Win 7; anti virus programme schalten sich ab; internet verbindung spinnt

ivegotnoclue · 02.10.2013, 12:26

Hallo Leute,

vor 2 tagen war ich am online-banking mit FF inner SANDBOX.

Plötzlich meldet sich windows, dass AVAST nicht läuft. ausserdem wurde ich gefragt, ob ich "das ding, das checkt, dass AVAST läuft" (kp wie das hieß) aktivieren möchte.

Achso, und die internetverbindung im gesamten netzwerk war gestört, man konnte sich tw. nur mit google verbinden, aber nicht mit den verlinkten seiten Oo

Ich nutzte COMODO, AVAST, SPYBOT,ADBLOCK und NOSCRIPT zur absicherung.

Da ich sowas (von meinem pc) nicht kenne, hab ich mir natürlich direkt sorgen gemacht...

Also ich alle laufwerke ausser der SSD mitm OS raus,back-up, und SSD mit PARTED MAGIC plattgemacht.

So, windows neu installiert. diesmal mit COMODO, SPYBOT und ANTIVIR statt AVAST.

Zunächst alles OK, heute meldet sich wieder windows, ANTIVIR nicht aktiviert

(wars natürlich) zudem wurde ich dazu aufgefordert das WSCTOOL zu aktivieren (wie zuvor bei COMODO das andere ding).

...und jetzt weiß ich net so wirklich weiter....

Zusätzliche Informationen:
- in den wochen zuvor hat tw. meine FUNKtasta gelaggt (wer weiß...)
- hatte ne amazon spammail im briefkasten, spammails treten inner WG momentan gehäuft auf...
- ansonsten nur Linuxe und 1 XP

im netzwerk

Gedanken:
- infizierter router
- infizierte anderweitige hardware
- infizierter USB-Stick (ggf. korrelation zu den vorfällen)

Hoffe ihr könnt mir helfen,
grüße IGNC

Mist, Logfiles zu groß, sind im Anhang....und nochmal gesplittet dazu.

ivegotnoclue · 02.10.2013, 13:06

FRST

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02
Ran by #0 (administrator) on 0-PC on 02-10-2013 12:04:27
Running from C:\Users\#0\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\D-Link\SharePort Plus\Spnuhelper.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Unified Intents AB) C:\Program Files (x86)\Unified Remote\RemoteServer.exe
(D-Link Corp.) C:\Program Files\D-Link\SharePort Plus\SharePortPlus.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\XMind\XMind.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
(Huawei Technologies Co., Ltd.) C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe
(Axantum Software AB) C:\Program Files\Axantum\AxCrypt\AxCrypt.exe
(Avira Operations GmbH & Co. KG) C:\program files (x86)\avira\antivir desktop\avcenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\#0\Downloads\Defogger.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-08] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1612504 2013-09-24] (COMODO)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
HKCU\...\Run: [zASRockInstantBoot] - [x]
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1814440 2013-09-21] (Valve Corporation)
HKCU\...\Run: [Unified Remote v2] - C:\Program Files (x86)\Unified Remote\RemoteServer.exe [276568 2013-08-15] (Unified Intents AB)
HKCU\...\Run: [HW_OPENEYE_OUC_Mobile Partner] - C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [110592 2009-07-27] (Huawei Technologies Co., Ltd.)
MountPoints2: {85321b15-29ed-11e3-ac8d-806e6f6e6963} - D:\ASRSetup.exe
MountPoints2: {ba898008-2ac5-11e3-bf07-005056c00008} - E:\AutoRun.exe
MountPoints2: {ba898017-2ac5-11e3-bf07-005056c00008} - E:\AutoRun.exe
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
Startup: C:\Users\#0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SharePort Plus.lnk
ShortcutTarget: SharePort Plus.lnk -> C:\Program Files\D-Link\SharePort Plus\SharePortPlus.exe (D-Link Corp.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x386C617EFCBDCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{921BA2AF-9451-4B5E-9111-3E3C84072E67}: [NameServer]156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{FB312251-4243-46A6-B313-A656471C1C5A}: [NameServer]193.189.244.225 193.189.244.206

