text  C:\Windows\system32\atieclxx.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                               0000000077b01800 6 bytes {JMP QWORD [RIP+0x8b9e830]}
.text  C:\Windows\system32\atieclxx.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                          0000000077b019f0 6 bytes {JMP QWORD [RIP+0x8c5e640]}
.text  C:\Windows\system32\atieclxx.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                  0000000077b01b00 6 bytes {JMP QWORD [RIP+0x8a3e530]}
.text  C:\Windows\system32\atieclxx.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                              0000000077b01bd0 6 bytes {JMP QWORD [RIP+0x8afe460]}
.text  C:\Windows\system32\atieclxx.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                 0000000077b01d20 6 bytes {JMP QWORD [RIP+0x8bfe310]}
.text  C:\Windows\system32\atieclxx.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                           0000000077b01d30 6 bytes {JMP QWORD [RIP+0x8c3e300]}
.text  C:\Windows\system32\atieclxx.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                               0000000077b020a0 6 bytes {JMP QWORD [RIP+0x8b1df90]}
.text  C:\Windows\system32\atieclxx.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                      0000000077b02130 6 bytes {JMP QWORD [RIP+0x8c1df00]}
.text  C:\Windows\system32\atieclxx.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                     0000000077b029a0 6 bytes {JMP QWORD [RIP+0x8b3d690]}
.text  C:\Windows\system32\atieclxx.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                           0000000077b02a20 6 bytes {JMP QWORD [RIP+0x8a9d610]}
.text  C:\Windows\system32\atieclxx.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                       0000000077b02aa0 6 bytes {JMP QWORD [RIP+0x8abd590]}
.text  C:\Windows\system32\atieclxx.exe[1860] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                  000007fefd9c9055 3 bytes [B5, 6F, 0A]
.text  C:\Windows\system32\atieclxx.exe[1860] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                          000007fefd9d53c0 5 bytes JMP 0
.text  C:\Windows\system32\atieclxx.exe[1860] C:\Windows\system32\GDI32.dll!DeleteDC                                                                   000007feffaf22d0 6 bytes {JMP QWORD [RIP+0x33dd60]}
.text  C:\Windows\system32\atieclxx.exe[1860] C:\Windows\system32\GDI32.dll!BitBlt                                                                     000007feffaf24b8 6 bytes {JMP QWORD [RIP+0x35db78]}
.text  C:\Windows\system32\atieclxx.exe[1860] C:\Windows\system32\GDI32.dll!MaskBlt                                                                    000007feffaf5be0 6 bytes {JMP QWORD [RIP+0x37a450]}
.text  C:\Windows\system32\atieclxx.exe[1860] C:\Windows\system32\GDI32.dll!CreateDCW                                                                  000007feffaf8384 6 bytes {JMP QWORD [RIP+0xa7cac]}
.text  C:\Windows\system32\atieclxx.exe[1860] C:\Windows\system32\GDI32.dll!CreateDCA                                                                  000007feffaf89c4 6 bytes {JMP QWORD [RIP+0x8766c]}
.text  C:\Windows\system32\atieclxx.exe[1860] C:\Windows\system32\GDI32.dll!GetPixel                                                                   000007feffaf933c 6 bytes {JMP QWORD [RIP+0x316cf4]}
.text  C:\Windows\system32\atieclxx.exe[1860] C:\Windows\system32\GDI32.dll!StretchBlt                                                                 000007feffafb9e8 6 bytes {JMP QWORD [RIP+0x3b4648]}
.text  C:\Windows\system32\atieclxx.exe[1860] C:\Windows\system32\GDI32.dll!PlgBlt                                                                     000007feffafc8b0 6 bytes {JMP QWORD [RIP+0x393780]}
.text  C:\Windows\system32\svchost.exe[2144] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                   000007fefd9c9055 3 bytes [B5, 6F, 06]
.text  C:\Windows\system32\svchost.exe[2144] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                           000007fefd9d53c0 5 bytes [FF, 25, 70, AC, 0A]
.text  C:\Windows\system32\svchost.exe[2144] C:\Windows\system32\GDI32.dll!DeleteDC                                                                    000007feffaf22d0 6 bytes {JMP QWORD [RIP+0x20dd60]}
.text  C:\Windows\system32\svchost.exe[2144] C:\Windows\system32\GDI32.dll!BitBlt                                                                      000007feffaf24b8 6 bytes {JMP QWORD [RIP+0x2cdb78]}
.text  C:\Windows\system32\svchost.exe[2144] C:\Windows\system32\GDI32.dll!MaskBlt                                                                     000007feffaf5be0 6 bytes {JMP QWORD [RIP+0x2fa450]}
.text  C:\Windows\system32\svchost.exe[2144] C:\Windows\system32\GDI32.dll!CreateDCW                                                                   000007feffaf8384 6 bytes {JMP QWORD [RIP+0xa7cac]}
.text  C:\Windows\system32\svchost.exe[2144] C:\Windows\system32\GDI32.dll!CreateDCA                                                                   000007feffaf89c4 6 bytes {JMP QWORD [RIP+0x8766c]}
.text  C:\Windows\system32\svchost.exe[2144] C:\Windows\system32\GDI32.dll!GetPixel                                                                    000007feffaf933c 6 bytes {JMP QWORD [RIP+0x1e6cf4]}
.text  C:\Windows\system32\svchost.exe[2144] C:\Windows\system32\GDI32.dll!StretchBlt                                                                  000007feffafb9e8 6 bytes {JMP QWORD [RIP+0x334648]}
.text  C:\Windows\system32\svchost.exe[2144] C:\Windows\system32\GDI32.dll!PlgBlt                                                                      000007feffafc8b0 6 bytes JMP 0
.text  C:\Windows\system32\SearchIndexer.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                          0000000077ad3b10 6 bytes {JMP QWORD [RIP+0x856c520]}
.text  C:\Windows\system32\SearchIndexer.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                               0000000077b013a0 6 bytes {JMP QWORD [RIP+0x851ec90]}
.text  C:\Windows\system32\SearchIndexer.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                    0000000077b01570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text  C:\Windows\system32\SearchIndexer.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                            0000000077b015e0 6 bytes JMP 8e714c8
.text  C:\Windows\system32\SearchIndexer.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                         0000000077b01620 6 bytes {JMP QWORD [RIP+0x8b7ea10]}
.text  C:\Windows\system32\SearchIndexer.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                               0000000077b016c0 6 bytes JMP 0
.text  C:\Windows\system32\SearchIndexer.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                       0000000077b01750 6 bytes {JMP QWORD [RIP+0x8b5e8e0]}
.text  C:\Windows\system32\SearchIndexer.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                        0000000077b01790 6 bytes JMP 8a5e840
.text  C:\Windows\system32\SearchIndexer.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                     0000000077b017e0 6 bytes {JMP QWORD [RIP+0x8a7e850]}
.text  C:\Windows\system32\SearchIndexer.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                          0000000077b01800 6 bytes {JMP QWORD [RIP+0x8b9e830]}
.text  C:\Windows\system32\SearchIndexer.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                     0000000077b019f0 6 bytes JMP 0
.text  C:\Windows\system32\SearchIndexer.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                             0000000077b01b00 6 bytes {JMP QWORD [RIP+0x8a3e530]}
.text  C:\Windows\system32\SearchIndexer.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                         0000000077b01bd0 6 bytes {JMP QWORD [RIP+0x8afe460]}
.text  C:\Windows\system32\SearchIndexer.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                            0000000077b01d20 6 bytes JMP 0
.text  C:\Windows\system32\SearchIndexer.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                      0000000077b01d30 6 bytes {JMP QWORD [RIP+0x8c3e300]}
.text  C:\Windows\system32\SearchIndexer.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                          0000000077b020a0 6 bytes {JMP QWORD [RIP+0x8b1df90]}
.text  C:\Windows\system32\SearchIndexer.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                 0000000077b02130 6 bytes JMP 416920
.text  C:\Windows\system32\SearchIndexer.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                0000000077b029a0 6 bytes {JMP QWORD [RIP+0x8b3d690]}
.text  C:\Windows\system32\SearchIndexer.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                      0000000077b02a20 6 bytes {JMP QWORD [RIP+0x8a9d610]}
.text  C:\Windows\system32\SearchIndexer.exe[1612] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                  0000000077b02aa0 6 bytes {JMP QWORD [RIP+0x8abd590]}
.text  C:\Windows\system32\SearchIndexer.exe[1612] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                               000000007789a420 6 bytes {JMP QWORD [RIP+0x8805c10]}
.text  C:\Windows\system32\SearchIndexer.exe[1612] C:\Windows\system32\kernel32.dll!CreateProcessW                                                     00000000778b1b50 6 bytes {JMP QWORD [RIP+0x87ae4e0]}
.text  C:\Windows\system32\SearchIndexer.exe[1612] C:\Windows\system32\kernel32.dll!CreateProcessA                                                     0000000077928810 6 bytes {JMP QWORD [RIP+0x8757820]}
.text  C:\Windows\system32\SearchIndexer.exe[1612] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                             000007fefd9c9055 3 bytes [B5, 6F, 06]
.text  C:\Windows\system32\SearchIndexer.exe[1612] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                     000007fefd9d53c0 5 bytes [FF, 25, 70, AC, 0A]
.text  C:\Windows\system32\SearchIndexer.exe[1612] C:\Windows\system32\GDI32.dll!DeleteDC                                                              000007feffaf22d0 6 bytes {JMP QWORD [RIP+0x20dd60]}
.text  C:\Windows\system32\SearchIndexer.exe[1612] C:\Windows\system32\GDI32.dll!BitBlt                                                                000007feffaf24b8 6 bytes JMP 0
.text  C:\Windows\system32\SearchIndexer.exe[1612] C:\Windows\system32\GDI32.dll!MaskBlt                                                               000007feffaf5be0 6 bytes {JMP QWORD [RIP+0x2fa450]}
.text  C:\Windows\system32\SearchIndexer.exe[1612] C:\Windows\system32\GDI32.dll!CreateDCW                                                             000007feffaf8384 6 bytes {JMP QWORD [RIP+0xa7cac]}
.text  C:\Windows\system32\SearchIndexer.exe[1612] C:\Windows\system32\GDI32.dll!CreateDCA                                                             000007feffaf89c4 6 bytes {JMP QWORD [RIP+0x8766c]}
.text  C:\Windows\system32\SearchIndexer.exe[1612] C:\Windows\system32\GDI32.dll!GetPixel                                                              000007feffaf933c 6 bytes {JMP QWORD [RIP+0x1e6cf4]}
.text  C:\Windows\system32\SearchIndexer.exe[1612] C:\Windows\system32\GDI32.dll!StretchBlt                                                            000007feffafb9e8 6 bytes {JMP QWORD [RIP+0x334648]}
.text  C:\Windows\system32\SearchIndexer.exe[1612] C:\Windows\system32\GDI32.dll!PlgBlt                                                                000007feffafc8b0 6 bytes {JMP QWORD [RIP+0x313780]}
.text  C:\Windows\system32\taskhost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                0000000077ad3b10 6 bytes {JMP QWORD [RIP+0x856c520]}
.text  C:\Windows\system32\taskhost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                     0000000077b013a0 6 bytes {JMP QWORD [RIP+0x851ec90]}
.text  C:\Windows\system32\taskhost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                          0000000077b01570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text  C:\Windows\system32\taskhost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                  0000000077b015e0 6 bytes {JMP QWORD [RIP+0x8bbea50]}
.text  C:\Windows\system32\taskhost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                               0000000077b01620 6 bytes {JMP QWORD [RIP+0x8b7ea10]}
.text  C:\Windows\system32\taskhost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                     0000000077b016c0 6 bytes {JMP QWORD [RIP+0x8bde970]}
.text  C:\Windows\system32\taskhost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                             0000000077b01750 6 bytes {JMP QWORD [RIP+0x8b5e8e0]}
.text  C:\Windows\system32\taskhost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                              0000000077b01790 6 bytes {JMP QWORD [RIP+0x8a5e8a0]}
.text  C:\Windows\system32\taskhost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                           0000000077b017e0 6 bytes {JMP QWORD [RIP+0x8a7e850]}
.text  C:\Windows\system32\taskhost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                0000000077b01800 6 bytes {JMP QWORD [RIP+0x8b9e830]}
.text  C:\Windows\system32\taskhost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                           0000000077b019f0 6 bytes {JMP QWORD [RIP+0x8c5e640]}
.text  C:\Windows\system32\taskhost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                   0000000077b01b00 6 bytes {JMP QWORD [RIP+0x8a3e530]}
.text  C:\Windows\system32\taskhost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                               0000000077b01bd0 6 bytes {JMP QWORD [RIP+0x8afe460]}
.text  C:\Windows\system32\taskhost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                  0000000077b01d20 6 bytes {JMP QWORD [RIP+0x8bfe310]}
.text  C:\Windows\system32\taskhost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                            0000000077b01d30 6 bytes {JMP QWORD [RIP+0x8c3e300]}
.text  C:\Windows\system32\taskhost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                0000000077b020a0 6 bytes {JMP QWORD [RIP+0x8b1df90]}
.text  C:\Windows\system32\taskhost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                       0000000077b02130 6 bytes {JMP QWORD [RIP+0x8c1df00]}
.text  C:\Windows\system32\taskhost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                      0000000077b029a0 6 bytes {JMP QWORD [RIP+0x8b3d690]}
.text  C:\Windows\system32\taskhost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                            0000000077b02a20 6 bytes {JMP QWORD [RIP+0x8a9d610]}
.text  C:\Windows\system32\taskhost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                        0000000077b02aa0 6 bytes {JMP QWORD [RIP+0x8abd590]}
.text  C:\Windows\system32\taskhost.exe[376] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                     000000007789a420 6 bytes {JMP QWORD [RIP+0x8805c10]}
.text  C:\Windows\system32\taskhost.exe[376] C:\Windows\system32\kernel32.dll!CreateProcessW                                                           00000000778b1b50 6 bytes {JMP QWORD [RIP+0x87ae4e0]}
.text  C:\Windows\system32\taskhost.exe[376] C:\Windows\system32\kernel32.dll!CreateProcessA                                                           0000000077928810 6 bytes {JMP QWORD [RIP+0x8757820]}
.text  C:\Windows\system32\taskhost.exe[376] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                   000007fefd9c9055 3 bytes CALL 79000026
.text  C:\Windows\system32\taskhost.exe[376] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                           000007fefd9d53c0 5 bytes [FF, 25, 70, AC, 0A]
.text  C:\Windows\system32\taskhost.exe[376] C:\Windows\system32\GDI32.dll!DeleteDC                                                                    000007feffaf22d0 6 bytes JMP 0
.text  C:\Windows\system32\taskhost.exe[376] C:\Windows\system32\GDI32.dll!BitBlt                                                                      000007feffaf24b8 6 bytes JMP 0