FireFox:
========
FF ProfilePath: C:\Users\#0\AppData\Roaming\Mozilla\Firefox\Profiles\7zjo6t80.default
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - c:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\#0\AppData\Roaming\Mozilla\Firefox\Profiles\7zjo6t80.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\#0\AppData\Roaming\Mozilla\Firefox\Profiles\7zjo6t80.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Extension: (Google Docs) - C:\Users\#0\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\#0\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\#0\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\#0\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\#0\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\#0\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-30] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-30] (Avira Operations GmbH & Co. KG)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6253640 2013-09-24] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [164056 2013-09-24] (COMODO)
R2 D-Link SharePort Plus Helper; C:\Program Files\D-Link\SharePort Plus\Spnuhelper.exe [49152 2011-03-25] ()
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] ()
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S3 BrYNSvc; "C:\Program Files (x86)\Browny02\BrYNSvc.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-09-30] (Avira Operations GmbH & Co. KG)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-09-24] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [709144 2013-09-24] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48872 2013-09-24] (COMODO)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [96800 2013-09-24] (COMODO)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [303816 2013-07-01] (silex technology, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-08-15] (VMware, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-02 12:04 - 2013-10-02 12:04 - 00377856 _____ C:\Users\#0\Downloads\zcf3iz5b.exe
2013-10-02 12:03 - 2013-10-02 12:03 - 00000000 ____D C:\FRST
2013-10-02 12:02 - 2013-10-02 12:02 - 01953880 _____ (Farbar) C:\Users\#0\Downloads\FRST64.exe
2013-10-02 12:01 - 2013-10-02 12:01 - 00050477 _____ C:\Users\#0\Downloads\Defogger.exe
2013-10-02 12:01 - 2013-10-02 12:01 - 00000466 _____ C:\Users\#0\Downloads\defogger_disable.log
2013-10-02 12:01 - 2013-10-02 12:01 - 00000000 _____ C:\Users\#0\defogger_reenable
2013-10-02 11:12 - 2013-10-02 11:12 - 00231099 _____ C:\Users\1380705144136.log
2013-10-02 11:12 - 2013-10-02 11:12 - 00000588 _____ C:\Users\#0\Desktop\XMind 2012.lnk
2013-10-02 11:11 - 2013-10-02 11:12 - 00000000 ____D C:\XMind
2013-10-02 11:11 - 2013-10-02 11:11 - 00000000 ____D C:\Neuer Ordner
2013-10-02 11:10 - 2013-10-02 11:11 - 34767909 _____ (XMind Ltd.                                                  ) C:\Users\#0\Downloads\xmind-windows-3.3.1.201212250029.exe
2013-10-02 11:08 - 2013-10-02 11:08 - 00000000 ____D C:\Users\#0\Downloads\WW
2013-10-02 11:07 - 2013-10-02 11:07 - 01376768 _____ C:\Users\#0\Downloads\7z920-x64.msi
2013-10-02 11:07 - 2013-10-02 11:07 - 00000000 ____D C:\Program Files\7-Zip
2013-10-02 11:05 - 2013-10-02 11:05 - 21682769 _____ C:\Users\#0\Downloads\WW.rar
2013-10-02 00:47 - 2013-10-01 01:05 - 00449438 _____ C:\Windows\system32\Drivers\etc\hosts.20131002-004721.backup
2013-10-01 23:44 - 2013-10-01 23:44 - 00000000 ____D C:\Users\#0\Desktop\vlc löschen
2013-10-01 23:37 - 2013-10-01 23:42 - 00000000 ____D C:\Users\#0\AppData\Roaming\vlc
2013-10-01 23:36 - 2013-10-01 23:36 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-10-01 23:31 - 2013-10-01 23:35 - 24278649 _____ C:\Users\#0\Downloads\vlc-2.1.0-win32.exe
2013-10-01 21:16 - 2013-10-01 21:16 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-10-01 21:05 - 2013-10-01 21:05 - 00231099 _____ C:\Users\1380654357082.log
2013-10-01 20:41 - 2013-10-02 01:35 - 00000000 ____D C:\Users\#0\AppData\Roaming\TrueCrypt
2013-10-01 20:40 - 2013-10-01 20:40 - 00231376 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2013-10-01 20:40 - 2013-10-01 20:40 - 00000875 _____ C:\Users\Public\Desktop\TrueCrypt.lnk
2013-10-01 20:40 - 2013-10-01 20:40 - 00000000 ____D C:\Program Files\TrueCrypt
2013-10-01 20:37 - 2013-10-01 20:37 - 00000000 ____D C:\Users\#0\AppData\Roaming\Mobile Partner
2013-10-01 20:36 - 2013-10-01 20:36 - 00001079 _____ C:\Users\Public\Desktop\Mobile Partner.lnk
2013-10-01 20:35 - 2013-10-01 20:35 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-10-01 20:35 - 2011-01-30 18:20 - 00212992 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys
2013-10-01 20:35 - 2011-01-30 18:19 - 00098816 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
2013-10-01 20:35 - 2011-01-30 18:19 - 00086016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2013-10-01 20:35 - 2011-01-30 18:19 - 00069632 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys
2013-10-01 20:35 - 2011-01-30 18:19 - 00028672 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
2013-10-01 20:35 - 2010-12-24 11:48 - 00221312 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2013-10-01 20:35 - 2010-12-23 09:48 - 00421376 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbwwan.sys
2013-10-01 20:35 - 2010-10-08 16:59 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2013-10-01 20:35 - 2010-09-26 18:09 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwupgrade.sys
2013-10-01 20:35 - 2010-08-06 07:43 - 01001472 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys
2013-10-01 20:35 - 2010-07-27 09:52 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2013-10-01 20:35 - 2010-03-20 12:06 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2013-10-01 20:35 - 2008-03-27 16:51 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2013-10-01 20:35 - 2008-03-27 16:51 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll
2013-10-01 20:34 - 2013-10-01 20:36 - 00000000 ____D C:\ProgramData\DatacardService
2013-10-01 20:34 - 2013-10-01 20:36 - 00000000 ____D C:\Program Files (x86)\Mobile Partner
2013-10-01 20:18 - 2013-10-01 20:18 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-10-01 13:52 - 2013-10-01 13:52 - 00000000 ____D C:\Users\#0\Desktop\Neuer Ordner
2013-10-01 13:32 - 2013-10-01 13:32 - 00000000 ____D C:\Program Files\Axantum
2013-10-01 13:20 - 2013-10-01 13:20 - 00000000 ____D C:\Users\NoAdmin\AppData\Roaming\IrfanView
2013-10-01 13:15 - 2013-10-01 13:15 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-10-01 01:13 - 2013-10-01 01:13 - 00000000 ____D C:\ProgramData\Brother
2013-10-01 01:05 - 2013-10-01 01:04 - 00449438 ____R C:\Windows\system32\Drivers\etc\hosts.20131001-010546.backup
2013-10-01 01:04 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20131001-010421.backup
2013-10-01 01:02 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20131001-010211.backup
2013-10-01 00:35 - 2013-10-01 00:35 - 00000000 ____D C:\Users\NoAdmin\AppData\Roaming\Avira
2013-10-01 00:31 - 2013-10-01 00:31 - 00000000 ____D C:\Users\NoAdmin\AppData\Roaming\Mozilla
2013-10-01 00:31 - 2013-10-01 00:31 - 00000000 ____D C:\Users\NoAdmin\AppData\Local\Mozilla
2013-10-01 00:21 - 2013-10-01 00:21 - 00000000 ____D C:\Users\#0\Documents\Virtual Machines
2013-10-01 00:03 - 2013-10-01 00:16 - 959447040 _____ C:\Users\#0\Downloads\linuxmint-15-cinnamon-dvd-64bit.iso
2013-09-30 23:43 - 2013-10-02 11:12 - 00000203 _____ C:\Users\org.eclipse.update\platform.xml
2013-09-30 23:43 - 2013-10-02 11:12 - 00000016 _____ C:\Users\org.eclipse.update\last.config.stamp
2013-09-30 23:43 - 2013-10-02 11:12 - 00000000 ____D C:\Users\org.eclipse.update
2013-09-30 23:43 - 2013-10-02 11:12 - 00000000 ____D C:\Users\org.eclipse.osgi\.manager
2013-09-30 23:43 - 2013-10-02 11:12 - 00000000 ____D C:\Users\org.eclipse.equinox.app\.manager
2013-09-30 23:43 - 2013-10-02 11:12 - 00000000 ____D C:\Users\org.eclipse.core.runtime\.manager
2013-09-30 23:43 - 2013-09-30 23:43 - 00514791 _____ C:\Users\org.eclipse.osgi\.lazy.1
2013-09-30 23:43 - 2013-09-30 23:43 - 00286776 _____ C:\Users\org.eclipse.osgi\.bundledata.1
2013-09-30 23:43 - 2013-09-30 23:43 - 00246903 _____ C:\Users\org.eclipse.core.runtime\.mainData.1
2013-09-30 23:43 - 2013-09-30 23:43 - 00231099 _____ C:\Users\1380577386981.log
2013-09-30 23:43 - 2013-09-30 23:43 - 00123943 _____ C:\Users\org.eclipse.osgi\.state.1
2013-09-30 23:43 - 2013-09-30 23:43 - 00056631 _____ C:\Users\org.eclipse.core.runtime\.extraData.1
2013-09-30 23:43 - 2013-09-30 23:43 - 00013739 _____ C:\Users\org.eclipse.core.runtime\.table.1
2013-09-30 23:43 - 2013-09-30 23:43 - 00003120 _____ C:\Users\org.eclipse.core.runtime\.contributors.1
2013-09-30 23:43 - 2013-09-30 23:43 - 00002670 _____ C:\Users\org.eclipse.core.runtime\.namespaces.1
2013-09-30 23:43 - 2013-09-30 23:43 - 00002084 _____ C:\Users\org.eclipse.core.runtime\.contributions.1
2013-09-30 23:43 - 2013-09-30 23:43 - 00000004 _____ C:\Users\org.eclipse.core.runtime\.orphans.1
2013-09-30 23:43 - 2013-09-30 23:43 - 00000000 ____D C:\Users\org.eclipse.osgi
2013-09-30 23:43 - 2013-09-30 23:43 - 00000000 ____D C:\Users\org.eclipse.equinox.app
2013-09-30 23:43 - 2013-09-30 23:43 - 00000000 ____D C:\Users\org.eclipse.core.runtime
2013-09-30 23:42 - 2013-09-30 23:42 - 00477168 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2013-09-30 23:42 - 2013-09-30 23:42 - 00473072 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2013-09-30 23:42 - 2013-09-30 23:42 - 00157680 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2013-09-30 23:42 - 2013-09-30 23:42 - 00149488 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2013-09-30 23:42 - 2013-09-30 23:42 - 00149488 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2013-09-30 23:42 - 2013-09-30 23:42 - 00000000 ____D C:\ProgramData\Sun
2013-09-30 23:42 - 2013-09-30 23:42 - 00000000 ____D C:\Program Files (x86)\Java
2013-09-30 23:41 - 2013-09-30 23:41 - 00000000 ____D C:\Program Files\D-Link
2013-09-30 23:37 - 2013-10-01 00:24 - 00000000 ____D C:\Users\#0\AppData\Local\VMware
2013-09-30 23:37 - 2013-10-01 00:22 - 00000000 ____D C:\Users\#0\AppData\Roaming\VMware
2013-09-30 23:36 - 2013-09-30 23:36 - 00000000 ____D C:\Users\#0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2013-09-30 23:36 - 2013-09-30 23:36 - 00000000 ____D C:\Users\#0\AppData\Roaming\IrfanView
2013-09-30 23:36 - 2013-09-30 23:36 - 00000000 ____D C:\Program Files (x86)\IrfanView
2013-09-30 23:31 - 2013-08-27 12:42 - 00358480 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2013-09-30 23:31 - 2013-08-27 12:42 - 00064080 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2013-09-30 23:31 - 2013-08-27 12:41 - 00032848 _____ (VMware, Inc.) C:\Windows\system32\Drivers\VMkbd.sys
2013-09-30 23:31 - 2013-08-15 18:25 - 00073296 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2013-09-30 23:31 - 2013-08-15 18:25 - 00067664 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2013-09-30 23:31 - 2013-08-15 18:25 - 00063568 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2013-09-30 23:30 - 2013-10-02 11:02 - 00000000 ____D C:\ProgramData\VMware
2013-09-30 23:30 - 2013-09-30 23:30 - 00000000 ____D C:\Program Files\Common Files\VMware
2013-09-30 23:30 - 2013-09-30 23:30 - 00000000 ____D C:\Program Files (x86)\VMware
2013-09-30 23:30 - 2013-08-27 12:42 - 00930384 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2013-09-30 23:30 - 2013-08-27 12:42 - 00437328 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2013-09-30 23:30 - 2013-08-27 12:42 - 00030800 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2013-09-30 23:30 - 2013-08-26 23:33 - 00053816 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2013-09-30 23:29 - 2013-09-30 23:29 - 00000000 ____D C:\Users\#0\AppData\Roaming\Unified Remote
2013-09-30 23:29 - 2013-09-30 23:29 - 00000000 ____D C:\Users\#0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unified Remote
2013-09-30 23:29 - 2013-09-30 23:29 - 00000000 ____D C:\Program Files (x86)\Unified Remote
2013-09-30 22:39 - 2013-10-02 11:44 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-30 22:39 - 2013-10-02 11:02 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-30 22:39 - 2013-09-30 22:40 - 00000000 ____D C:\Users\#0\AppData\Local\Google