.text  C:\Windows\system32\taskhost.exe[376] C:\Windows\system32\GDI32.dll!MaskBlt                                                                     000007feffaf5be0 6 bytes JMP 0
.text  C:\Windows\system32\taskhost.exe[376] C:\Windows\system32\GDI32.dll!CreateDCW                                                                   000007feffaf8384 6 bytes {JMP QWORD [RIP+0xa7cac]}
.text  C:\Windows\system32\taskhost.exe[376] C:\Windows\system32\GDI32.dll!CreateDCA                                                                   000007feffaf89c4 6 bytes {JMP QWORD [RIP+0x8766c]}
.text  C:\Windows\system32\taskhost.exe[376] C:\Windows\system32\GDI32.dll!GetPixel                                                                    000007feffaf933c 6 bytes JMP 0
.text  C:\Windows\system32\taskhost.exe[376] C:\Windows\system32\GDI32.dll!StretchBlt                                                                  000007feffafb9e8 6 bytes {JMP QWORD [RIP+0x334648]}
.text  C:\Windows\system32\taskhost.exe[376] C:\Windows\system32\GDI32.dll!PlgBlt                                                                      000007feffafc8b0 6 bytes {JMP QWORD [RIP+0x313780]}
.text  C:\Windows\system32\taskhost.exe[376] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA                                                     000007feffbfa6f0 6 bytes {JMP QWORD [RIP+0xb5940]}
.text  C:\Windows\system32\taskhost.exe[376] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                  000007feffc20c10 6 bytes JMP 0
.text  C:\Windows\system32\Dwm.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                    0000000077ad3b10 6 bytes {JMP QWORD [RIP+0x856c520]}
.text  C:\Windows\system32\Dwm.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                         0000000077b013a0 6 bytes {JMP QWORD [RIP+0x851ec90]}
.text  C:\Windows\system32\Dwm.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                              0000000077b01570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text  C:\Windows\system32\Dwm.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                      0000000077b015e0 6 bytes {JMP QWORD [RIP+0x8bbea50]}
.text  C:\Windows\system32\Dwm.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                   0000000077b01620 6 bytes {JMP QWORD [RIP+0x8b7ea10]}
.text  C:\Windows\system32\Dwm.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                         0000000077b016c0 6 bytes {JMP QWORD [RIP+0x8bde970]}
.text  C:\Windows\system32\Dwm.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                 0000000077b01750 6 bytes {JMP QWORD [RIP+0x8b5e8e0]}
.text  C:\Windows\system32\Dwm.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                  0000000077b01790 6 bytes {JMP QWORD [RIP+0x8a5e8a0]}
.text  C:\Windows\system32\Dwm.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                               0000000077b017e0 6 bytes {JMP QWORD [RIP+0x8a7e850]}
.text  C:\Windows\system32\Dwm.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                    0000000077b01800 6 bytes {JMP QWORD [RIP+0x8b9e830]}
.text  C:\Windows\system32\Dwm.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                               0000000077b019f0 6 bytes {JMP QWORD [RIP+0x8c5e640]}
.text  C:\Windows\system32\Dwm.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                       0000000077b01b00 6 bytes {JMP QWORD [RIP+0x8a3e530]}
.text  C:\Windows\system32\Dwm.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                   0000000077b01bd0 6 bytes {JMP QWORD [RIP+0x8afe460]}
.text  C:\Windows\system32\Dwm.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                      0000000077b01d20 6 bytes {JMP QWORD [RIP+0x8bfe310]}
.text  C:\Windows\system32\Dwm.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                0000000077b01d30 6 bytes {JMP QWORD [RIP+0x8c3e300]}
.text  C:\Windows\system32\Dwm.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                    0000000077b020a0 6 bytes {JMP QWORD [RIP+0x8b1df90]}
.text  C:\Windows\system32\Dwm.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                           0000000077b02130 6 bytes {JMP QWORD [RIP+0x8c1df00]}
.text  C:\Windows\system32\Dwm.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                          0000000077b029a0 6 bytes {JMP QWORD [RIP+0x8b3d690]}
.text  C:\Windows\system32\Dwm.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                0000000077b02a20 6 bytes {JMP QWORD [RIP+0x8a9d610]}
.text  C:\Windows\system32\Dwm.exe[2012] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                            0000000077b02aa0 6 bytes {JMP QWORD [RIP+0x8abd590]}
.text  C:\Windows\system32\Dwm.exe[2012] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                       000007fefd9c9055 3 bytes CALL 9000027
.text  C:\Windows\system32\Dwm.exe[2012] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                               000007fefd9d53c0 5 bytes [FF, 25, 70, AC, 0A]
.text  C:\Windows\system32\Dwm.exe[2012] C:\Windows\system32\GDI32.dll!DeleteDC                                                                        000007feffaf22d0 6 bytes {JMP QWORD [RIP+0x20dd60]}
.text  C:\Windows\system32\Dwm.exe[2012] C:\Windows\system32\GDI32.dll!BitBlt                                                                          000007feffaf24b8 6 bytes {JMP QWORD [RIP+0x2cdb78]}
.text  C:\Windows\system32\Dwm.exe[2012] C:\Windows\system32\GDI32.dll!MaskBlt                                                                         000007feffaf5be0 6 bytes {JMP QWORD [RIP+0x2fa450]}
.text  C:\Windows\system32\Dwm.exe[2012] C:\Windows\system32\GDI32.dll!CreateDCW                                                                       000007feffaf8384 6 bytes {JMP QWORD [RIP+0xa7cac]}
.text  C:\Windows\system32\Dwm.exe[2012] C:\Windows\system32\GDI32.dll!CreateDCA                                                                       000007feffaf89c4 6 bytes {JMP QWORD [RIP+0x8766c]}
.text  C:\Windows\system32\Dwm.exe[2012] C:\Windows\system32\GDI32.dll!GetPixel                                                                        000007feffaf933c 6 bytes {JMP QWORD [RIP+0x1e6cf4]}
.text  C:\Windows\system32\Dwm.exe[2012] C:\Windows\system32\GDI32.dll!StretchBlt                                                                      000007feffafb9e8 6 bytes {JMP QWORD [RIP+0x334648]}
.text  C:\Windows\system32\Dwm.exe[2012] C:\Windows\system32\GDI32.dll!PlgBlt                                                                          000007feffafc8b0 6 bytes {JMP QWORD [RIP+0x313780]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                         0000000077ad3b10 6 bytes {JMP QWORD [RIP+0x856c520]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                              0000000077b013a0 6 bytes {JMP QWORD [RIP+0x851ec90]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                   0000000077b01570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                           0000000077b015e0 6 bytes {JMP QWORD [RIP+0x8bbea50]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                        0000000077b01620 6 bytes {JMP QWORD [RIP+0x8b7ea10]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                              0000000077b016c0 6 bytes {JMP QWORD [RIP+0x8bde970]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                      0000000077b01750 6 bytes {JMP QWORD [RIP+0x8b5e8e0]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                       0000000077b01790 6 bytes {JMP QWORD [RIP+0x8a5e8a0]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                    0000000077b017e0 6 bytes {JMP QWORD [RIP+0x8a7e850]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                         0000000077b01800 6 bytes {JMP QWORD [RIP+0x8b9e830]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                    0000000077b019f0 6 bytes {JMP QWORD [RIP+0x8c5e640]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                            0000000077b01b00 6 bytes {JMP QWORD [RIP+0x8a3e530]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                        0000000077b01bd0 6 bytes {JMP QWORD [RIP+0x8afe460]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                           0000000077b01d20 6 bytes {JMP QWORD [RIP+0x8bfe310]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                     0000000077b01d30 6 bytes {JMP QWORD [RIP+0x8c3e300]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                         0000000077b020a0 6 bytes {JMP QWORD [RIP+0x8b1df90]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                0000000077b02130 6 bytes {JMP QWORD [RIP+0x8c1df00]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                               0000000077b029a0 6 bytes {JMP QWORD [RIP+0x8b3d690]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                     0000000077b02a20 6 bytes {JMP QWORD [RIP+0x8a9d610]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                 0000000077b02aa0 6 bytes {JMP QWORD [RIP+0x8abd590]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                              000000007789a420 6 bytes {JMP QWORD [RIP+0x8805c10]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                    00000000778b1b50 6 bytes {JMP QWORD [RIP+0x87ae4e0]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                    0000000077928810 6 bytes {JMP QWORD [RIP+0x8757820]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                            000007fefd9c9055 3 bytes [B5, 6F, 0A]
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                    000007fefd9d53c0 5 bytes [FF, 25, 70, AC, 0E]
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\GDI32.dll!DeleteDC                                                                             000007feffaf22d0 6 bytes JMP 720047
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\GDI32.dll!BitBlt                                                                               000007feffaf24b8 6 bytes {JMP QWORD [RIP+0x2cdb78]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\GDI32.dll!MaskBlt                                                                              000007feffaf5be0 6 bytes {JMP QWORD [RIP+0x2fa450]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\GDI32.dll!CreateDCW                                                                            000007feffaf8384 6 bytes {JMP QWORD [RIP+0xa7cac]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\GDI32.dll!CreateDCA                                                                            000007feffaf89c4 6 bytes {JMP QWORD [RIP+0x8766c]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\GDI32.dll!GetPixel                                                                             000007feffaf933c 6 bytes JMP 7fe
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\GDI32.dll!StretchBlt                                                                           000007feffafb9e8 6 bytes JMP 0
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\GDI32.dll!PlgBlt                                                                               000007feffafc8b0 6 bytes JMP 0
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\USER32.dll!RegisterRawInputDevices                                                             00000000779b6ef0 6 bytes {JMP QWORD [RIP+0x8a29140]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\USER32.dll!SystemParametersInfoA                                                               00000000779b8184 6 bytes {JMP QWORD [RIP+0x8b07eac]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\USER32.dll!SetParent                                                                           00000000779b8530 6 bytes {JMP QWORD [RIP+0x8a47b00]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\USER32.dll!SetWindowLongA                                                                      00000000779b9bcc 6 bytes {JMP QWORD [RIP+0x87a6464]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\USER32.dll!PostMessageA                                                                        00000000779ba404 6 bytes {JMP QWORD [RIP+0x87e5c2c]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\USER32.dll!EnableWindow                                                                        00000000779baaa0 6 bytes {JMP QWORD [RIP+0x8b45590]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\USER32.dll!MoveWindow                                                                          00000000779baad0 6 bytes {JMP QWORD [RIP+0x8a65560]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\USER32.dll!GetAsyncKeyState                                                                    00000000779bc720 6 bytes {JMP QWORD [RIP+0x8a03910]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\USER32.dll!RegisterHotKey                                                                      00000000779bcd50 6 bytes {JMP QWORD [RIP+0x8ae32e0]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\USER32.dll!PostThreadMessageA                                                                  00000000779bd2b0 6 bytes {JMP QWORD [RIP+0x8822d80]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\USER32.dll!SendMessageA                                                                        00000000779bd338 6 bytes {JMP QWORD [RIP+0x8862cf8]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\USER32.dll!SendNotifyMessageW                                                                  00000000779bdc40 6 bytes {JMP QWORD [RIP+0x89423f0]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\USER32.dll!SystemParametersInfoW                                                               00000000779bf510 6 bytes JMP 0
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                                                   00000000779bf874 6 bytes {JMP QWORD [RIP+0x87607bc]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\USER32.dll!SendMessageTimeoutW                                                                 00000000779bfac0 6 bytes JMP 0
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\USER32.dll!PostThreadMessageW                                                                  00000000779c0b74 6 bytes {JMP QWORD [RIP+0x883f4bc]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\USER32.dll!SetWindowLongW                                                                      00000000779c33b0 6 bytes {JMP QWORD [RIP+0x87bcc80]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\USER32.dll!SetWinEventHook + 1                                                                 00000000779c4d4d 5 bytes {JMP QWORD [RIP+0x877b2e4]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\USER32.dll!GetKeyState                                                                         00000000779c5010 6 bytes {JMP QWORD [RIP+0x89db020]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\USER32.dll!SendMessageCallbackW                                                                00000000779c5438 6 bytes {JMP QWORD [RIP+0x88fabf8]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\USER32.dll!SendMessageW                                                                        00000000779c6b50 6 bytes {JMP QWORD [RIP+0x88794e0]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\USER32.dll!PostMessageW                                                                        00000000779c76e4 6 bytes {JMP QWORD [RIP+0x87f894c]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\USER32.dll!SendDlgItemMessageW                                                                 00000000779cdd90 6 bytes {JMP QWORD [RIP+0x89722a0]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\USER32.dll!GetClipboardData                                                                    00000000779ce874 6 bytes {JMP QWORD [RIP+0x8ab17bc]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\USER32.dll!SetClipboardViewer                                                                  00000000779cf780 6 bytes JMP 0
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\USER32.dll!SendNotifyMessageA                                                                  00000000779d28e4 6 bytes {JMP QWORD [RIP+0x890d74c]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\USER32.dll!mouse_event                                                                         00000000779d3894 6 bytes {JMP QWORD [RIP+0x870c79c]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\USER32.dll!GetKeyboardState                                                                    00000000779d8a10 6 bytes {JMP QWORD [RIP+0x89a7620]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\USER32.dll!SendMessageTimeoutA                                                                 00000000779d8be0 6 bytes {JMP QWORD [RIP+0x8887450]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                                                   00000000779d8c20 6 bytes {JMP QWORD [RIP+0x8727410]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\USER32.dll!SendInput                                                                           00000000779d8cd0 6 bytes {JMP QWORD [RIP+0x8987360]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\USER32.dll!BlockInput                                                                          00000000779dad60 6 bytes {JMP QWORD [RIP+0x8a852d0]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\USER32.dll!ExitWindowsEx                                                                       0000000077a014e0 6 bytes {JMP QWORD [RIP+0x8b1eb50]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\USER32.dll!keybd_event                                                                         0000000077a245a4 6 bytes {JMP QWORD [RIP+0x869ba8c]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\USER32.dll!SendDlgItemMessageA                                                                 0000000077a2cc08 6 bytes {JMP QWORD [RIP+0x88f3428]}
.text  C:\Windows\Explorer.EXE[572] C:\Windows\system32\USER32.dll!SendMessageCallbackA                                                                0000000077a2df18 6 bytes {JMP QWORD [RIP+0x8872118]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                0000000077ad3b10 6 bytes {JMP QWORD [RIP+0x856c520]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                     0000000077b013a0 6 bytes {JMP QWORD [RIP+0x851ec90]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                          0000000077b01570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                  0000000077b015e0 6 bytes {JMP QWORD [RIP+0x8bbea50]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                               0000000077b01620 6 bytes {JMP QWORD [RIP+0x8b7ea10]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                     0000000077b016c0 6 bytes {JMP QWORD [RIP+0x8bde970]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                             0000000077b01750 6 bytes {JMP QWORD [RIP+0x8b5e8e0]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                              0000000077b01790 6 bytes {JMP QWORD [RIP+0x8a5e8a0]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                           0000000077b017e0 6 bytes {JMP QWORD [RIP+0x8a7e850]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                0000000077b01800 6 bytes {JMP QWORD [RIP+0x8b9e830]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                           0000000077b019f0 6 bytes {JMP QWORD [RIP+0x8c5e640]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                   0000000077b01b00 6 bytes {JMP QWORD [RIP+0x8a3e530]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                               0000000077b01bd0 6 bytes {JMP QWORD [RIP+0x8afe460]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                  0000000077b01d20 6 bytes {JMP QWORD [RIP+0x8bfe310]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                            0000000077b01d30 6 bytes {JMP QWORD [RIP+0x8c3e300]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                0000000077b020a0 6 bytes {JMP QWORD [RIP+0x8b1df90]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                       0000000077b02130 6 bytes {JMP QWORD [RIP+0x8c1df00]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                      0000000077b029a0 6 bytes {JMP QWORD [RIP+0x8b3d690]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                            0000000077b02a20 6 bytes {JMP QWORD [RIP+0x8a9d610]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                        0000000077b02aa0 6 bytes {JMP QWORD [RIP+0x8abd590]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1548] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                     000000007789a420 6 bytes {JMP QWORD [RIP+0x8805c10]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1548] C:\Windows\system32\kernel32.dll!CreateProcessW                                           00000000778b1b50 6 bytes {JMP QWORD [RIP+0x87ae4e0]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1548] C:\Windows\system32\kernel32.dll!CreateProcessA                                           0000000077928810 6 bytes {JMP QWORD [RIP+0x8757820]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1548] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                   000007fefd9c9055 3 bytes [B5, 6F, 0A]
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1548] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                           000007fefd9d53c0 5 bytes [FF, 25, 70, AC, 0E]
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1548] C:\Windows\system32\GDI32.dll!DeleteDC                                                    000007feffaf22d0 6 bytes {JMP QWORD [RIP+0x20dd60]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1548] C:\Windows\system32\GDI32.dll!BitBlt                                                      000007feffaf24b8 6 bytes JMP 5
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1548] C:\Windows\system32\GDI32.dll!MaskBlt                                                     000007feffaf5be0 6 bytes JMP f412a170
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1548] C:\Windows\system32\GDI32.dll!CreateDCW                                                   000007feffaf8384 6 bytes {JMP QWORD [RIP+0xa7cac]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1548] C:\Windows\system32\GDI32.dll!CreateDCA                                                   000007feffaf89c4 6 bytes {JMP QWORD [RIP+0x8766c]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1548] C:\Windows\system32\GDI32.dll!GetPixel                                                    000007feffaf933c 6 bytes JMP 0
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1548] C:\Windows\system32\GDI32.dll!StretchBlt                                                  000007feffafb9e8 6 bytes JMP 0
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1548] C:\Windows\system32\GDI32.dll!PlgBlt                                                      000007feffafc8b0 6 bytes JMP 0
.text  D:\Programme\ClassicShell\ClassicStartMenu.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                 0000000077ad3b10 6 bytes {JMP QWORD [RIP+0x856c520]}
.text  D:\Programme\ClassicShell\ClassicStartMenu.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                      0000000077b013a0 6 bytes {JMP QWORD [RIP+0x851ec90]}
.text  D:\Programme\ClassicShell\ClassicStartMenu.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                           0000000077b01570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text  D:\Programme\ClassicShell\ClassicStartMenu.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                   0000000077b015e0 6 bytes {JMP QWORD [RIP+0x8bbea50]}
.text  D:\Programme\ClassicShell\ClassicStartMenu.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                0000000077b01620 6 bytes {JMP QWORD [RIP+0x8b7ea10]}
.text  D:\Programme\ClassicShell\ClassicStartMenu.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                      0000000077b016c0 6 bytes {JMP QWORD [RIP+0x8bde970]}
.text  D:\Programme\ClassicShell\ClassicStartMenu.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                              0000000077b01750 6 bytes {JMP QWORD [RIP+0x8b5e8e0]}
.text  D:\Programme\ClassicShell\ClassicStartMenu.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                               0000000077b01790 6 bytes {JMP QWORD [RIP+0x8a5e8a0]}
.text  D:\Programme\ClassicShell\ClassicStartMenu.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                            0000000077b017e0 6 bytes {JMP QWORD [RIP+0x8a7e850]}
.text  D:\Programme\ClassicShell\ClassicStartMenu.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                 0000000077b01800 6 bytes {JMP QWORD [RIP+0x8b9e830]}
.text  D:\Programme\ClassicShell\ClassicStartMenu.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                            0000000077b019f0 6 bytes {JMP QWORD [RIP+0x8c5e640]}
.text  D:\Programme\ClassicShell\ClassicStartMenu.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                    0000000077b01b00 6 bytes {JMP QWORD [RIP+0x8a3e530]}
.text  D:\Programme\ClassicShell\ClassicStartMenu.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                0000000077b01bd0 6 bytes {JMP QWORD [RIP+0x8afe460]}
.text  D:\Programme\ClassicShell\ClassicStartMenu.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                   0000000077b01d20 6 bytes {JMP QWORD [RIP+0x8bfe310]}
.text  D:\Programme\ClassicShell\ClassicStartMenu.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                             0000000077b01d30 6 bytes {JMP QWORD [RIP+0x8c3e300]}
.text  D:\Programme\ClassicShell\ClassicStartMenu.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                 0000000077b020a0 6 bytes {JMP QWORD [RIP+0x8b1df90]}
.text  D:\Programme\ClassicShell\ClassicStartMenu.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                        0000000077b02130 6 bytes {JMP QWORD [RIP+0x8c1df00]}
.text  D:\Programme\ClassicShell\ClassicStartMenu.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                       0000000077b029a0 6 bytes {JMP QWORD [RIP+0x8b3d690]}
.text  D:\Programme\ClassicShell\ClassicStartMenu.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                             0000000077b02a20 6 bytes {JMP QWORD [RIP+0x8a9d610]}
.text  D:\Programme\ClassicShell\ClassicStartMenu.exe[2784] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                         0000000077b02aa0 6 bytes {JMP QWORD [RIP+0x8abd590]}
.text  D:\Programme\ClassicShell\ClassicStartMenu.exe[2784] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                      000000007789a420 6 bytes {JMP QWORD [RIP+0x8805c10]}
.text  D:\Programme\ClassicShell\ClassicStartMenu.exe[2784] C:\Windows\system32\kernel32.dll!CreateProcessW                                            00000000778b1b50 6 bytes {JMP QWORD [RIP+0x87ae4e0]}
.text  D:\Programme\ClassicShell\ClassicStartMenu.exe[2784] C:\Windows\system32\kernel32.dll!CreateProcessA                                            0000000077928810 6 bytes {JMP QWORD [RIP+0x8757820]}
.text  D:\Programme\ClassicShell\ClassicStartMenu.exe[2784] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                    000007fefd9c9055 3 bytes [B5, 6F, 0B]
.text  D:\Programme\ClassicShell\ClassicStartMenu.exe[2784] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                            000007fefd9d53c0 5 bytes [FF, 25, 70, AC, 0F]
.text  D:\Programme\ClassicShell\ClassicStartMenu.exe[2784] C:\Windows\system32\GDI32.dll!DeleteDC                                                     000007feffaf22d0 6 bytes {JMP QWORD [RIP+0x20dd60]}
.text  D:\Programme\ClassicShell\ClassicStartMenu.exe[2784] C:\Windows\system32\GDI32.dll!BitBlt                                                       000007feffaf24b8 6 bytes JMP 0
.text  D:\Programme\ClassicShell\ClassicStartMenu.exe[2784] C:\Windows\system32\GDI32.dll!MaskBlt                                                      000007feffaf5be0 6 bytes JMP 0
.text  D:\Programme\ClassicShell\ClassicStartMenu.exe[2784] C:\Windows\system32\GDI32.dll!CreateDCW                                                    000007feffaf8384 6 bytes {JMP QWORD [RIP+0xa7cac]}
.text  D:\Programme\ClassicShell\ClassicStartMenu.exe[2784] C:\Windows\system32\GDI32.dll!CreateDCA                                                    000007feffaf89c4 6 bytes {JMP QWORD [RIP+0x8766c]}
.text  D:\Programme\ClassicShell\ClassicStartMenu.exe[2784] C:\Windows\system32\GDI32.dll!GetPixel                                                     000007feffaf933c 6 bytes {JMP QWORD [RIP+0x1e6cf4]}
.text  D:\Programme\ClassicShell\ClassicStartMenu.exe[2784] C:\Windows\system32\GDI32.dll!StretchBlt                                                   000007feffafb9e8 6 bytes JMP 0
.text  D:\Programme\ClassicShell\ClassicStartMenu.exe[2784] C:\Windows\system32\GDI32.dll!PlgBlt                                                       000007feffafc8b0 6 bytes JMP 0
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                   0000000077caf9e0 3 bytes JMP 71af000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4                                                               0000000077caf9e4 2 bytes JMP 71af000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                        0000000077cafcb0 3 bytes JMP 70fa000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4                                                    0000000077cafcb4 2 bytes JMP 70fa000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                0000000077cafd64 3 bytes JMP 70e5000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                            0000000077cafd68 2 bytes JMP 70e5000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                             0000000077cafdc8 3 bytes JMP 70eb000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4                                                         0000000077cafdcc 2 bytes JMP 70eb000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                                   0000000077cafec0 3 bytes JMP 70e2000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4                                               0000000077cafec4 2 bytes JMP 70e2000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                           0000000077caffa4 3 bytes JMP 70ee000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4                                                       0000000077caffa8 2 bytes JMP 70ee000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                            0000000077cb0004 3 bytes JMP 7106000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4                                                        0000000077cb0008 2 bytes JMP 7106000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                         0000000077cb0084 3 bytes JMP 7103000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4                                                     0000000077cb0088 2 bytes JMP 7103000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                              0000000077cb00b4 3 bytes JMP 70e8000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                          0000000077cb00b8 2 bytes JMP 70e8000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                         0000000077cb03b8 3 bytes JMP 70d6000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4                                                     0000000077cb03bc 2 bytes JMP 70d6000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                                 0000000077cb0550 3 bytes JMP 7109000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4                                             0000000077cb0554 2 bytes JMP 7109000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                             0000000077cb0694 3 bytes JMP 70f7000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4                                                         0000000077cb0698 2 bytes JMP 70f7000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                0000000077cb088c 3 bytes JMP 70df000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4                                            0000000077cb0890 2 bytes JMP 70df000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                          0000000077cb08a4 3 bytes JMP 70d9000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4                                                      0000000077cb08a8 2 bytes JMP 70d9000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                              0000000077cb0df4 3 bytes JMP 70f4000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4                                                          0000000077cb0df8 2 bytes JMP 70f4000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                                     0000000077cb0ed8 3 bytes JMP 70dc000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4                                                 0000000077cb0edc 2 bytes JMP 70dc000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                    0000000077cb1be4 3 bytes JMP 70f1000a