2013-09-30 22:39 - 2013-09-30 22:40 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-30 22:39 - 2013-09-30 22:39 - 00004098 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-09-30 22:39 - 2013-09-30 22:39 - 00003846 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-09-30 22:30 - 2013-10-01 00:29 - 00067872 _____ C:\Users\NoAdmin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-30 22:30 - 2013-09-30 22:30 - 00001439 _____ C:\Users\NoAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-30 22:30 - 2013-09-30 22:30 - 00001417 _____ C:\Users\#0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-09-30 22:30 - 2013-09-30 22:30 - 00001405 _____ C:\Users\NoAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-09-30 22:30 - 2013-09-30 22:30 - 00000000 ___RD C:\Users\NoAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-30 22:30 - 2013-09-30 22:30 - 00000000 ___RD C:\Users\NoAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-30 22:29 - 2013-10-01 13:15 - 00000000 ____D C:\Users\NoAdmin
2013-09-30 22:29 - 2013-09-30 22:29 - 00000020 ___SH C:\Users\NoAdmin\ntuser.ini
2013-09-30 22:29 - 2013-09-30 22:29 - 00000000 _SHDL C:\Users\NoAdmin\Vorlagen
2013-09-30 22:29 - 2013-09-30 22:29 - 00000000 _SHDL C:\Users\NoAdmin\Startmenü
2013-09-30 22:29 - 2013-09-30 22:29 - 00000000 _SHDL C:\Users\NoAdmin\Netzwerkumgebung
2013-09-30 22:29 - 2013-09-30 22:29 - 00000000 _SHDL C:\Users\NoAdmin\Lokale Einstellungen
2013-09-30 22:29 - 2013-09-30 22:29 - 00000000 _SHDL C:\Users\NoAdmin\Eigene Dateien
2013-09-30 22:29 - 2013-09-30 22:29 - 00000000 _SHDL C:\Users\NoAdmin\Druckumgebung
2013-09-30 22:29 - 2013-09-30 22:29 - 00000000 _SHDL C:\Users\NoAdmin\Documents\Eigene Musik
2013-09-30 22:29 - 2013-09-30 22:29 - 00000000 _SHDL C:\Users\NoAdmin\Documents\Eigene Bilder
2013-09-30 22:29 - 2013-09-30 22:29 - 00000000 _SHDL C:\Users\NoAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-09-30 22:29 - 2013-09-30 22:29 - 00000000 _SHDL C:\Users\NoAdmin\AppData\Local\Verlauf
2013-09-30 22:29 - 2013-09-30 22:29 - 00000000 _SHDL C:\Users\NoAdmin\AppData\Local\Anwendungsdaten
2013-09-30 22:29 - 2013-09-30 22:29 - 00000000 _SHDL C:\Users\NoAdmin\Anwendungsdaten
2013-09-30 22:29 - 2013-09-30 22:29 - 00000000 ____D C:\Users\NoAdmin\AppData\Local\VirtualStore
2013-09-30 22:29 - 2009-07-14 06:54 - 00000000 ___RD C:\Users\NoAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-09-30 22:29 - 2009-07-14 06:49 - 00000000 ___RD C:\Users\NoAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-09-30 22:26 - 2013-09-30 22:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-09-30 22:26 - 2013-09-30 22:26 - 00000000 ____D C:\Windows\PCHEALTH
2013-09-30 22:23 - 2013-10-01 00:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-30 22:23 - 2013-10-01 00:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-09-30 22:23 - 2013-09-30 22:23 - 00000000 ____D C:\Users\#0\AppData\Local\Microsoft Help
2013-09-30 22:23 - 2013-09-30 22:23 - 00000000 ____D C:\Program Files\Microsoft Office
2013-09-30 22:22 - 2013-09-30 22:22 - 00000000 __RHD C:\MSOCache
2013-09-30 22:04 - 2013-09-30 22:04 - 00000000 ____D C:\ProgramData\CMUV
2013-09-30 21:59 - 2013-10-02 11:03 - 00000000 ____D C:\Program Files (x86)\Steam
2013-09-30 21:57 - 2013-09-30 21:57 - 00001151 _____ C:\Users\NoAdmin\Desktop\DVBViewer TERRATEC Edition.lnk
2013-09-30 21:57 - 2013-09-30 21:57 - 00000000 ____D C:\Program Files (x86)\DVBViewer TERRATEC Edition
2013-09-30 21:56 - 2013-09-30 21:56 - 00000000 ____D C:\Program Files (x86)\TERRATEC
2013-09-30 21:51 - 2013-10-02 11:01 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-30 21:51 - 2013-09-30 21:52 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-09-30 21:51 - 2013-09-30 21:51 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-09-30 21:51 - 2013-09-30 21:51 - 00000000 _SHDL C:\Users\UpdatusUser\Vorlagen
2013-09-30 21:51 - 2013-09-30 21:51 - 00000000 _SHDL C:\Users\UpdatusUser\Startmenü
2013-09-30 21:51 - 2013-09-30 21:51 - 00000000 _SHDL C:\Users\UpdatusUser\Netzwerkumgebung
2013-09-30 21:51 - 2013-09-30 21:51 - 00000000 _SHDL C:\Users\UpdatusUser\Lokale Einstellungen
2013-09-30 21:51 - 2013-09-30 21:51 - 00000000 _SHDL C:\Users\UpdatusUser\Eigene Dateien
2013-09-30 21:51 - 2013-09-30 21:51 - 00000000 _SHDL C:\Users\UpdatusUser\Druckumgebung
2013-09-30 21:51 - 2013-09-30 21:51 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Musik
2013-09-30 21:51 - 2013-09-30 21:51 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Bilder
2013-09-30 21:51 - 2013-09-30 21:51 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-09-30 21:51 - 2013-09-30 21:51 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Verlauf
2013-09-30 21:51 - 2013-09-30 21:51 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2013-09-30 21:51 - 2013-09-30 21:51 - 00000000 _SHDL C:\Users\UpdatusUser\Anwendungsdaten
2013-09-30 21:51 - 2013-09-30 21:51 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-09-30 21:51 - 2009-07-14 06:54 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-09-30 21:51 - 2009-07-14 06:49 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-09-30 21:50 - 2013-09-30 21:52 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-09-30 21:50 - 2013-09-12 10:58 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2013-09-30 21:50 - 2013-09-12 10:58 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2013-09-30 21:50 - 2013-09-12 09:25 - 06599968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-09-30 21:50 - 2013-09-12 09:25 - 03452192 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-09-30 21:50 - 2013-09-12 09:25 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-09-30 21:50 - 2013-09-12 09:25 - 00920864 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-09-30 21:50 - 2013-09-12 09:25 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-09-30 21:50 - 2013-09-12 09:25 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-09-30 21:49 - 2013-09-30 23:30 - 01641574 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-30 21:47 - 2013-09-30 21:47 - 00000000 ____D C:\Users\#0\AppData\Roaming\Avira
2013-09-30 21:45 - 2013-09-30 21:51 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-09-30 21:45 - 2013-09-12 10:58 - 29337376 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-09-30 21:45 - 2013-09-12 10:58 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-09-30 21:45 - 2013-09-12 10:58 - 22102304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-09-30 21:45 - 2013-09-12 10:58 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-09-30 21:45 - 2013-09-12 10:58 - 15703688 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-09-30 21:45 - 2013-09-12 10:58 - 13628208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-09-30 21:45 - 2013-09-12 10:58 - 12947360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-09-30 21:45 - 2013-09-12 10:58 - 11274528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-09-30 21:45 - 2013-09-12 10:58 - 09281032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-09-30 21:45 - 2013-09-12 10:58 - 07720576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-09-30 21:45 - 2013-09-12 10:58 - 07648000 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-09-30 21:45 - 2013-09-12 10:58 - 06329552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-09-30 21:45 - 2013-09-12 10:58 - 02986672 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-09-30 21:45 - 2013-09-12 10:58 - 02970400 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-09-30 21:45 - 2013-09-12 10:58 - 02789152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-09-30 21:45 - 2013-09-12 10:58 - 02630304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-09-30 21:45 - 2013-09-12 10:58 - 02367264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-09-30 21:45 - 2013-09-12 10:58 - 02007328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-09-30 21:45 - 2013-09-12 10:58 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432723.dll
2013-09-30 21:45 - 2013-09-12 10:58 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432723.dll
2013-09-30 21:45 - 2013-09-12 10:58 - 00681760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-09-30 21:45 - 2013-09-12 10:58 - 00603424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-09-30 21:45 - 2013-09-12 10:58 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-09-30 21:45 - 2013-09-12 10:58 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-09-30 21:45 - 2013-09-12 10:58 - 00022814 _____ C:\Windows\system32\nvinfo.pb
2013-09-30 21:45 - 2013-08-20 15:33 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-09-30 21:45 - 2013-08-20 15:32 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-09-30 21:45 - 2013-08-20 15:32 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-09-30 21:42 - 2013-09-30 21:42 - 00000000 ____D C:\ProgramData\Avira
2013-09-30 21:42 - 2013-09-30 21:42 - 00000000 ____D C:\Program Files (x86)\Avira
2013-09-30 21:42 - 2013-09-30 21:41 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-30 21:42 - 2013-09-30 21:41 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-30 21:42 - 2013-09-30 21:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-09-30 21:19 - 2013-09-30 21:19 - 00000000 ____D C:\Users\#0\AppData\Roaming\Adobe
2013-09-30 20:55 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-09-30 20:55 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-09-30 20:51 - 2013-09-30 23:10 - 00006224 _____ C:\Windows\PFRO.log
2013-09-30 20:35 - 2013-09-30 20:35 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-30 20:34 - 2013-09-30 20:40 - 00012296 _____ C:\Windows\IE10_main.log
2013-09-30 20:32 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-30 20:32 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-30 20:32 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-30 20:32 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-30 20:32 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-30 20:32 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-30 20:32 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-30 20:32 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-30 20:32 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-30 20:32 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-30 20:32 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-30 20:32 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-30 20:32 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-30 20:32 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-30 20:32 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-30 20:32 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-30 20:32 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-30 20:32 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-30 20:32 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-30 20:32 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-30 20:32 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-30 20:32 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-30 20:32 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-30 20:32 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-30 20:32 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-30 20:32 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-30 20:32 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-30 20:32 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-30 20:32 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-30 20:32 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-30 20:32 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-09-30 20:32 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-09-30 20:32 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-09-30 20:32 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-09-30 20:32 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-09-30 20:32 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-09-30 20:32 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-09-30 