Alt 22.11.2013, 08:30   #7
FFrank
 
Windows 7: merkwürdiges Verhalten (Prozesse beenden sehr langsam, Bildschirmflackern, seltsame Internetverbindung) - Standard

Windows 7: merkwürdiges Verhalten (Prozesse beenden sehr langsam, Bildschirmflackern, seltsame Internetverbindung)


GMER.txt [3]
Code:
ATTFilter
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4                                                0000000077cb1be8 2 bytes JMP 70f1000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                          0000000077cb1cb4 3 bytes JMP 7100000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4                                                      0000000077cb1cb8 2 bytes JMP 7100000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                      0000000077cb1d8c 3 bytes JMP 70fd000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4                                                  0000000077cb1d90 2 bytes JMP 70fd000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                              0000000077cd1287 6 bytes JMP 71a8000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                         00000000764c103d 6 bytes JMP 719c000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                         00000000764c1072 6 bytes JMP 7199000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                   00000000764ec965 6 bytes JMP 7190000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters                                         000000007580f776 6 bytes JMP 719f000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                 0000000075812c91 4 bytes CALL 71ac0000
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!SetWindowLongW                                                           00000000775e8332 6 bytes JMP 7163000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!PostThreadMessageW                                                       00000000775e8bff 6 bytes JMP 7157000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW                                                    00000000775e90d3 6 bytes JMP 7112000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!SendMessageW                                                             00000000775e9679 6 bytes JMP 7151000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW                                                      00000000775e97d2 6 bytes JMP 714b000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                          00000000775eee09 6 bytes JMP 7169000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!RegisterHotKey                                                           00000000775eefc9 3 bytes JMP 7118000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4                                                       00000000775eefcd 2 bytes JMP 7118000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!PostMessageW                                                             00000000775f12a5 6 bytes JMP 715d000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!GetKeyState                                                              00000000775f291f 6 bytes JMP 7130000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!SetParent                                                                00000000775f2d64 3 bytes JMP 7127000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!SetParent + 4                                                            00000000775f2d68 2 bytes JMP 7127000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!EnableWindow                                                             00000000775f2da4 6 bytes JMP 710f000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!MoveWindow                                                               00000000775f3698 3 bytes JMP 7124000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!MoveWindow + 4                                                           00000000775f369c 2 bytes JMP 7124000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!PostMessageA                                                             00000000775f3baa 6 bytes JMP 7160000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!PostThreadMessageA                                                       00000000775f3c61 6 bytes JMP 715a000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!SetWindowLongA                                                           00000000775f6110 6 bytes JMP 7166000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!SendMessageA                                                             00000000775f612e 6 bytes JMP 7154000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA                                                    00000000775f6c30 6 bytes JMP 7115000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                        00000000775f7603 6 bytes JMP 716c000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW                                                       00000000775f7668 6 bytes JMP 713f000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW                                                     00000000775f76e0 6 bytes JMP 7145000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA                                                      00000000775f781f 6 bytes JMP 714e000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                        00000000775f835c 6 bytes JMP 716f000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                                                       00000000775fc4b6 3 bytes JMP 7121000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4                                                   00000000775fc4ba 2 bytes JMP 7121000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA                                                      000000007760c112 6 bytes JMP 713c000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW                                                      000000007760d0f5 6 bytes JMP 7139000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                         000000007760eb96 6 bytes JMP 712d000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!GetKeyboardState                                                         000000007760ec68 3 bytes JMP 7133000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4                                                     000000007760ec6c 2 bytes JMP 7133000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!SendInput                                                                000000007760ff4a 3 bytes JMP 7136000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!SendInput + 4                                                            000000007760ff4e 2 bytes JMP 7136000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                         0000000077629f1d 6 bytes JMP 711b000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!ExitWindowsEx                                                            0000000077631497 6 bytes JMP 710c000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!mouse_event                                                              000000007764027b 6 bytes JMP 7172000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!keybd_event                                                              00000000776402bf 6 bytes JMP 7175000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA                                                     0000000077646cfc 6 bytes JMP 7148000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA                                                       0000000077646d5d 6 bytes JMP 7142000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!BlockInput                                                               0000000077647dd7 3 bytes JMP 711e000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!BlockInput + 4                                                           0000000077647ddb 2 bytes JMP 711e000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices                                                  00000000776488eb 3 bytes JMP 712a000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4                                              00000000776488ef 2 bytes JMP 712a000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\GDI32.dll!DeleteDC                                                                  00000000773658b3 6 bytes JMP 7184000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\GDI32.dll!BitBlt                                                                    0000000077365ea6 6 bytes JMP 7181000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\GDI32.dll!CreateDCA                                                                 0000000077367bcc 6 bytes JMP 718d000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\GDI32.dll!StretchBlt                                                                000000007736b895 6 bytes JMP 7178000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\GDI32.dll!MaskBlt                                                                   000000007736c332 6 bytes JMP 717e000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\GDI32.dll!GetPixel                                                                  000000007736cbfb 6 bytes JMP 7187000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\GDI32.dll!CreateDCW                                                                 000000007736e743 6 bytes JMP 718a000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\GDI32.dll!PlgBlt                                                                    000000007739480f 6 bytes JMP 717b000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                   0000000075c72642 6 bytes JMP 7196000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                0000000075c75429 6 bytes JMP 7193000a
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                 00000000757a1465 2 bytes [7A, 75]
.text  D:\Programme\Skype\Phone\Skype.exe[468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                00000000757a14bb 2 bytes [7A, 75]
.text  ...                                                                                                                                             * 2
.text  C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3276] C:\Windows\system32\GDI32.dll!DeleteDC                                000007feffaf22d0 6 bytes {JMP QWORD [RIP+0x20dd60]}
.text  C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3276] C:\Windows\system32\GDI32.dll!BitBlt                                  000007feffaf24b8 6 bytes JMP c07e
.text  C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3276] C:\Windows\system32\GDI32.dll!MaskBlt                                 000007feffaf5be0 6 bytes {JMP QWORD [RIP+0x2fa450]}
.text  C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3276] C:\Windows\system32\GDI32.dll!CreateDCW                               000007feffaf8384 6 bytes {JMP QWORD [RIP+0xa7cac]}
.text  C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3276] C:\Windows\system32\GDI32.dll!CreateDCA                               000007feffaf89c4 6 bytes {JMP QWORD [RIP+0x8766c]}
.text  C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3276] C:\Windows\system32\GDI32.dll!GetPixel                                000007feffaf933c 6 bytes {JMP QWORD [RIP+0x1e6cf4]}
.text  C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3276] C:\Windows\system32\GDI32.dll!StretchBlt                              000007feffafb9e8 6 bytes {JMP QWORD [RIP+0x334648]}
.text  C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3276] C:\Windows\system32\GDI32.dll!PlgBlt                                  000007feffafc8b0 6 bytes {JMP QWORD [RIP+0x313780]}
.text  C:\Windows\system32\svchost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                0000000077ad3b10 6 bytes {JMP QWORD [RIP+0x856c520]}
.text  C:\Windows\system32\svchost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                     0000000077b013a0 6 bytes {JMP QWORD [RIP+0x851ec90]}
.text  C:\Windows\system32\svchost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                          0000000077b01570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text  C:\Windows\system32\svchost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                  0000000077b015e0 6 bytes {JMP QWORD [RIP+0x8bbea50]}
.text  C:\Windows\system32\svchost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                               0000000077b01620 6 bytes {JMP QWORD [RIP+0x8b7ea10]}
.text  C:\Windows\system32\svchost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                     0000000077b016c0 6 bytes {JMP QWORD [RIP+0x8bde970]}
.text  C:\Windows\system32\svchost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                             0000000077b01750 6 bytes {JMP QWORD [RIP+0x8b5e8e0]}
.text  C:\Windows\system32\svchost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                              0000000077b01790 6 bytes {JMP QWORD [RIP+0x8a5e8a0]}
.text  C:\Windows\system32\svchost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                           0000000077b017e0 6 bytes {JMP QWORD [RIP+0x8a7e850]}
.text  C:\Windows\system32\svchost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                0000000077b01800 6 bytes {JMP QWORD [RIP+0x8b9e830]}
.text  C:\Windows\system32\svchost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                           0000000077b019f0 6 bytes {JMP QWORD [RIP+0x8c5e640]}
.text  C:\Windows\system32\svchost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                   0000000077b01b00 6 bytes {JMP QWORD [RIP+0x8a3e530]}
.text  C:\Windows\system32\svchost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                               0000000077b01bd0 6 bytes {JMP QWORD [RIP+0x8afe460]}
.text  C:\Windows\system32\svchost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                  0000000077b01d20 6 bytes {JMP QWORD [RIP+0x8bfe310]}
.text  C:\Windows\system32\svchost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                            0000000077b01d30 6 bytes {JMP QWORD [RIP+0x8c3e300]}
.text  C:\Windows\system32\svchost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                0000000077b020a0 6 bytes {JMP QWORD [RIP+0x8b1df90]}
.text  C:\Windows\system32\svchost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                       0000000077b02130 6 bytes {JMP QWORD [RIP+0x8c1df00]}
.text  C:\Windows\system32\svchost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                      0000000077b029a0 6 bytes {JMP QWORD [RIP+0x8b3d690]}
.text  C:\Windows\system32\svchost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                            0000000077b02a20 6 bytes {JMP QWORD [RIP+0x8a9d610]}
.text  C:\Windows\system32\svchost.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                        0000000077b02aa0 6 bytes {JMP QWORD [RIP+0x8abd590]}
.text  C:\Windows\system32\svchost.exe[3620] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                   000007fefd9c9055 3 bytes CALL 9000027
.text  C:\Windows\system32\svchost.exe[3620] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                           000007fefd9d53c0 5 bytes [FF, 25, 70, AC, 0A]
.text  C:\Windows\system32\svchost.exe[3620] C:\Windows\system32\GDI32.dll!DeleteDC                                                                    000007feffaf22d0 6 bytes {JMP QWORD [RIP+0x20dd60]}
.text  C:\Windows\system32\svchost.exe[3620] C:\Windows\system32\GDI32.dll!BitBlt                                                                      000007feffaf24b8 6 bytes JMP 2cdb30
.text  C:\Windows\system32\svchost.exe[3620] C:\Windows\system32\GDI32.dll!MaskBlt                                                                     000007feffaf5be0 6 bytes JMP ffffffff
.text  C:\Windows\system32\svchost.exe[3620] C:\Windows\system32\GDI32.dll!CreateDCW                                                                   000007feffaf8384 6 bytes {JMP QWORD [RIP+0xa7cac]}
.text  C:\Windows\system32\svchost.exe[3620] C:\Windows\system32\GDI32.dll!CreateDCA                                                                   000007feffaf89c4 6 bytes {JMP QWORD [RIP+0x8766c]}
.text  C:\Windows\system32\svchost.exe[3620] C:\Windows\system32\GDI32.dll!GetPixel                                                                    000007feffaf933c 6 bytes {JMP QWORD [RIP+0x1e6cf4]}
.text  C:\Windows\system32\svchost.exe[3620] C:\Windows\system32\GDI32.dll!StretchBlt                                                                  000007feffafb9e8 6 bytes JMP 0
.text  C:\Windows\system32\svchost.exe[3620] C:\Windows\system32\GDI32.dll!PlgBlt                                                                      000007feffafc8b0 6 bytes JMP 0
.text  C:\Windows\System32\svchost.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                0000000077ad3b10 6 bytes {JMP QWORD [RIP+0x856c520]}
.text  C:\Windows\System32\svchost.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                     0000000077b013a0 6 bytes {JMP QWORD [RIP+0x851ec90]}
.text  C:\Windows\System32\svchost.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                          0000000077b01570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text  C:\Windows\System32\svchost.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                  0000000077b015e0 6 bytes {JMP QWORD [RIP+0x8bbea50]}
.text  C:\Windows\System32\svchost.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                               0000000077b01620 6 bytes {JMP QWORD [RIP+0x8b7ea10]}
.text  C:\Windows\System32\svchost.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                     0000000077b016c0 6 bytes {JMP QWORD [RIP+0x8bde970]}
.text  C:\Windows\System32\svchost.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                             0000000077b01750 6 bytes {JMP QWORD [RIP+0x8b5e8e0]}
.text  C:\Windows\System32\svchost.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                              0000000077b01790 6 bytes {JMP QWORD [RIP+0x8a5e8a0]}
.text  C:\Windows\System32\svchost.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                           0000000077b017e0 6 bytes {JMP QWORD [RIP+0x8a7e850]}
.text  C:\Windows\System32\svchost.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                0000000077b01800 6 bytes {JMP QWORD [RIP+0x8b9e830]}
.text  C:\Windows\System32\svchost.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                           0000000077b019f0 6 bytes {JMP QWORD [RIP+0x8c5e640]}
.text  C:\Windows\System32\svchost.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                   0000000077b01b00 6 bytes {JMP QWORD [RIP+0x8a3e530]}
.text  C:\Windows\System32\svchost.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                               0000000077b01bd0 6 bytes {JMP QWORD [RIP+0x8afe460]}
.text  C:\Windows\System32\svchost.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                  0000000077b01d20 6 bytes {JMP QWORD [RIP+0x8bfe310]}
.text  C:\Windows\System32\svchost.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                            0000000077b01d30 6 bytes {JMP QWORD [RIP+0x8c3e300]}
.text  C:\Windows\System32\svchost.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                0000000077b020a0 6 bytes {JMP QWORD [RIP+0x8b1df90]}
.text  C:\Windows\System32\svchost.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                       0000000077b02130 6 bytes {JMP QWORD [RIP+0x8c1df00]}
.text  C:\Windows\System32\svchost.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                      0000000077b029a0 6 bytes {JMP QWORD [RIP+0x8b3d690]}
.text  C:\Windows\System32\svchost.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                            0000000077b02a20 6 bytes {JMP QWORD [RIP+0x8a9d610]}
.text  C:\Windows\System32\svchost.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                        0000000077b02aa0 6 bytes {JMP QWORD [RIP+0x8abd590]}
.text  C:\Windows\System32\svchost.exe[3792] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                   000007fefd9c9055 3 bytes [B5, 6F, 06]
.text  C:\Windows\System32\svchost.exe[3792] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                           000007fefd9d53c0 5 bytes [FF, 25, 70, AC, 0A]
.text  C:\Windows\System32\svchost.exe[3792] C:\Windows\system32\GDI32.dll!DeleteDC                                                                    000007feffaf22d0 6 bytes JMP 20dcb0
.text  C:\Windows\System32\svchost.exe[3792] C:\Windows\system32\GDI32.dll!BitBlt                                                                      000007feffaf24b8 6 bytes {JMP QWORD [RIP+0x2cdb78]}
.text  C:\Windows\System32\svchost.exe[3792] C:\Windows\system32\GDI32.dll!MaskBlt                                                                     000007feffaf5be0 6 bytes {JMP QWORD [RIP+0x2fa450]}
.text  C:\Windows\System32\svchost.exe[3792] C:\Windows\system32\GDI32.dll!CreateDCW                                                                   000007feffaf8384 6 bytes {JMP QWORD [RIP+0xa7cac]}
.text  C:\Windows\System32\svchost.exe[3792] C:\Windows\system32\GDI32.dll!CreateDCA                                                                   000007feffaf89c4 6 bytes {JMP QWORD [RIP+0x8766c]}
.text  C:\Windows\System32\svchost.exe[3792] C:\Windows\system32\GDI32.dll!GetPixel                                                                    000007feffaf933c 6 bytes JMP 0
.text  C:\Windows\System32\svchost.exe[3792] C:\Windows\system32\GDI32.dll!StretchBlt                                                                  000007feffafb9e8 6 bytes JMP 0
.text  C:\Windows\System32\svchost.exe[3792] C:\Windows\system32\GDI32.dll!PlgBlt                                                                      000007feffafc8b0 6 bytes {JMP QWORD [RIP+0x313780]}
.text  C:\Windows\System32\svchost.exe[3792] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA                                                     000007feffbfa6f0 6 bytes {JMP QWORD [RIP+0xb5940]}
.text  C:\Windows\System32\svchost.exe[3792] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                  000007feffc20c10 6 bytes JMP ffad34fe
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                0000000077ad3b10 6 bytes {JMP QWORD [RIP+0x88ec520]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtReplyPort                                                                 0000000077b01370 6 bytes {JMP QWORD [RIP+0x861ecc0]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                     0000000077b013a0 6 bytes {JMP QWORD [RIP+0x889ec90]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort                                                      0000000077b014d0 6 bytes {JMP QWORD [RIP+0x85feb60]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtQueryVirtualMemory                                                        0000000077b014e0 6 bytes {JMP QWORD [RIP+0x885eb50]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                          0000000077b01570 6 bytes {JMP QWORD [RIP+0x92ceac0]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                  0000000077b015e0 6 bytes {JMP QWORD [RIP+0x883ea50]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                               0000000077b01620 6 bytes {JMP QWORD [RIP+0x87dea10]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile                                                             0000000077b01640 6 bytes {JMP QWORD [RIP+0x887e9f0]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                 0000000077b016b0 6 bytes {JMP QWORD [RIP+0x869e980]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                     0000000077b016c0 6 bytes {JMP QWORD [RIP+0x937e970]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                               0000000077b01730 6 bytes {JMP QWORD [RIP+0x867e900]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                             0000000077b01750 6 bytes {JMP QWORD [RIP+0x87be8e0]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                              0000000077b01790 6 bytes {JMP QWORD [RIP+0x924e8a0]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                           0000000077b017e0 6 bytes {JMP QWORD [RIP+0x926e850]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                0000000077b01800 6 bytes {JMP QWORD [RIP+0x881e830]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                           0000000077b019f0 6 bytes {JMP QWORD [RIP+0x85be640]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort                                                            0000000077b01a00 6 bytes {JMP QWORD [RIP+0x859e630]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                   0000000077b01b00 6 bytes {JMP QWORD [RIP+0x85de530]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                               0000000077b01bd0 6 bytes {JMP QWORD [RIP+0x877e460]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                           0000000077b01c10 6 bytes {JMP QWORD [RIP+0x86be420]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                              0000000077b01c80 6 bytes {JMP QWORD [RIP+0x863e3b0]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile                                                       0000000077b01c90 6 bytes {JMP QWORD [RIP+0x87fe3a0]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort                                                                0000000077b01cb0 6 bytes {JMP QWORD [RIP+0x873e380]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                           0000000077b01d10 6 bytes {JMP QWORD [RIP+0x86fe320]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                  0000000077b01d20 6 bytes {JMP QWORD [RIP+0x939e310]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                            0000000077b01d30 6 bytes {JMP QWORD [RIP+0x93de300]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateWaitablePort                                                        0000000077b01d90 6 bytes {JMP QWORD [RIP+0x879e2a0]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                0000000077b020a0 6 bytes {JMP QWORD [RIP+0x92fdf90]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                       0000000077b02130 6 bytes {JMP QWORD [RIP+0x93bdf00]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                             0000000077b021d0 6 bytes {JMP QWORD [RIP+0x86dde60]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                0000000077b02240 6 bytes {JMP QWORD [RIP+0x865ddf0]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                             0000000077b02290 6 bytes {JMP QWORD [RIP+0x871dda0]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort                                                         0000000077b027a0 6 bytes {JMP QWORD [RIP+0x875d890]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                      0000000077b029a0 6 bytes {JMP QWORD [RIP+0x931d690]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                            0000000077b02a20 6 bytes {JMP QWORD [RIP+0x928d610]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                        0000000077b02aa0 6 bytes {JMP QWORD [RIP+0x92ad590]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\system32\kernel32.dll!GetPrivateProfileStringW                                                 0000000077896bf0 6 bytes {JMP QWORD [RIP+0x8789440]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                     000000007789a420 6 bytes {JMP QWORD [RIP+0x8f25c10]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\system32\kernel32.dll!RegOpenKeyExW                                                            00000000778a4560 6 bytes {JMP QWORD [RIP+0x87dbad0]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\system32\kernel32.dll!CreateProcessW                                                           00000000778b1b50 6 bytes {JMP QWORD [RIP+0x8ece4e0]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\system32\kernel32.dll!GetPrivateProfileStringA                                                 00000000779116f0 6 bytes {JMP QWORD [RIP+0x872e940]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\system32\kernel32.dll!CreateProcessA                                                           0000000077928810 6 bytes {JMP QWORD [RIP+0x8e77820]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1                                                     000007fefd9c8ef1 5 bytes {JMP QWORD [RIP+0xb7140]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                   000007fefd9c9055 3 bytes CALL 9000027
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                           000007fefd9d53c0 5 bytes [FF, 25, 70, AC, 0C]
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\sechost.dll!SetServiceStatus                                                          000007feffad687c 6 bytes {JMP QWORD [RIP+0x5597b4]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\sechost.dll!I_ScValidatePnPService                                                    000007feffad8e30 6 bytes {JMP QWORD [RIP+0x5d7200]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\sechost.dll!I_ScPnPGetServiceName                                                     000007feffad995c 6 bytes {JMP QWORD [RIP+0x5b66d4]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\sechost.dll!StartServiceCtrlDispatcherA                                               000007feffad99e4 6 bytes {JMP QWORD [RIP+0xc664c]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\sechost.dll!StartServiceCtrlDispatcherW                                               000007feffad9ac8 6 bytes {JMP QWORD [RIP+0xa6568]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerW                                               000007feffada51c 6 bytes {JMP QWORD [RIP+0x535b14]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerA                                               000007feffada530 6 bytes {JMP QWORD [RIP+0x405b00]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerExW                                             000007feffada5b0 5 bytes [FF, 25, 80, 5A, 3C]