20:32 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-09-30 20:32 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-09-30 20:32 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-09-30 20:32 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-09-30 20:32 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-09-30 20:32 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-09-30 20:32 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-09-30 20:32 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-09-30 20:32 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-09-30 20:32 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-09-30 20:32 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-09-30 20:32 - 2013-04-10 08:01 - 00983400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-09-30 20:32 - 2013-04-10 08:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-09-30 20:32 - 2013-02-27 08:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-09-30 20:32 - 2013-02-27 07:48 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-09-30 20:32 - 2013-02-27 07:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-09-30 20:32 - 2013-02-27 06:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-09-30 20:32 - 2011-02-03 13:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-09-30 20:31 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-30 20:31 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-09-30 20:31 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-09-30 20:31 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-09-30 20:31 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-09-30 20:31 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-09-30 20:31 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-09-30 20:31 - 2012-11-23 05:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-09-30 20:10 - 2013-09-30 20:10 - 17833472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 12335104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-09-30 20:10 - 2013-09-30 20:10 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-09-30 20:10 - 2013-09-30 20:10 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-30 20:10 - 2013-09-30 20:10 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-30 20:10 - 2013-09-30 20:10 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-30 20:10 - 2013-09-30 20:10 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-30 20:10 - 2013-09-30 20:10 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-09-30 20:10 - 2013-09-30 20:10 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-09-30 20:10 - 2013-09-30 20:10 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-30 20:10 - 2013-09-30 20:10 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-09-30 20:10 - 2013-09-30 20:10 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-09-30 20:10 - 2013-09-30 20:10 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-09-30 20:10 - 2013-09-30 20:10 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-09-30 20:10 - 2013-09-30 20:10 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-30 20:10 - 2013-09-30 20:10 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-09-30 20:10 - 2013-09-30 20:10 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-30 20:10 - 2013-09-30 20:10 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-30 20:10 - 2013-09-30 20:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-09-30 20:10 - 2013-09-30 20:10 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-09-30 20:10 - 2013-09-30 20:10 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-30 20:10 - 2013-09-30 20:10 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-09-30 20:10 - 2013-09-30 20:10 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-09-30 20:10 - 2013-09-30 20:10 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-09-30 20:10 - 2013-09-30 20:10 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-09-30 20:10 - 2013-09-30 20:10 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-09-30 20:10 - 2013-09-30 20:10 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-09-30 20:09 - 2013-09-30 20:11 - 00004723 _____ C:\Windows\IE9_main.log
2013-09-30 20:08 - 2013-09-30 20:08 - 00000000 ____D C:\Windows\system32\SPReview
2013-09-30 20:08 - 2013-09-30 20:08 - 00000000 ____D C:\Windows\system32\EventProviders
2013-09-30 20:07 - 2010-11-20 15:44 - 01077248 _____ (Microsoft Corporation) C:\Windows\system32\Narrator.exe
2013-09-30 20:07 - 2010-11-20 15:44 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\NAPHLPR.DLL
2013-09-30 20:07 - 2010-11-20 15:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\NAPCRYPT.DLL
2013-09-30 20:07 - 2010-11-20 15:39 - 05066752 _____ (Microsoft Corporation) C:\Windows\system32\AuthFWSnapin.dll
2013-09-30 20:07 - 2010-11-20 15:34 - 00363392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
2013-09-30 20:07 - 2010-11-20 15:34 - 00295808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2013-09-30 20:07 - 2010-11-20 15:34 - 00215936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2013-09-30 20:07 - 2010-11-20 15:34 - 00071552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2013-09-30 20:07 - 2010-11-20 15:33 - 00951680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-09-30 20:07 - 2010-11-20 15:33 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2013-09-30 20:07 - 2010-11-20 15:33 - 00366976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2013-09-30 20:07 - 2010-11-20 15:33 - 00299392 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2013-09-30 20:07 - 2010-11-20 15:33 - 00289664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2013-09-30 20:07 - 2010-11-20 15:33 - 00273792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2013-09-30 20:07 - 2010-11-20 15:33 - 00263040 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2013-09-30 20:07 - 2010-11-20 15:33 - 00213888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2013-09-30 20:07 - 2010-11-20 15:33 - 00189824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2013-09-30 20:07 - 2010-11-20 15:33 - 00184704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2013-09-30 20:07 - 2010-11-20 15:33 - 00171392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys
2013-09-30 20:07 - 2010-11-20 15:33 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2013-09-30 20:07 - 2010-11-20 15:33 - 00155008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpio.sys
2013-09-30 20:07 - 2010-11-20 15:33 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2013-09-30 20:07 - 2010-11-20 15:33 - 00140672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys
2013-09-30 20:07 - 2010-11-20 15:33 - 00103808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys
2013-09-30 20:07 - 2010-11-20 15:33 - 00094592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2013-09-30 20:07 - 2010-11-20 15:33 - 00078720 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpSAMD.sys
2013-09-30 20:07 - 2010-11-20 15:33 - 00063360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
2013-09-30 20:07 - 2010-11-20 15:33 - 00031104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys
2013-09-30 20:07 - 2010-11-20 15:33 - 00027520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2013-09-30 20:07 - 2010-11-20 15:33 - 00014720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys
2013-09-30 20:07 - 2010-11-20 15:32 - 02217856 _____ (Microsoft Corporation) C:\Windows\system32\bootres.dll
2013-09-30 20:07 - 2010-11-20 15:32 - 00334208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2013-09-30 20:07 - 2010-11-20 15:32 - 00179072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2013-09-30 20:07 - 2010-11-20 15:32 - 00155520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-30 20:07 - 2010-11-20 15:29 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2013-09-30 20:07 - 2010-11-20 15:28 - 00780008 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2013-09-30 20:07 - 2010-11-20 15:28 - 00298104 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2013-09-30 20:07 - 2010-11-20 15:28 - 00223248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-09-30 20:07 - 2010-11-20 15:28 - 00166784 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 14633472 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 03860992 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 03650560 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 03027968 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2013-09-30 20:07 - 2010-11-20 15:27 - 03008000 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 02851840 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 02652160 _____ (Microsoft Corporation) C:\Windows\system32\netshell.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 02543616 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 02314752 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 02262528 _____ (Microsoft Corporation) C:\Windows\system32\SyncCenter.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 02250752 _____ (Microsoft Corporation) C:\Windows\system32\SensorsCpl.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 02223616 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 02193920 _____ (Microsoft Corporation) C:\Windows\system32\themecpl.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 02146816 _____ (Microsoft Corporation) C:\Windows\system32\networkmap.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 02086912 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 02072576 _____ (Microsoft Corporation) C:\Windows\system32\WMPEncEn.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 02018304 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 01911808 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 01900544 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 01808384 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 01753088 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\netcenter.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 01672704 _____ (Microsoft Corporation) C:\Windows\system32\networkexplorer.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 01646080 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 01556992 _____ (Microsoft Corporation) C:\Windows\system32\RacEngn.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 01509888 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\wlanpref.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 01363968 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 01326080 _____ (Microsoft Corporation) C:\Windows\system32\NaturalLanguage6.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 01281024 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 01243136 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2013-09-30 20:07 - 2010-11-20 15:27 - 01212416 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 01197056 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2013-09-30 20:07 - 2010-11-20 15:27 - 01158656 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\sdengin2.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 01098240 _____ (Microsoft Corporation) C:\Windows\system32\Vault.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 01082880 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 01080320 _____ (Microsoft Corporation) C:\Windows\system32\onexui.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 01050624 _____ (Microsoft Corporation) C:\Windows\system32\printui.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 01024512 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 01008128 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2013-09-30 20:07 - 2010-11-20 15:27 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\sqlsrv32.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00933376 _____ (Microsoft Corporation) C:\Windows\system32\SmiEngine.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00898560 _____ (Microsoft Corporation) C:\Windows\system32\OobeFldr.