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerExA                                             000007feffada5c4 6 bytes {JMP QWORD [RIP+0x3e5a6c]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\sechost.dll!NotifyServiceStatusChange                                                 000007feffadbb28 6 bytes {JMP QWORD [RIP+0x574508]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\sechost.dll!NotifyServiceStatusChangeA                                                000007feffadbb3c 3 bytes [FF, 25, F4]
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\SYSTEM32\sechost.dll!NotifyServiceStatusChangeA + 4                                            000007feffadbb40 2 bytes [59, 00]
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx                                                      000007fefe2e4750 6 bytes JMP e9
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\system32\GDI32.dll!DeleteDC                                                                    000007feffaf22d0 6 bytes {JMP QWORD [RIP+0x68dd60]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\system32\GDI32.dll!BitBlt                                                                      000007feffaf24b8 6 bytes {JMP QWORD [RIP+0x6adb78]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\system32\GDI32.dll!MaskBlt                                                                     000007feffaf5be0 6 bytes {JMP QWORD [RIP+0x6ca450]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\system32\GDI32.dll!CreateDCW                                                                   000007feffaf8384 6 bytes {JMP QWORD [RIP+0x647cac]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\system32\GDI32.dll!CreateDCA                                                                   000007feffaf89c4 6 bytes {JMP QWORD [RIP+0x62766c]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\system32\GDI32.dll!GetPixel                                                                    000007feffaf933c 6 bytes {JMP QWORD [RIP+0x666cf4]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\system32\GDI32.dll!StretchBlt                                                                  000007feffafb9e8 6 bytes {JMP QWORD [RIP+0x704648]}
.text  C:\Windows\system32\svchost.exe[4496] C:\Windows\system32\GDI32.dll!PlgBlt                                                                      000007feffafc8b0 6 bytes {JMP QWORD [RIP+0x6e3780]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                0000000077ad3b10 6 bytes {JMP QWORD [RIP+0x88ec520]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyPort                                                                 0000000077b01370 6 bytes {JMP QWORD [RIP+0x861ecc0]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                     0000000077b013a0 6 bytes {JMP QWORD [RIP+0x889ec90]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort                                                      0000000077b014d0 6 bytes {JMP QWORD [RIP+0x85feb60]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryVirtualMemory                                                        0000000077b014e0 6 bytes {JMP QWORD [RIP+0x885eb50]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                          0000000077b01570 6 bytes {JMP QWORD [RIP+0x92ceac0]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                  0000000077b015e0 6 bytes {JMP QWORD [RIP+0x883ea50]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                               0000000077b01620 6 bytes {JMP QWORD [RIP+0x87dea10]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile                                                             0000000077b01640 6 bytes {JMP QWORD [RIP+0x887e9f0]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                                 0000000077b016b0 6 bytes {JMP QWORD [RIP+0x869e980]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                     0000000077b016c0 6 bytes {JMP QWORD [RIP+0x937e970]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                               0000000077b01730 6 bytes {JMP QWORD [RIP+0x867e900]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                             0000000077b01750 6 bytes {JMP QWORD [RIP+0x87be8e0]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                              0000000077b01790 6 bytes {JMP QWORD [RIP+0x924e8a0]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                           0000000077b017e0 6 bytes {JMP QWORD [RIP+0x926e850]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                0000000077b01800 6 bytes {JMP QWORD [RIP+0x881e830]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                           0000000077b019f0 6 bytes {JMP QWORD [RIP+0x85be640]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort                                                            0000000077b01a00 6 bytes {JMP QWORD [RIP+0x859e630]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                   0000000077b01b00 6 bytes {JMP QWORD [RIP+0x85de530]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                               0000000077b01bd0 6 bytes {JMP QWORD [RIP+0x877e460]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                           0000000077b01c10 6 bytes {JMP QWORD [RIP+0x86be420]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                              0000000077b01c80 6 bytes {JMP QWORD [RIP+0x863e3b0]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateNamedPipeFile                                                       0000000077b01c90 6 bytes {JMP QWORD [RIP+0x87fe3a0]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort                                                                0000000077b01cb0 6 bytes {JMP QWORD [RIP+0x873e380]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                           0000000077b01d10 6 bytes {JMP QWORD [RIP+0x86fe320]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                  0000000077b01d20 6 bytes {JMP QWORD [RIP+0x939e310]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                            0000000077b01d30 6 bytes {JMP QWORD [RIP+0x93de300]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateWaitablePort                                                        0000000077b01d90 6 bytes {JMP QWORD [RIP+0x879e2a0]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                0000000077b020a0 6 bytes {JMP QWORD [RIP+0x92fdf90]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                       0000000077b02130 6 bytes {JMP QWORD [RIP+0x93bdf00]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                             0000000077b021d0 6 bytes {JMP QWORD [RIP+0x86dde60]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                                0000000077b02240 6 bytes {JMP QWORD [RIP+0x865ddf0]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                             0000000077b02290 6 bytes {JMP QWORD [RIP+0x871dda0]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort                                                         0000000077b027a0 6 bytes {JMP QWORD [RIP+0x875d890]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                      0000000077b029a0 6 bytes {JMP QWORD [RIP+0x931d690]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                            0000000077b02a20 6 bytes {JMP QWORD [RIP+0x928d610]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                        0000000077b02aa0 6 bytes {JMP QWORD [RIP+0x92ad590]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\system32\kernel32.dll!GetPrivateProfileStringW                                                 0000000077896bf0 6 bytes {JMP QWORD [RIP+0x8789440]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                     000000007789a420 6 bytes {JMP QWORD [RIP+0x8f25c10]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\system32\kernel32.dll!RegOpenKeyExW                                                            00000000778a4560 6 bytes {JMP QWORD [RIP+0x87dbad0]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\system32\kernel32.dll!CreateProcessW                                                           00000000778b1b50 6 bytes {JMP QWORD [RIP+0x8ece4e0]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\system32\kernel32.dll!GetPrivateProfileStringA                                                 00000000779116f0 6 bytes {JMP QWORD [RIP+0x872e940]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\system32\kernel32.dll!CreateProcessA                                                           0000000077928810 6 bytes {JMP QWORD [RIP+0x8e77820]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1                                                     000007fefd9c8ef1 5 bytes {JMP QWORD [RIP+0xb7140]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                   000007fefd9c9055 3 bytes CALL 9000027
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                           000007fefd9d53c0 5 bytes [FF, 25, 70, AC, 0C]
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\sechost.dll!SetServiceStatus                                                          000007feffad687c 6 bytes {JMP QWORD [RIP+0x5597b4]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\sechost.dll!I_ScValidatePnPService                                                    000007feffad8e30 6 bytes {JMP QWORD [RIP+0x5d7200]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\sechost.dll!I_ScPnPGetServiceName                                                     000007feffad995c 6 bytes {JMP QWORD [RIP+0x5b66d4]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\sechost.dll!StartServiceCtrlDispatcherA                                               000007feffad99e4 6 bytes {JMP QWORD [RIP+0xc664c]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\sechost.dll!StartServiceCtrlDispatcherW                                               000007feffad9ac8 6 bytes {JMP QWORD [RIP+0xa6568]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerW                                               000007feffada51c 6 bytes {JMP QWORD [RIP+0x535b14]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerA                                               000007feffada530 6 bytes {JMP QWORD [RIP+0x405b00]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerExW                                             000007feffada5b0 5 bytes [FF, 25, 80, 5A, 3C]
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\sechost.dll!RegisterServiceCtrlHandlerExA                                             000007feffada5c4 6 bytes {JMP QWORD [RIP+0x3e5a6c]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\sechost.dll!NotifyServiceStatusChange                                                 000007feffadbb28 6 bytes {JMP QWORD [RIP+0x574508]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\sechost.dll!NotifyServiceStatusChangeA                                                000007feffadbb3c 3 bytes [FF, 25, F4]
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\SYSTEM32\sechost.dll!NotifyServiceStatusChangeA + 4                                            000007feffadbb40 2 bytes [59, 00]
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx                                                      000007fefe2e4750 6 bytes {JMP QWORD [RIP+0x10b8e0]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\system32\GDI32.dll!DeleteDC                                                                    000007feffaf22d0 6 bytes {JMP QWORD [RIP+0x68dd60]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\system32\GDI32.dll!BitBlt                                                                      000007feffaf24b8 6 bytes {JMP QWORD [RIP+0x6adb78]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\system32\GDI32.dll!MaskBlt                                                                     000007feffaf5be0 6 bytes {JMP QWORD [RIP+0x6ca450]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\system32\GDI32.dll!CreateDCW                                                                   000007feffaf8384 6 bytes {JMP QWORD [RIP+0x647cac]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\system32\GDI32.dll!CreateDCA                                                                   000007feffaf89c4 6 bytes {JMP QWORD [RIP+0x62766c]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\system32\GDI32.dll!GetPixel                                                                    000007feffaf933c 6 bytes {JMP QWORD [RIP+0x666cf4]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\system32\GDI32.dll!StretchBlt                                                                  000007feffafb9e8 6 bytes {JMP QWORD [RIP+0x704648]}
.text  C:\Windows\system32\svchost.exe[4516] C:\Windows\system32\GDI32.dll!PlgBlt                                                                      000007feffafc8b0 6 bytes {JMP QWORD [RIP+0x6e3780]}
.text  C:\Windows\system32\prevhost.exe[62160] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                              0000000077ad3b10 6 bytes {JMP QWORD [RIP+0x856c520]}
.text  C:\Windows\system32\prevhost.exe[62160] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                   0000000077b013a0 6 bytes {JMP QWORD [RIP+0x851ec90]}
.text  C:\Windows\system32\prevhost.exe[62160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                        0000000077b01570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text  C:\Windows\system32\prevhost.exe[62160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                0000000077b015e0 6 bytes {JMP QWORD [RIP+0x8bbea50]}
.text  C:\Windows\system32\prevhost.exe[62160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                             0000000077b01620 6 bytes {JMP QWORD [RIP+0x8b7ea10]}
.text  C:\Windows\system32\prevhost.exe[62160] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                   0000000077b016c0 6 bytes {JMP QWORD [RIP+0x8bde970]}
.text  C:\Windows\system32\prevhost.exe[62160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                           0000000077b01750 6 bytes {JMP QWORD [RIP+0x8b5e8e0]}
.text  C:\Windows\system32\prevhost.exe[62160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                            0000000077b01790 6 bytes {JMP QWORD [RIP+0x8a5e8a0]}
.text  C:\Windows\system32\prevhost.exe[62160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                         0000000077b017e0 6 bytes {JMP QWORD [RIP+0x8a7e850]}
.text  C:\Windows\system32\prevhost.exe[62160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                              0000000077b01800 6 bytes {JMP QWORD [RIP+0x8b9e830]}
.text  C:\Windows\system32\prevhost.exe[62160] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                         0000000077b019f0 6 bytes {JMP QWORD [RIP+0x8c5e640]}
.text  C:\Windows\system32\prevhost.exe[62160] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                 0000000077b01b00 6 bytes {JMP QWORD [RIP+0x8a3e530]}
.text  C:\Windows\system32\prevhost.exe[62160] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                             0000000077b01bd0 6 bytes {JMP QWORD [RIP+0x8afe460]}
.text  C:\Windows\system32\prevhost.exe[62160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                0000000077b01d20 6 bytes {JMP QWORD [RIP+0x8bfe310]}
.text  C:\Windows\system32\prevhost.exe[62160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                          0000000077b01d30 6 bytes {JMP QWORD [RIP+0x8c3e300]}
.text  C:\Windows\system32\prevhost.exe[62160] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                              0000000077b020a0 6 bytes {JMP QWORD [RIP+0x8b1df90]}
.text  C:\Windows\system32\prevhost.exe[62160] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                     0000000077b02130 6 bytes {JMP QWORD [RIP+0x8c1df00]}
.text  C:\Windows\system32\prevhost.exe[62160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                    0000000077b029a0 6 bytes {JMP QWORD [RIP+0x8b3d690]}
.text  C:\Windows\system32\prevhost.exe[62160] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                          0000000077b02a20 6 bytes {JMP QWORD [RIP+0x8a9d610]}
.text  C:\Windows\system32\prevhost.exe[62160] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                      0000000077b02aa0 6 bytes {JMP QWORD [RIP+0x8abd590]}
.text  C:\Windows\system32\prevhost.exe[62160] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                   000000007789a420 6 bytes {JMP QWORD [RIP+0x8805c10]}
.text  C:\Windows\system32\prevhost.exe[62160] C:\Windows\system32\kernel32.dll!CreateProcessW                                                         00000000778b1b50 6 bytes {JMP QWORD [RIP+0x87ae4e0]}
.text  C:\Windows\system32\prevhost.exe[62160] C:\Windows\system32\kernel32.dll!CreateProcessA                                                         0000000077928810 6 bytes {JMP QWORD [RIP+0x8757820]}
.text  C:\Windows\system32\prevhost.exe[62160] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                 000007fefd9c9055 3 bytes [B5, 6F, 06]
.text  C:\Windows\system32\prevhost.exe[62160] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                         000007fefd9d53c0 5 bytes [FF, 25, 70, AC, 0A]
.text  C:\Windows\system32\prevhost.exe[62160] C:\Windows\system32\GDI32.dll!DeleteDC                                                                  000007feffaf22d0 6 bytes JMP 0
.text  C:\Windows\system32\prevhost.exe[62160] C:\Windows\system32\GDI32.dll!BitBlt                                                                    000007feffaf24b8 6 bytes {JMP QWORD [RIP+0x2cdb78]}
.text  C:\Windows\system32\prevhost.exe[62160] C:\Windows\system32\GDI32.dll!MaskBlt                                                                   000007feffaf5be0 6 bytes JMP 0
.text  C:\Windows\system32\prevhost.exe[62160] C:\Windows\system32\GDI32.dll!CreateDCW                                                                 000007feffaf8384 6 bytes {JMP QWORD [RIP+0xa7cac]}
.text  C:\Windows\system32\prevhost.exe[62160] C:\Windows\system32\GDI32.dll!CreateDCA                                                                 000007feffaf89c4 6 bytes {JMP QWORD [RIP+0x8766c]}
.text  C:\Windows\system32\prevhost.exe[62160] C:\Windows\system32\GDI32.dll!GetPixel                                                                  000007feffaf933c 6 bytes {JMP QWORD [RIP+0x1e6cf4]}
.text  C:\Windows\system32\prevhost.exe[62160] C:\Windows\system32\GDI32.dll!StretchBlt                                                                000007feffafb9e8 6 bytes {JMP QWORD [RIP+0x334648]}
.text  C:\Windows\system32\prevhost.exe[62160] C:\Windows\system32\GDI32.dll!PlgBlt                                                                    000007feffafc8b0 6 bytes JMP 0
.text  C:\Windows\system32\AUDIODG.EXE[94740] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                               0000000077ad3b10 6 bytes {JMP QWORD [RIP+0x856c520]}
.text  C:\Windows\system32\AUDIODG.EXE[94740] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                    0000000077b013a0 6 bytes {JMP QWORD [RIP+0x851ec90]}
.text  C:\Windows\system32\AUDIODG.EXE[94740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                         0000000077b01570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text  C:\Windows\system32\AUDIODG.EXE[94740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                 0000000077b015e0 6 bytes {JMP QWORD [RIP+0x8bbea50]}
.text  C:\Windows\system32\AUDIODG.EXE[94740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                              0000000077b01620 6 bytes {JMP QWORD [RIP+0x8b7ea10]}
.text  C:\Windows\system32\AUDIODG.EXE[94740] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                    0000000077b016c0 6 bytes {JMP QWORD [RIP+0x8bde970]}
.text  C:\Windows\system32\AUDIODG.EXE[94740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                            0000000077b01750 6 bytes {JMP QWORD [RIP+0x8b5e8e0]}
.text  C:\Windows\system32\AUDIODG.EXE[94740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                             0000000077b01790 6 bytes {JMP QWORD [RIP+0x8a5e8a0]}
.text  C:\Windows\system32\AUDIODG.EXE[94740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                          0000000077b017e0 6 bytes {JMP QWORD [RIP+0x8a7e850]}
.text  C:\Windows\system32\AUDIODG.EXE[94740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                               0000000077b01800 6 bytes {JMP QWORD [RIP+0x8b9e830]}
.text  C:\Windows\system32\AUDIODG.EXE[94740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                          0000000077b019f0 6 bytes {JMP QWORD [RIP+0x8c5e640]}
.text  C:\Windows\system32\AUDIODG.EXE[94740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                  0000000077b01b00 6 bytes {JMP QWORD [RIP+0x8a3e530]}
.text  C:\Windows\system32\AUDIODG.EXE[94740] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                              0000000077b01bd0 6 bytes {JMP QWORD [RIP+0x8afe460]}
.text  C:\Windows\system32\AUDIODG.EXE[94740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                 0000000077b01d20 6 bytes {JMP QWORD [RIP+0x8bfe310]}
.text  C:\Windows\system32\AUDIODG.EXE[94740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                           0000000077b01d30 6 bytes {JMP QWORD [RIP+0x8c3e300]}
.text  C:\Windows\system32\AUDIODG.EXE[94740] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                               0000000077b020a0 6 bytes {JMP QWORD [RIP+0x8b1df90]}
.text  C:\Windows\system32\AUDIODG.EXE[94740] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                      0000000077b02130 6 bytes {JMP QWORD [RIP+0x8c1df00]}
.text  C:\Windows\system32\AUDIODG.EXE[94740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                     0000000077b029a0 6 bytes {JMP QWORD [RIP+0x8b3d690]}
.text  C:\Windows\system32\AUDIODG.EXE[94740] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                           0000000077b02a20 6 bytes {JMP QWORD [RIP+0x8a9d610]}
.text  C:\Windows\system32\AUDIODG.EXE[94740] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                       0000000077b02aa0 6 bytes {JMP QWORD [RIP+0x8abd590]}
.text  C:\Windows\system32\AUDIODG.EXE[94740] C:\Windows\System32\kernel32.dll!CreateProcessAsUserW                                                    000000007789a420 6 bytes {JMP QWORD [RIP+0x8805c10]}
.text  C:\Windows\system32\AUDIODG.EXE[94740] C:\Windows\System32\kernel32.dll!CreateProcessW                                                          00000000778b1b50 6 bytes {JMP QWORD [RIP+0x87ae4e0]}
.text  C:\Windows\system32\AUDIODG.EXE[94740] C:\Windows\System32\kernel32.dll!CreateProcessA                                                          0000000077928810 6 bytes {JMP QWORD [RIP+0x8757820]}
.text  C:\Windows\system32\AUDIODG.EXE[94740] C:\Windows\System32\KERNELBASE.dll!LoadLibraryExW + 357                                                  000007fefd9c9055 3 bytes [B5, 6F, 06]
.text  C:\Windows\system32\AUDIODG.EXE[94740] C:\Windows\System32\KERNELBASE.dll!SetProcessShutdownParameters                                          000007fefd9d53c0 5 bytes [FF, 25, 70, AC, 0A]
.text  C:\Windows\system32\AUDIODG.EXE[94740] C:\Windows\System32\GDI32.dll!DeleteDC                                                                   000007feffaf22d0 6 bytes JMP 0
.text  C:\Windows\system32\AUDIODG.EXE[94740] C:\Windows\System32\GDI32.dll!BitBlt                                                                     000007feffaf24b8 6 bytes {JMP QWORD [RIP+0x2cdb78]}
.text  C:\Windows\system32\AUDIODG.EXE[94740] C:\Windows\System32\GDI32.dll!MaskBlt                                                                    000007feffaf5be0 6 bytes {JMP QWORD [RIP+0x2fa450]}
.text  C:\Windows\system32\AUDIODG.EXE[94740] C:\Windows\System32\GDI32.dll!CreateDCW                                                                  000007feffaf8384 6 bytes {JMP QWORD [RIP+0xa7cac]}
.text  C:\Windows\system32\AUDIODG.EXE[94740] C:\Windows\System32\GDI32.dll!CreateDCA                                                                  000007feffaf89c4 6 bytes {JMP QWORD [RIP+0x8766c]}
.text  C:\Windows\system32\AUDIODG.EXE[94740] C:\Windows\System32\GDI32.dll!GetPixel                                                                   000007feffaf933c 6 bytes JMP 0
.text  C:\Windows\system32\AUDIODG.EXE[94740] C:\Windows\System32\GDI32.dll!StretchBlt                                                                 000007feffafb9e8 6 bytes {JMP QWORD [RIP+0x334648]}
.text  C:\Windows\system32\AUDIODG.EXE[94740] C:\Windows\System32\GDI32.dll!PlgBlt                                                                     000007feffafc8b0 6 bytes {JMP QWORD [RIP+0x313780]}
.text  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[92084] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                       0000000077ad3b10 6 bytes {JMP QWORD [RIP+0x856c520]}
.text  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[92084] C:\Windows\SYSTEM32\ntdll.dll!NtClose                            0000000077b013a0 6 bytes {JMP QWORD [RIP+0x851ec90]}
.text  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[92084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                 0000000077b01570 6 bytes {JMP QWORD [RIP+0x8adeac0]}
.text  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[92084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                         0000000077b015e0 6 bytes {JMP QWORD [RIP+0x8bbea50]}
.text  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[92084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                      0000000077b01620 6 bytes {JMP QWORD [RIP+0x8b7ea10]}
.text  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[92084] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken            0000000077b016c0 6 bytes {JMP QWORD [RIP+0x8bde970]}
.text  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[92084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                    0000000077b01750 6 bytes {JMP QWORD [RIP+0x8b5e8e0]}
.text  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[92084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                     0000000077b01790 6 bytes {JMP QWORD [RIP+0x8a5e8a0]}
.text  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[92084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                  0000000077b017e0 6 bytes {JMP QWORD [RIP+0x8a7e850]}
.text  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[92084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                       0000000077b01800 6 bytes {JMP QWORD [RIP+0x8b9e830]}
.text  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[92084] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                  0000000077b019f0 6 bytes {JMP QWORD [RIP+0x8c5e640]}
.text  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[92084] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort          0000000077b01b00 6 bytes {JMP QWORD [RIP+0x8a3e530]}
.text  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[92084] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                      0000000077b01bd0 6 bytes {JMP QWORD [RIP+0x8afe460]}
.text  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[92084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject         0000000077b01d20 6 bytes {JMP QWORD [RIP+0x8bfe310]}
.text  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[92084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                   0000000077b01d30 6 bytes {JMP QWORD [RIP+0x8c3e300]}
.text  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[92084] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                       0000000077b020a0 6 bytes {JMP QWORD [RIP+0x8b1df90]}
.text  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[92084] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject              0000000077b02130 6 bytes {JMP QWORD [RIP+0x8c1df00]}
.text  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[92084] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation             0000000077b029a0 6 bytes {JMP QWORD [RIP+0x8b3d690]}
.text  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[92084] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                   0000000077b02a20 6 bytes {JMP QWORD [RIP+0x8a9d610]}
.text  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[92084] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl               0000000077b02aa0 6 bytes {JMP QWORD [RIP+0x8abd590]}
.text  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[92084] C:\Windows\system32\KERNEL32.dll!CreateProcessAsUserW            000000007789a420 6 bytes {JMP QWORD [RIP+0x8805c10]}
.text  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[92084] C:\Windows\system32\KERNEL32.dll!CreateProcessW                  00000000778b1b50 6 bytes {JMP QWORD [RIP+0x87ae4e0]}
.text  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[92084] C:\Windows\system32\KERNEL32.dll!CreateProcessA                  0000000077928810 6 bytes {JMP QWORD [RIP+0x8757820]}
.text  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[92084] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357          000007fefd9c9055 3 bytes [B5, 6F, 06]
.text  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[92084] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters  000007fefd9d53c0 5 bytes [FF, 25, 70, AC, 0A]
.text  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[92084] C:\Windows\system32\GDI32.dll!DeleteDC                           000007feffaf22d0 6 bytes {JMP QWORD [RIP+0x20dd60]}
.text  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[92084] C:\Windows\system32\GDI32.dll!BitBlt                             000007feffaf24b8 6 bytes {JMP QWORD [RIP+0x2cdb78]}
.text  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[92084] C:\Windows\system32\GDI32.dll!MaskBlt                            000007feffaf5be0 6 bytes JMP 0
.text  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[92084] C:\Windows\system32\GDI32.dll!CreateDCW                          000007feffaf8384 6 bytes {JMP QWORD [RIP+0xa7cac]}
.text  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[92084] C:\Windows\system32\GDI32.dll!CreateDCA                          000007feffaf89c4 6 bytes {JMP QWORD [RIP+0x8766c]}
.text  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[92084] C:\Windows\system32\GDI32.dll!GetPixel                           000007feffaf933c 6 bytes JMP 0
.text  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[92084] C:\Windows\system32\GDI32.dll!StretchBlt                         000007feffafb9e8 6 bytes JMP 201
.text  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[92084] C:\Windows\system32\GDI32.dll!PlgBlt                             000007feffafc8b0 6 bytes JMP 0