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00867840 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00849920 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00812032 _____ (Microsoft Corporation) C:\Windows\system32\wpccpl.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00800256 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00799744 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00781312 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\sud.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\sdcpl.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00750080 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\odbc32.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00691200 _____ (Microsoft Corporation) C:\Windows\system32\VAN.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00681472 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2013-09-30 20:07 - 2010-11-20 15:27 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\PerfCenterCPL.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00636416 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmdev.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00633344 _____ (Microsoft Corporation) C:\Windows\system32\riched20.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00605696 _____ (Microsoft Corporation) C:\Windows\system32\wmpeffects.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00582656 _____ (Microsoft Corporation) C:\Windows\system32\sxs.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\wiaservc.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00577536 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\mspbda.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\msdri.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00527872 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmnet.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\wmicmiplugin.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\WinSATAPI.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\powercpl.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00481280 _____ (Microsoft Corporation) C:\Windows\system32\wmpps.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\QAGENTRT.DLL
2013-09-30 20:07 - 2010-11-20 15:27 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\wlangpui.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\wiadefui.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\nshipsec.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\shwebsvc.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\sqlcese30.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\spwizeng.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00435712 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceStatus.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00431104 _____ (Microsoft Corporation) C:\Windows\system32\WPDSp.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\termmgr.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00418816 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\prnfldr.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wlanui.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00409600 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\mtxclu.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\shsvcs.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00366080 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00358400 _____ (Microsoft Corporation) C:\Windows\system32\wmpdxm.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\sharemediacpl.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\srchadmin.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\raschap.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00326144 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\netdiagfx.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\tapisrv.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\scansetting.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00300032 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00299520 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\srrstr.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\MSAC3ENC.DLL
2013-09-30 20:07 - 2010-11-20 15:27 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\QAGENT.DLL
2013-09-30 20:07 - 2010-11-20 15:27 - 00264192 _____ (Microsoft Corporation) C:\Windows\system32\upnp.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00263168 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00263168 _____ (Microsoft Corporation) C:\Windows\system32\spwizui.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\wavemsp.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\tcpipcfg.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\qdv.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\spp.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\taskbarcpl.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00238080 _____ (Microsoft Corporation) C:\Windows\system32\mstask.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\onex.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\scecli.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00232448 _____ (Microsoft Corporation) C:\Windows\system32\sppcomapi.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceSyncProvider.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\wmpsrcwp.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\QSHVHOST.DLL
2013-09-30 20:07 - 2010-11-20 15:27 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00221696 _____ (Microsoft Corporation) C:\Windows\system32\OnLineIDCpl.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00217600 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\netiohlp.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\wpdwcn.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\rasppp.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\sysclass.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\syncui.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\netplwiz.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\vdsbas.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\netjoin.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\provsvc.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\prncache.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00182784 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\qcap.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\twext.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\sdrsvc.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00165376 _____ (Microsoft Corporation) C:\Windows\system32\netid.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\ocsetapi.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\prntvpt.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00154624 _____ (Microsoft Corporation) C:\Windows\system32\uxlib.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00153088 _____ (Microsoft Corporation) C:\Windows\system32\remotepg.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00148992 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\recovery.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\mydocs.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\wmpshell.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\shsetup.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\ntlanman.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\srvcli.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\wiavideo.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\QSVRMGMT.DLL
2013-09-30 20:07 - 2010-11-20 15:27 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\thumbcache.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\QUTIL.DLL
2013-09-30 20:07 - 2010-11-20 15:27 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\sppnp.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\regapi.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\nci.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\UserAccountControlSettings.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\QCLIPROV.DLL
2013-09-30 20:07 - 2010-11-20 15:27 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\spbcd.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\tlscsp.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\unimdmat.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\wkscli.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\vfwwdm32.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\rdpd3d.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\samcli.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\ncryptui.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\RpcRtRemote.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\WavDest.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\vss_ps.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\umb.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\rtutils.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\PrintIsolationProxy.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\msasn1.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\vpnikeapi.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\msvidc32.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\shimgvw.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\msdmo.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\netutils.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\msyuv.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\sisbkup.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\syssetup.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\muifontsetup.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\msrle32.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\nrpsrv.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\tsbyuv.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2013-09-30 20:07 - 2010-11-20 15:27 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 04120064 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 03391488 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 03205120 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 02746880 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 02565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 02067456 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 01866240 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 01457664 _____ (Microsoft Corporation) C:\Windows\system32\DxpTaskSync.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 01340416 _____ (Microsoft Corporation) C:\Windows\system32\diagperf.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 01244160 _____ (Microsoft Corporation) C:\Windows\system32\imapi2fs.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\DiagCpl.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 01087488 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 01066496 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00934912 _____ (Microsoft Corporation) C:\Windows\system32\FirewallControlPanel.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00861184 _____ (Microsoft Corporation) C:\Windows\system32\fontext.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-09-30 20:07 - 2010-11-20 15:26 - 00828416 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00777728 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\dsuiext.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00623104 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\ipsmsnap.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00551936 _____ (Microsoft Corporation) C:\Windows\system32\localsec.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCenter.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\imapi2.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2013-09-30 20:07 - 2010-11-20 15:26 - 00495104 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\DXP.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\FXSTIFF.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\drvstore.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00355328 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll

ivegotnoclue · 02.10.2013, 13:07

FRST - Teil 2

Code:

ATTFilter

__ (Microsoft Corporation) C:\Windows\system32\MediaMetadataHandler.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\hgcpl.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00317952 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\dot3ui.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\efscore.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\framedynos.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00282624 _____ (Microsoft Corporation) C:\Windows\system32\iTVData.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00281600 _____ (Microsoft) C:\Windows\system32\DShowRdpFilter.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00281088 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\dxdiagn.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\framedyn.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dot3svc.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00240640 _____ (Microsoft Corporation) C:\Windows\system32\MFPlay.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dskquoui.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\hgprint.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\defaultlocationcpl.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00232448 _____ (Microsoft Corporation) C:\Windows\system32\ListSvc.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairingFolder.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\mprapi.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\iasrad.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\mprddm.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\iasrecst.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\logoncli.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\ifsutil.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\fde.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\dps.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\IPHLPAPI.DLL
2013-09-30 20:07 - 2010-11-20 15:26 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\EhStorAPI.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\dwmredir.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00121344 _____ (Microsoft Corporation) C:\Windows\system32\fphc.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\dnscmmc.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00116224 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\fms.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\dot3msm.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\iasacct.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\KMSVC.DLL
2013-09-30 20:07 - 2010-11-20 15:26 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\Mcx2Svc.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\dot3api.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\hbaapi.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\fdProxy.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\fdeploy.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\dot3cfg.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\iyuv_32.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\lsmproxy.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\luainstall.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\httpapi.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\mimefilt.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\mciqtz32.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\iscsium.dll
2013-09-30 20:07 - 2010-11-20 15:26 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\HotStartUserAgent.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 03957760 _____ (Microsoft Corporation) C:\Windows\system32\WinSAT.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 03745792 _____ (Microsoft Corporation) C:\Windows\system32\accessibilitycpl.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 03524608 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 01975296 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\certmgr.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 01600512 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 01504256 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 01264640 _____ (Microsoft Corporation) C:\Windows\system32\sdclt.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 01065984 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 00958464 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 00897536 _____ (Microsoft Corporation) C:\Windows\system32\azroles.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 00840192 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\ActionCenter.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 00749568 _____ (Microsoft Corporation) C:\Windows\system32\batmeter.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayCpl.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 00705024 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-09-30 20:07 - 2010-11-20 15:25 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\spinstall.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00594432 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00549888 _____ (Microsoft Corporation) C:\Windows\system32\ActionCenterCPL.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 00533504 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\biocpl.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 00472064 _____ (Microsoft Corporation) C:\Windows\system32\azroleui.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 00464384 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\nltest.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00390656 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00349696 _____ (Microsoft Corporation) C:\Windows\system32\slui.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\spreview.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\WindowsAnytimeUpgradeResults.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00293888 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\sethc.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00273920 _____ (Microsoft Corporation) C:\Windows\system32\SndVol.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\taskmgr.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00238080 _____ (Microsoft Corporation) C:\Windows\system32\recdisc.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00213504 _____ (Microsoft Corporation) C:\Windows\system32\ActionQueue.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\PkgMgr.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\ocsetup.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\bcdsrv.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\autoplay.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\net1.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\cabview.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\AuxiliaryDisplayServices.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 00128000 _____ (Microsoft) C:\Windows\system32\Robocopy.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\AxInstSv.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\nslookup.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\cca.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\cabinet.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\amstream.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\setupcl.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\tabcal.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\CertPolEng.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\takeown.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\PnPUnattend.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\tzutil.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\runonce.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\acppage.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\MultiDigiMon.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\cscapi.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\proquota.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\AzSqlExt.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\userinit.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2013-09-30 20:07 - 2010-11-20 15:25 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\BWUnpairElevated.dll
2013-09-30 20:07 - 2010-11-20 15:25 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-09-30 20:07 - 2010-11-20 15:24 - 02872320 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2013-09-30 20:07 - 2010-11-20 15:24 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\mblctr.exe
2013-09-30 20:07 - 2010-11-20 15:24 - 00899584 _____ (Microsoft Corporation) C:\Windows\system32\Bubbles.scr
2013-09-30 20:07 - 2010-11-20 15:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
2013-09-30 20:07 - 2010-11-20 15:24 - 00793088 _____ (Microsoft Corporation) C:\Windows\system32\autoconv.exe
2013-09-30 20:07 - 2010-11-20 15:24 - 00777728 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe
2013-09-30 20:07 - 2010-11-20 15:24 - 00763904 _____ (Microsoft Corporation) C:\Windows\system32\autofmt.exe
2013-09-30 20:07 - 2010-11-20 15:24 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl
2013-09-30 20:07 - 2010-11-20 15:24 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\bthprops.cpl
2013-09-30 20:07 - 2010-11-20 15:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\FXSSVC.exe
2013-09-30 20:07 - 2010-11-20 15:24 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\TabletPC.cpl
2013-09-30 20:07 - 2010-11-20 15:24 - 00653312 _____ (Microsoft Corporation) C:\Windows\system32\lpksetup.exe
2013-09-30 20:07 - 2010-11-20 15:24 - 00606208 _____ (Microsoft Corporation) C:\Windows\system32\dfrgui.exe
2013-09-30 20:07 - 2010-11-20 15:24 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2013-09-30 20:07 - 2010-11-20 15:24 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\main.cpl
2013-09-30 20:07 - 2010-11-20 15:24 - 00477696 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2013-09-30 20:07 - 2010-11-20 15:24 - 00474112 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2013-09-30 20:07 - 2010-11-20 15:24 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2013-09-30 20:07 - 2010-11-20 15:24 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2013-09-30 20:07 - 2010-11-20 15:24 - 00373248 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
2013-09-30 20:07 - 2010-11-20 15:24 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\diskraid.exe
2013-09-30 20:07 - 2010-11-20 15:24 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\eudcedit.exe
2013-09-30 20:07 - 2010-11-20 15:24 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\sysdm.cpl
2013-09-30 20:07 - 2010-11-20 15:24 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2013-09-30 20:07 - 2010-11-20 15:24 - 00345088 _____ (Microsoft Corporation) C:\Windows\system32\cmd.exe
2013-09-30 20:07 - 2010-11-20 15:24 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\lsm.exe
2013-09-30 20:07 - 2010-11-20 15:24 - 00333824 _____ (Microsoft Corporation) C:\Windows\system32\ssText3d.scr
2013-09-30 20:07 - 2010-11-20 15:24 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\unimdm.tsp
2013-09-30 20:07 - 2010-11-20 15:24 - 00300032 _____ (Microsoft Corporation) C:\Windows\system32\msconfig.exe
2013-09-30 20:07 - 2010-11-20 15:24 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\mcbuilder.exe
2013-09-30 20:07 - 2010-11-20 15:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2013-09-30 20:07 - 2010-11-20 15:24 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\Mystify.scr
2013-09-30 20:07 - 2010-11-20 15:24 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\Ribbons.scr
2013-09-30 20:07 - 2010-11-20 15:24 - 00232448 _____ (Microsoft Corporation) C:\Windows\system32\bitsadmin.exe
2013-09-30 20:07 - 2010-11-20 15:24 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\wdmaud.drv
2013-09-30 20:07 - 2010-11-20 15:24 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\VBICodec.ax
2013-09-30 20:07 - 2010-11-20 15:24 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\bcdboot.exe
2013-09-30 20:07 - 2010-11-20 15:24 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\powercfg.cpl
2013-09-30 20:07 - 2010-11-20 15:24 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\diskpart.exe
2013-09-30 20:07 - 2010-11-20 15:24 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\iscsicli.exe
2013-09-30 20:07 - 2010-11-20 15:24 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\MdSched.exe
2013-09-30 20:07 - 2010-11-20 15:24 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\Kswdmcap.ax
2013-09-30 20:07 - 2010-11-20 15:24 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\desk.cpl
2013-09-30 20:07 - 2010-11-20 15:24 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2013-09-30 20:07 - 2010-11-20 15:24 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2013-09-30 20:07 - 2010-11-20 15:24 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\aitagent.exe
2013-09-30 20:07 - 2010-11-20 15:24 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2013-09-30 20:07 - 2010-11-20 15:24 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\kstvtune.ax
2013-09-30 20:07 - 2010-11-20 15:24 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\mobsync.exe
2013-09-30 20:07 - 2010-11-20 15:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\WSTPager.ax
2013-09-30 20:07 - 2010-11-20 15:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\cmstp.exe
2013-09-30 20:07 - 2010-11-20 15:24 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\isoburn.exe
2013-09-30 20:07 - 2010-11-20 15:24 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\findstr.exe
2013-09-30 20:07 - 2010-11-20 15:24 - 00071168 _____ (Microsoft Corporation) C:\Windows\bfsvc.exe
2013-09-30 20:07 - 2010-11-20 15:24 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\ksxbar.ax
2013-09-30 20:07 - 2010-11-20 15:24 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\djoin.exe
2013-09-30 20:07 - 2010-11-20 15:24 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\g711codc.ax
2013-09-30 20:07 - 2010-11-20 15:24 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\ftp.exe
2013-09-30 20:07 - 2010-11-20 15:24 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\vbisurf.ax
2013-09-30 20:07 - 2010-11-20 15:24 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\choice.exe
2013-09-30 20:07 - 2010-11-20 15:02 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2013-09-30 20:07 - 2010-11-20 14:51 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2013-09-30 20:07 - 2010-11-20 14:36 - 00107008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NAPHLPR.DLL
2013-09-30 20:07 - 2010-11-20 14:36 - 00046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NAPCRYPT.DLL
2013-09-30 20:07 - 2010-11-20 14:32 - 05066752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthFWSnapin.dll
2013-09-30 20:07 - 2010-11-20 14:23 - 00144768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 02983424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbon.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 02755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 02202624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsCpl.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 02157568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themecpl.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 02146304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncCenter.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 01712640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsservices.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 01667584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 01624064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPEncEn.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 01363456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 01326592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanpref.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 01227776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 01175040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 01128448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 01115136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RacEngn.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 01003008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMNetMgr.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00933376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Vault.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00902656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2013-09-30 20:07 - 2010-11-20 14:21 - 00782336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00778240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqlsrv32.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00755200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sud.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2013-09-30 20:07 - 2010-11-20 14:21 - 00738816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00638976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VAN.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00626176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00616960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00600064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00560128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2013-09-30 20:07 - 2010-11-20 14:21 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmdev.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00505856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00473600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\riched20.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00458752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00436736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmnet.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00428544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shwebsvc.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00416768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiadefui.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00411648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlangpui.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00410624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\systemcpl.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00410112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanui.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00406528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00380416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sxs.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00372224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\termmgr.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwizeng.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00352256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpeffects.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00351232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00350720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDSp.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00350208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shlwapi.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00346624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00335872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSATAPI.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00328192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsvcs.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00327680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\raschap.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqlcese30.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00307712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srchadmin.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00299520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpdxm.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00276992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00270848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00246272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scansetting.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00242176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tapisrv.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00228352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00222208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wavemsp.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVolSSO.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnp.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00198144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdwcn.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppcomapi.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00186368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpsrcwp.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00181760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tcpipcfg.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasppp.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scecli.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spp.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vdsbas.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\syncui.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remotepg.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twext.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpps.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00134656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxlib.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00113664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsetup.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiavideo.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00108032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00105984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDShServiceObj.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00105472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpshell.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppinst.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srvcli.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00087552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00085504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00085504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\thumbcache.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QUTIL.DLL