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                              0000000077caf9e0 3 bytes JMP 71af000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4                                                          0000000077caf9e4 2 bytes JMP 71af000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                   0000000077cafcb0 3 bytes JMP 70fa000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4                                               0000000077cafcb4 2 bytes JMP 70fa000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                           0000000077cafd64 3 bytes JMP 70e5000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                       0000000077cafd68 2 bytes JMP 70e5000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                        0000000077cafdc8 3 bytes JMP 70eb000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4                                                    0000000077cafdcc 2 bytes JMP 70eb000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                              0000000077cafec0 3 bytes JMP 70e2000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4                                          0000000077cafec4 2 bytes JMP 70e2000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                      0000000077caffa4 3 bytes JMP 70ee000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4                                                  0000000077caffa8 2 bytes JMP 70ee000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                       0000000077cb0004 3 bytes JMP 7106000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4                                                   0000000077cb0008 2 bytes JMP 7106000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                    0000000077cb0084 3 bytes JMP 7103000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4                                                0000000077cb0088 2 bytes JMP 7103000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                         0000000077cb00b4 3 bytes JMP 70e8000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                     0000000077cb00b8 2 bytes JMP 70e8000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                    0000000077cb03b8 3 bytes JMP 70d6000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4                                                0000000077cb03bc 2 bytes JMP 70d6000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                            0000000077cb0550 3 bytes JMP 7109000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4                                        0000000077cb0554 2 bytes JMP 7109000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                        0000000077cb0694 3 bytes JMP 70f7000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4                                                    0000000077cb0698 2 bytes JMP 70f7000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                           0000000077cb088c 3 bytes JMP 70df000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4                                       0000000077cb0890 2 bytes JMP 70df000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                     0000000077cb08a4 3 bytes JMP 70d9000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4                                                 0000000077cb08a8 2 bytes JMP 70d9000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                         0000000077cb0df4 3 bytes JMP 70f4000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4                                                     0000000077cb0df8 2 bytes JMP 70f4000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                                0000000077cb0ed8 3 bytes JMP 70dc000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4                                            0000000077cb0edc 2 bytes JMP 70dc000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                               0000000077cb1be4 3 bytes JMP 70f1000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4                                           0000000077cb1be8 2 bytes JMP 70f1000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                     0000000077cb1cb4 3 bytes JMP 7100000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4                                                 0000000077cb1cb8 2 bytes JMP 7100000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                 0000000077cb1d8c 3 bytes JMP 70fd000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4                                             0000000077cb1d90 2 bytes JMP 70fd000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                         0000000077cd1287 6 bytes JMP 71a8000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                    00000000764c103d 6 bytes JMP 719c000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                    00000000764c1072 6 bytes JMP 7199000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                              00000000764ec965 6 bytes JMP 7190000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters                                    000000007580f776 6 bytes JMP 719f000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                            0000000075812c91 4 bytes CALL 71ac0000
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!SetWindowLongW                                                      00000000775e8332 6 bytes JMP 7163000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!PostThreadMessageW                                                  00000000775e8bff 6 bytes JMP 7157000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW                                               00000000775e90d3 6 bytes JMP 7112000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!SendMessageW                                                        00000000775e9679 6 bytes JMP 7151000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW                                                 00000000775e97d2 6 bytes JMP 714b000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                     00000000775eee09 6 bytes JMP 7169000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!RegisterHotKey                                                      00000000775eefc9 3 bytes JMP 7118000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4                                                  00000000775eefcd 2 bytes JMP 7118000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!PostMessageW                                                        00000000775f12a5 6 bytes JMP 715d000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!GetKeyState                                                         00000000775f291f 6 bytes JMP 7130000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!SetParent                                                           00000000775f2d64 3 bytes JMP 7127000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!SetParent + 4                                                       00000000775f2d68 2 bytes JMP 7127000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!EnableWindow                                                        00000000775f2da4 6 bytes JMP 710f000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!MoveWindow                                                          00000000775f3698 3 bytes JMP 7124000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!MoveWindow + 4                                                      00000000775f369c 2 bytes JMP 7124000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!PostMessageA                                                        00000000775f3baa 6 bytes JMP 7160000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!PostThreadMessageA                                                  00000000775f3c61 6 bytes JMP 715a000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!SetWindowLongA                                                      00000000775f6110 6 bytes JMP 7166000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!SendMessageA                                                        00000000775f612e 6 bytes JMP 7154000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA                                               00000000775f6c30 6 bytes JMP 7115000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                   00000000775f7603 6 bytes JMP 716c000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW                                                  00000000775f7668 6 bytes JMP 713f000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW                                                00000000775f76e0 6 bytes JMP 7145000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA                                                 00000000775f781f 6 bytes JMP 714e000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                   00000000775f835c 6 bytes JMP 716f000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                                                  00000000775fc4b6 3 bytes JMP 7121000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4                                              00000000775fc4ba 2 bytes JMP 7121000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA                                                 000000007760c112 6 bytes JMP 713c000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW                                                 000000007760d0f5 6 bytes JMP 7139000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                    000000007760eb96 6 bytes JMP 712d000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!GetKeyboardState                                                    000000007760ec68 3 bytes JMP 7133000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4                                                000000007760ec6c 2 bytes JMP 7133000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!SendInput                                                           000000007760ff4a 3 bytes JMP 7136000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!SendInput + 4                                                       000000007760ff4e 2 bytes JMP 7136000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                    0000000077629f1d 6 bytes JMP 711b000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!ExitWindowsEx                                                       0000000077631497 6 bytes JMP 710c000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!mouse_event                                                         000000007764027b 6 bytes JMP 7172000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!keybd_event                                                         00000000776402bf 6 bytes JMP 7175000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA                                                0000000077646cfc 6 bytes JMP 7148000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA                                                  0000000077646d5d 6 bytes JMP 7142000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!BlockInput                                                          0000000077647dd7 3 bytes JMP 711e000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!BlockInput + 4                                                      0000000077647ddb 2 bytes JMP 711e000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices                                             00000000776488eb 3 bytes JMP 712a000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4                                         00000000776488ef 2 bytes JMP 712a000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\GDI32.dll!DeleteDC                                                             00000000773658b3 6 bytes JMP 7184000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\GDI32.dll!BitBlt                                                               0000000077365ea6 6 bytes JMP 7181000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\GDI32.dll!CreateDCA                                                            0000000077367bcc 6 bytes JMP 718d000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\GDI32.dll!StretchBlt                                                           000000007736b895 6 bytes JMP 7178000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\GDI32.dll!MaskBlt                                                              000000007736c332 6 bytes JMP 717e000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\GDI32.dll!GetPixel                                                             000000007736cbfb 6 bytes JMP 7187000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\GDI32.dll!CreateDCW                                                            000000007736e743 6 bytes JMP 718a000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\GDI32.dll!PlgBlt                                                               000000007739480f 6 bytes JMP 717b000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                              0000000075c72642 6 bytes JMP 7196000a
.text  C:\Users\Frank\Downloads\8441b6d4.exe[97228] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                           0000000075c75429 6 bytes JMP 7193000a

---- EOF - GMER 2.1 ----
Hey,

ich brauch den Rechner heute, deswegen hab ich mich entschlossen neu zu installieren. Sorry, das ich hier die Pferde scheu gemacht hab. Ich hoffe Ihr habt da nicht schon zu viel Arbeit reingesteckt.

Viele Grüße,
Frank

Alt 22.11.2013, 16:44   #8
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7: merkwürdiges Verhalten (Prozesse beenden sehr langsam, Bildschirmflackern, seltsame Internetverbindung) - Standard

Windows 7: merkwürdiges Verhalten (Prozesse beenden sehr langsam, Bildschirmflackern, seltsame Internetverbindung)


ok
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 7: merkwürdiges Verhalten (Prozesse beenden sehr langsam, Bildschirmflackern, seltsame Internetverbindung)
abbruch, beenden, benachrichtigungsdienst, browser, comodo, dateien, desktop, fehler, gmer, infektion, internetverbindung, ip-hilfsdienst, lag, langsam, lösung, programme, prozesse, rechner, richtlinie, sekunden, speicher, start, strg, svchost, update, verbindung, windows, windows update


« Bundestrojaner? | Häufige Pop-Up-Fenster in Firefox - evtl. Offer Mosquito »


Ähnliche Themen: Windows 7: merkwürdiges Verhalten (Prozesse beenden sehr langsam, Bildschirmflackern, seltsame Internetverbindung)


  1. Windows 7 : Benutzung jeglicher Browser macht alle Prozesse sehr langsam
    Log-Analyse und Auswertung - 03.08.2015 (12)
  2. WINDOWS 7: Rechner sehr langsam, seltsame Einträge in LOG-Files
    Log-Analyse und Auswertung - 09.06.2015 (1)
  3. compatibilitycheck.exe internet sehr langsam kann prozess im task manager nicht beenden
    Log-Analyse und Auswertung - 17.03.2015 (7)
  4. PC Start merkwürdiges Verhalten-geht aus an
    Plagegeister aller Art und deren Bekämpfung - 03.03.2015 (7)
  5. Merkwürdiges Verhalten (z.B. unkontrolliertes Scrollen)
    Log-Analyse und Auswertung - 19.02.2015 (8)
  6. Merkwürdiges Verhalten nach Programminstallation
    Log-Analyse und Auswertung - 21.09.2014 (9)
  7. Isearch AVG Toolbar, merkwürdiges Verhalten
    Plagegeister aller Art und deren Bekämpfung - 25.08.2013 (5)
  8. Merkwürdiges Verhalten bei Laptop-Benutzung im Hotel - Windows Update
    Plagegeister aller Art und deren Bekämpfung - 18.05.2013 (0)
  9. Internetverbindung sehr, sehr langsam - Arbeitsspeicher ausgelastet
    Plagegeister aller Art und deren Bekämpfung - 03.11.2012 (0)
  10. Merkwürdiges Verhalten aber keine Viren
    Log-Analyse und Auswertung - 28.07.2011 (29)
  11. Prozesse doppelt, PC sehr sehr langsam, hängt sich auf, noch zu retten?
    Log-Analyse und Auswertung - 29.06.2010 (2)
  12. Merkwürdiges verhalten Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 30.04.2009 (1)
  13. Merkwürdiges verhalten meines PCs
    Plagegeister aller Art und deren Bekämpfung - 17.08.2008 (2)
  14. Merkwürdiges Keyboard-Verhalten + logfile
    Log-Analyse und Auswertung - 03.01.2008 (3)
  15. PC langsam, Programme reagieren nicht, seltsame Prozesse...
    Plagegeister aller Art und deren Bekämpfung - 24.11.2007 (1)
  16. Merkwürdiges Verhalten von IE 6: Unerwünschte Weiterleitung
    Plagegeister aller Art und deren Bekämpfung - 07.11.2007 (4)
  17. merkwürdiges Verhalten des Browsers
    Log-Analyse und Auswertung - 24.08.2007 (10)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 7: merkwürdiges Verhalten (Prozesse beenden sehr langsam, Bildschirmflackern, seltsame Internetverbindung) - Hallo, vorweg: Vermutlich bin ich nur etwas zu paranoid, aber die Symptome zusammen lassen mich an eine Infektion denken. Was mir bisher aufgefallen ist: Bildschirmflackern: Tritt ab und zu mal - Windows 7: merkwürdiges Verhalten (Prozesse beenden sehr langsam, Bildschirmflackern, seltsame Internetverbindung)...
Archiv
Du betrachtest: Windows 7: merkwürdiges Verhalten (Prozesse beenden sehr langsam, Bildschirmflackern, seltsame Internetverbindung) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129