2013-09-30 20:07 - 2010-11-20 14:21 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserAccountControlSettings.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\regapi.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tlscsp.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spbcd.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unimdmat.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vfwwdm32.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpd3d.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00051712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsnmp32.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00051712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00051200 _____ (Twain Working Group) C:\Windows\twain_32.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samcli.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wkscli.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RpcRtRemote.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wtsapi32.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtutils.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\utildll.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vpnikeapi.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00019456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sisbkup.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\syssetup.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll
2013-09-30 20:07 - 2010-11-20 14:21 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsbyuv.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 02504192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVCORE.DLL
2013-09-30 20:07 - 2010-11-20 14:20 - 02494464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netshell.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 02130944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\networkmap.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 01750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pnidui.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 01661440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\networkexplorer.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 01644032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcenter.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 01508864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 01160192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 01111552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\onexui.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00932352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00859648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OobeFldr.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00801280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NaturalLanguage6.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00656384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00600576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PerfCenterCPL.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbc32.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00563712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00547840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceApi.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powercpl.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceStatus.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00406528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00395264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnfldr.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00346112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshipsec.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00324608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00283136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdv.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00236544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00225792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netdiagfx.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OnLineIDCpl.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\onex.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00190976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qcap.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00183296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceSyncProvider.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netplwiz.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00174592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ocsetapi.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QAGENT.DLL
2013-09-30 20:07 - 2010-11-20 14:20 - 00167936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSHVHOST.DLL
2013-09-30 20:07 - 2010-11-20 14:20 - 00166400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netiohlp.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00165376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\provsvc.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netjoin.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00136192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mydocs.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prntvpt.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netid.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prncache.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSVRMGMT.DLL
2013-09-30 20:07 - 2010-11-20 14:20 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nci.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olethk32.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QCLIPROV.DLL
2013-09-30 20:07 - 2010-11-20 14:20 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntlanman.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptui.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
2013-09-30 20:07 - 2010-11-20 14:20 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netutils.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 03207680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 02341376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 02151936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcndmgr.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 01698816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 01493504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00954752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc40.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00954288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc40u.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00856576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallControlPanel.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00830464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2013-09-30 20:07 - 2010-11-20 14:19 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontext.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00732160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imapi2fs.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00592384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00488448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00429056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\localsec.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00400896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ipsmsnap.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00392192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imapi2.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00320512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxclu.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00320512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hgcpl.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprddm.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MediaMetadataHandler.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00257024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00232448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00226304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSAC3ENC.DLL
2013-09-30 20:07 - 2010-11-20 14:19 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iTVData.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-09-30 20:07 - 2010-11-20 14:19 - 00213504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MMDevAPI.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstask.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedynos.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00202752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedyn.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFPlay.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasrad.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00167936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msutb.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprapi.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00148992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ifsutil.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logoncli.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00124416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fde.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasrecst.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvfw32.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IPHLPAPI.DLL
2013-09-30 20:07 - 2010-11-20 14:19 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\migisol.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fphc.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00093696 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\SysWOW64\fms.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mciavi32.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasacct.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hbaapi.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdeploy.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iyuv_32.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00042496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mimefilt.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\httpapi.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msasn1.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvidc32.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsium.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msyuv.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lsmproxy.dll
2013-09-30 20:07 - 2010-11-20 14:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrle32.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 03727872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\accessibilitycpl.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 02522624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 01828352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 01555456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certmgr.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 01400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DxpTaskSync.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 01371136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 01334272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 01040384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Display.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 01003520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00854016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00762880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\azroles.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00744448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActionCenter.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00743424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00740864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\batmeter.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00685056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsuiext.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuxiliaryDisplayCpl.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00630784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXPTaskRingtone.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00537600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActionCenterCPL.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00484864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceCenter.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00402944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00333824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3ui.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvstore.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00314368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\azroleui.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00257024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpx.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00252928 _____ (Microsoft) C:\Windows\SysWOW64\DShowRdpFilter.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00243712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\audiodev.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00242176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00222208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\defaultlocationcpl.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00211456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairingFolder.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiagn.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00205312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\efscore.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00202752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\activeds.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dskquoui.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsldp.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autoplay.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00132608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cabview.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00128512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EhStorAPI.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3msm.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscmmc.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\avifil32.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3api.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3cfg.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\amstream.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cca.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertPolEng.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\acppage.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscapi.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00028160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzSqlExt.dll
2013-09-30 20:07 - 2010-11-20 14:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2013-09-30 20:07 - 2010-11-20 14:17 - 02616320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00586752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfrgui.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00327680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimserv.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00322048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00314368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVol.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00303104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00302592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00288256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eudcedit.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00280064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00276480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskraid.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sethc.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00227328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskmgr.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mcbuilder.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PkgMgr.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00197632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ocsetup.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsicli.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\net1.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskpart.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00113152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupugc.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00098816 _____ (Microsoft) C:\Windows\SysWOW64\Robocopy.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nslookup.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logagent.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\isoburn.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmstp.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MuiUnattend.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\w32tm.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\findstr.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\takeown.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\runonce.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzutil.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00042496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ftp.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\proquota.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userinit.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netiougc.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2013-09-30 20:07 - 2010-11-20 14:17 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgentc.exe
2013-09-30 20:07 - 2010-11-20 14:16 - 00905216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl
2013-09-30 20:07 - 2010-11-20 14:16 - 00878592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Bubbles.scr
2013-09-30 20:07 - 2010-11-20 14:16 - 00776192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2013-09-30 20:07 - 2010-11-20 14:16 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bthprops.cpl
2013-09-30 20:07 - 2010-11-20 14:16 - 00679424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autoconv.exe
2013-09-30 20:07 - 2010-11-20 14:16 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe
2013-09-30 20:07 - 2010-11-20 14:16 - 00658944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autofmt.exe
2013-09-30 20:07 - 2010-11-20 14:16 - 00649216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl
2013-09-30 20:07 - 2010-11-20 14:16 - 00516096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\main.cpl
2013-09-30 20:07 - 2010-11-20 14:16 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2013-09-30 20:07 - 2010-11-20 14:16 - 00413696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
2013-09-30 20:07 - 2010-11-20 14:16 - 00389632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2013-09-30 20:07 - 2010-11-20 14:16 - 00345088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2013-09-30 20:07 - 2010-11-20 14:16 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysdm.cpl
2013-09-30 20:07 - 2010-11-20 14:16 - 00320000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2013-09-30 20:07 - 2010-11-20 14:16 - 00293888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ssText3d.scr
2013-09-30 20:07 - 2010-11-20 14:16 - 00281088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unimdm.tsp
2013-09-30 20:07 - 2010-11-20 14:16 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mystify.scr
2013-09-30 20:07 - 2010-11-20 14:16 - 00220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Ribbons.scr
2013-09-30 20:07 - 2010-11-20 14:16 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2013-09-30 20:07 - 2010-11-20 14:16 - 00186368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bitsadmin.exe
2013-09-30 20:07 - 2010-11-20 14:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdmaud.drv
2013-09-30 20:07 - 2010-11-20 14:16 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VBICodec.ax
2013-09-30 20:07 - 2010-11-20 14:16 - 00142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powercfg.cpl
2013-09-30 20:07 - 2010-11-20 14:16 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\desk.cpl
2013-09-30 20:07 - 2010-11-20 14:16 - 00107008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Kswdmcap.ax
2013-09-30 20:07 - 2010-11-20 14:16 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kstvtune.ax
2013-09-30 20:07 - 2010-11-20 14:16 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSTPager.ax
2013-09-30 20:07 - 2010-11-20 14:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksxbar.ax
2013-09-30 20:07 - 2010-11-20 14:08 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2013-09-30 20:07 - 2010-11-20 14:08 - 00311296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-09-30 20:07 - 2010-11-20 14:00 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2013-09-30 20:07 - 2010-11-20 13:07 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-09-30 20:07 - 2010-11-20 13:05 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\rdpdd.dll
2013-09-30 20:07 - 2010-11-20 13:04 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-09-30 20:07 - 2010-11-20 12:52 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys
2013-09-30 20:07 - 2010-11-20 12:52 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
2013-09-30 20:07 - 2010-11-20 12:52 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
2013-09-30 20:07 - 2010-11-20 12:52 - 00111104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys
2013-09-30 20:07 - 2010-11-20 12:52 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2013-09-30 20:07 - 2010-11-20 12:52 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys
2013-09-30 20:07 - 2010-11-20 12:52 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2013-09-30 20:07 - 2010-11-20 12:51 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2013-09-30 20:07 - 2010-11-20 12:51 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-09-30 20:07 - 2010-11-20 12:50 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys
2013-09-30 20:07 - 2010-11-20 12:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2013-09-30 20:07 - 2010-11-20 12:44 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-09-30 20:07 - 2010-11-20 12:44 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-09-30 20:07 - 2010-11-20 12:44 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys
2013-09-30 20:07 - 2010-11-20 12:44 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-09-30 20:07 - 2010-11-20 12:44 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2013-09-30 20:07 - 2010-11-20 12:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys
2013-09-30 20:07 - 2010-11-20 12:43 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-09-30 20:07 - 2010-11-20 12:43 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-09-30 20:07 - 2010-11-20 12:43 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys
2013-09-30 20:07 - 2010-11-20 12:33 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2013-09-30 20:07 - 2010-11-20 11:27 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2013-09-30 20:07 - 2010-11-20 11:26 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2013-09-30 20:07 - 2010-11-20 11:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-09-30 20:07 - 2010-11-20 11:25 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2013-09-30 20:07 - 2010-11-20 11:23 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2013-09-30 20:07 - 2010-11-20 11:21 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2013-09-30 20:07 - 2010-11-20 05:52 - 00419880 _____ C:\Windows\SysWOW64\locale.nls
2013-09-30 20:07 - 2010-11-20 05:52 - 00419880 _____ C:\Windows\system32\locale.nls
2013-09-30 20:07 - 2010-11-05 04:20 - 00347904 _____ C:\Windows\system32\systemsf.ebd
2013-09-30 20:07 - 2010-11-05 04:11 - 00433512 _____ (Microsoft Corporation) C:\Windows\system32\MCEWMDRMNDBootstrap.dll
2013-09-30 20:07 - 2010-11-05 04:11 - 00312168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCEWMDRMNDBootstrap.dll
2013-09-30 20:07 - 2010-11-05 03:58 - 01130824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2013-09-30 20:07 - 2010-11-05 03:58 - 00297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2013-09-30 20:07 - 2010-11-05 03:58 - 00155472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2013-09-30 20:07 - 2010-11-05 03:58 - 00080720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2013-09-30 20:07 - 2010-11-05 03:58 - 00049488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2013-09-30 20:07 - 2010-11-05 03:57 - 01942856 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2013-09-30 20:07 - 2010-11-05 03:57 - 00444752 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2013-09-30 20:07 - 2010-11-05 03:57 - 00154960 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2013-09-30 20:07 - 2010-11-05 03:57 - 00048976 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2013-09-30 20:07 - 2010-11-05 03:53 - 00320352 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2013-09-30 20:07 - 2010-11-05 03:53 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2013-09-30 20:07 - 2010-11-05 03:53 - 00109928 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2013-09-30 20:07 - 2010-11-05 03:53 - 00099176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
2013-09-30 20:07 - 2009-07-14 03:16 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tcpmonui.dll
2013-09-30 20:06 - 2010-11-20 15:27 - 00529408 _____ (Microsoft Corporation) C:\Windows\system32\wbemcomn.dll
2013-09-30 20:06 - 2010-11-20 15:27 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\sqmapi.dll
2013-09-30 20:06 - 2010-11-20 15:27 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\napdsnap.dll
2013-09-30 20:06 - 2010-11-20 15:27 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\odbcconf.dll
2013-09-30 20:06 - 2010-11-20 15:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\wshbth.dll
2013-09-30 20:06 - 2010-11-20 15:27 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2013-09-30 20:06 - 2010-11-20 15:27 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\wdiasqmmodule.dll
2013-09-30 20:06 - 2010-11-20 15:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\profprov.dll
2013-09-30 20:06 - 2010-11-20 15:27 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\shgina.dll
2013-09-30 20:06 - 2010-11-20 15:27 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\wsdchngr.dll
2013-09-30 20:06 - 2010-11-20 15:27 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\schedcli.dll
2013-09-30 20:06 - 2010-11-20 15:27 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\rdprefdrvapi.dll
2013-09-30 20:06 - 2010-11-20 15:27 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\TRAPI.dll
2013-09-30 20:06 - 2010-11-20 15:27 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\spopk.dll
2013-09-30 20:06 - 2010-11-20 15:27 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wshirda.dll
2013-09-30 20:06 - 2010-11-20 15:27 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\shunimpl.dll
2013-09-30 20:06 - 2010-11-20 15:27 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\riched32.dll
2013-09-30 20:06 - 2010-11-20 15:27 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\rdpcfgex.dll
2013-09-30 20:06 - 2010-11-20 15:27 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2013-09-30 20:06 - 2010-11-20 15:27 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2013-09-30 20:06 - 2010-11-20 15:27 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2013-09-30 20:06 - 2010-11-20 15:26 - 00399872 _____ (Microsoft Corporation) C:\Windows\system32\dpx.dll
2013-09-30 20:06 - 2010-11-20 15:26 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\inetmib1.dll
2013-09-30 20:06 - 2010-11-20 15:26 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\FXSMON.dll
2013-09-30 20:06 - 2010-11-20 15:26 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dsauth.dll
2013-09-30 20:06 - 2010-11-20 15:26 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\elsTrans.dll
2013-09-30 20:06 - 2010-11-20 15:25 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\repair-bde.exe
2013-09-30 20:06 - 2010-11-20 15:25 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\cscdll.dll
2013-09-30 20:06 - 2010-11-20 15:25 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\bitsperf.dll
2013-09-30 20:06 - 2010-11-20 15:25 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\browseui.dll
2013-09-30 20:06 - 2010-11-20 15:25 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\C_ISCII.DLL
2013-09-30 20:06 - 2010-11-20 15:24 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\manage-bde.exe
2013-09-30 20:06 - 2010-11-20 15:24 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\LogonUI.exe
2013-09-30 20:06 - 2010-11-20 15:24 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\FXSUNATD.exe
2013-09-30 20:06 - 2010-11-20 15:24 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2013-09-30 20:06 - 2010-11-20 15:16 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-09-30 20:06 - 2010-11-20 15:15 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2013-09-30 20:06 - 2010-11-20 15:14 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwizres.dll
2013-09-30 20:06 - 2010-11-20 15:13 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\RDPENCDD.dll
2013-09-30 20:06 - 2010-11-20 15:13 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2013-09-30 20:06 - 2010-11-20 15:12 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\pifmgr.dll
2013-09-30 20:06 - 2010-11-20 15:02 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2013-09-30 20:06 - 2010-11-20 15:02 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\KBDTUQ.DLL
2013-09-30 20:06 - 2010-11-20 15:02 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\KBDTUF.DLL
2013-09-30 20:06 - 2010-11-20 15:02 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\KBDSG.DLL
2013-09-30 20:06 - 2010-11-20 15:02 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\kbdlk41a.dll
2013-09-30 20:06 - 2010-11-20 15:02 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\KBDGKL.DLL
2013-09-30 20:06 - 2010-11-20 15:02 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\KBDCZ1.DLL
2013-09-30 20:06 - 2010-11-20 15:02 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDSF.DLL
2013-09-30 20:06 - 2010-11-20 15:02 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDPO.DLL
2013-09-30 20:06 - 2010-11-20 15:02 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDNEPR.DLL
2013-09-30 20:06 - 2010-11-20 15:02 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDINTAM.DLL
2013-09-30 20:06 - 2010-11-20 15:02 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDINBEN.DLL
2013-09-30 20:06 - 2010-11-20 15:02 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\KBDGR1.DLL
2013-09-30 20:06 - 2010-11-20 15:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDUS.DLL
2013-09-30 20:06 - 2010-11-20 15:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDUGHR1.DLL
2013-09-30 20:06 - 2010-11-20 15:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTURME.DLL
2013-09-30 20:06 - 2010-11-20 15:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAJIK.DLL
2013-09-30 20:06 - 2010-11-20 15:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDMON.DLL
2013-09-30 20:06 - 2010-11-20 15:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDMAORI.DLL
2013-09-30 20:06 - 2010-11-20 15:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDLT1.DLL
2013-09-30 20:06 - 2010-11-20 15:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINTEL.DLL
2013-09-30 20:06 - 2010-11-20 15:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINORI.DLL
2013-09-30 20:06 - 2010-11-20 15:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINMAR.DLL
2013-09-30 20:06 - 2010-11-20 15:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINKAN.DLL
2013-09-30 20:06 - 2010-11-20 15:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDINHIN.DLL
2013-09-30 20:06 - 2010-11-20 15:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBULG.DLL
2013-09-30 20:06 - 2010-11-20 15:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBLR.DLL
2013-09-30 20:06 - 2010-11-20 15:02 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2013-09-30 20:06 - 2010-11-20 15:02 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDGEO.DLL
2013-09-30 20:06 - 2010-11-20 14:54 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\BlbEvents.dll
2013-09-30 20:06 - 2010-11-20 14:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-ums-l1-1-0.dll
2013-09-30 20:06 - 2010-11-20 14:21 - 00363008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wbemcomn.dll
2013-09-30 20:06 - 2010-11-20 14:21 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdscore.dll
2013-09-30 20:06 - 2010-11-20 14:21 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqmapi.dll
2013-09-30 20:06 - 2010-11-20 14:21 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshbth.dll
2013-09-30 20:06 - 2010-11-20 14:21 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimgvw.dll
2013-09-30 20:06 - 2010-11-20 14:21 - 00027648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2013-09-30 20:06 - 2010-11-20 14:21 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsdchngr.dll
2013-09-30 20:06 - 2010-11-20 14:21 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TRAPI.dll
2013-09-30 20:06 - 2010-11-20 14:21 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdprefdrvapi.dll
2013-09-30 20:06 - 2010-11-20 14:21 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shgina.dll
2013-09-30 20:06 - 2010-11-20 14:21 - 00019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spopk.dll
2013-09-30 20:06 - 2010-11-20 14:21 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schedcli.dll
2013-09-30 20:06 - 2010-11-20 14:21 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshirda.dll
2013-09-30 20:06 - 2010-11-20 14:21 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shunimpl.dll
2013-09-30 20:06 - 2010-11-20 14:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2013-09-30 20:06 - 2010-11-20 14:21 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\riched32.dll
2013-09-30 20:06 - 2010-11-20 14:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2013-09-30 20:06 - 2010-11-20 14:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2013-09-30 20:06 - 2010-11-20 14:20 - 00121344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2013-09-30 20:06 - 2010-11-20 14:20 - 00068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\napdsnap.dll
2013-09-30 20:06 - 2010-11-20 14:20 - 00040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcconf.dll
2013-09-30 20:06 - 2010-11-20 14:20 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfts.dll
2013-09-30 20:06 - 2010-11-20 14:20 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2013-09-30 20:06 - 2010-11-20 14:19 - 00082944 _____ (Radius Inc.) C:\Windows\SysWOW64\iccvid.dll
2013-09-30 20:06 - 2010-11-20 14:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetmib1.dll
2013-09-30 20:06 - 2010-11-20 14:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\luainstall.dll
2013-09-30 20:06 - 2010-11-20 14:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mciqtz32.dll
2013-09-30 20:06 - 2010-11-20 14:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdmo.dll
2013-09-30 20:06 - 2010-11-20 14:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\muifontsetup.dll
2013-09-30 20:06 - 2010-11-20 14:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cabinet.dll
2013-09-30 20:06 - 2010-11-20 14:18 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsauth.dll
2013-09-30 20:06 - 2010-11-20 14:18 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscdll.dll
2013-09-30 20:06 - 2010-11-20 14:18 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elsTrans.dll
2013-09-30 20:06 - 2010-11-20 14:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bitsperf.dll
2013-09-30 20:06 - 2010-11-20 14:18 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\C_ISCII.DLL
2013-09-30 20:06 - 2010-11-20 14:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browseui.dll
2013-09-30 20:06 - 2010-11-20 14:17 - 00101376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mobsync.exe
2013-09-30 20:06 - 2010-11-20 14:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unlodctr.exe
2013-09-30 20:06 - 2010-11-20 14:17 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2013-09-30 20:06 - 2010-11-20 14:16 - 00045568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\g711codc.ax
2013-09-30 20:06 - 2010-11-20 14:16 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbisurf.ax
2013-09-30 20:06 - 2010-11-20 14:08 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-09-30 20:06 - 2010-11-20 14:08 - 00119808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imm32.dll
2013-09-30 20:06 - 2010-11-20 14:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTUQ.DLL
2013-09-30 20:06 - 2010-11-20 14:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTUF.DLL
2013-09-30 20:06 - 2010-11-20 14:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDSG.DLL
2013-09-30 20:06 - 2010-11-20 14:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdlk41a.dll
2013-09-30 20:06 - 2010-11-20 14:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDGR1.DLL
2013-09-30 20:06 - 2010-11-20 14:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDGKL.DLL
2013-09-30 20:06 - 2010-11-20 14:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDCZ1.DLL
2013-09-30 20:06 - 2010-11-20 14:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDSF.DLL
2013-09-30 20:06 - 2010-11-20 14:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDPO.DLL
2013-09-30 20:06 - 2010-11-20 14:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDNEPR.DLL
2013-09-30 20:06 - 2010-11-20 14:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTAM.DLL
2013-09-30 20:06 - 2010-11-20 14:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINORI.DLL
2013-09-30 20:06 - 2010-11-20 14:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINMAR.DLL
2013-09-30 20:06 - 2010-11-20 14:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINKAN.DLL
2013-09-30 20:06 - 2010-11-20 14:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINHIN.DLL
2013-09-30 20:06 - 2010-11-20 14:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBEN.DLL
2013-09-30 20:06 - 2010-11-20 14:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDUS.DLL
2013-09-30 20:06 - 2010-11-20 14:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDUGHR1.DLL
2013-09-30 20:06 - 2010-11-20 14:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTURME.DLL
2013-09-30 20:06 - 2010-11-20 14:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAJIK.DLL
2013-09-30 20:06 - 2010-11-20 14:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDMON.DLL
2013-09-30 20:06 - 2010-11-20 14:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDMAORI.DLL
2013-09-30 20:06 - 2010-11-20 14:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDLT1.DLL
2013-09-30 20:06 - 2010-11-20 14:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTEL.DLL
2013-09-30 20:06 - 2010-11-20 14:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDGEO.DLL
2013-09-30 20:06 - 2010-11-20 14:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBULG.DLL
2013-09-30 20:06 - 2010-11-20 14:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBLR.DLL
2013-09-30 20:06 - 2010-11-20 14:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2013-09-30 20:06 - 2010-11-20 14:07 - 01164800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll
2013-09-30 20:06 - 2010-11-20 14:07 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwizres.dll
2013-09-30 20:06 - 2010-11-20 14:06 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2013-09-30 20:06 - 2010-11-20 14:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pifmgr.dll
2013-09-30 20:06 - 2010-11-20 14:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2013-09-30 20:06 - 2010-11-20 13:37 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbrpm.sys
2013-09-30 20:06 - 2010-11-20 12:44 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2013-09-30 20:06 - 2010-11-20 12:44 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys
2013-09-30 20:06 - 2010-11-20 12:43 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2013-09-30 20:06 - 2010-11-20 12:43 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2013-09-30 20:06 - 2010-11-20 12:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2013-09-30 20:06 - 2010-11-20 12:42 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2013-09-30 20:06 - 2010-11-20 12:34 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys
2013-09-30 20:06 - 2010-11-20 12:33 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CompositeBus.sys
2013-09-30 20:06 - 2010-11-20 12:33 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2013-09-30 20:06 - 2010-11-20 12:14 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2013-09-30 20:06 - 2010-11-20 12:09 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys
2013-09-30 20:06 - 2010-11-20 12:04 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2013-09-30 20:06 - 2010-11-20 11:30 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpipmi.sys
2013-09-30 20:06 - 2010-11-20 11:26 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2013-09-30 20:06 - 2010-11-20 11:22 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys
2013-09-30 20:06 - 2010-11-20 11:19 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys
2013-09-30 20:06 - 2010-11-10 03:48 - 00010429 _____ C:\Windows\system32\ScavengeSpace.xml
2013-09-30 20:06 - 2010-11-05 04:20 - 00105559 _____ C:\Windows\SysWOW64\RacRules.xml
2013-09-30 20:06 - 2010-11-05 04:20 - 00105559 _____ C:\Windows\system32\RacRules.xml
2013-09-30 20:06 - 2009-06-10 23:39 - 00001041 _____ C:\Windows\SysWOW64\tcpbidi.xml
2013-09-30 19:47 - 2013-09-30 19:48 - 00000000 ____D C:\Windows\system32\MRT
2013-09-30 19:47 - 2013-09-01 17:08 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-30 19:39 - 2013-09-30 19:39 - 00000000 ____D C:\NVIDIA
2013-09-30 19:36 - 2010-02-23 10:16 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2013-09-30 19:31 - 2012-12-16 19:11 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-09-30 19:31 - 2012-12-16 16:45 - 00367616 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-09-30 19:31 - 2012-12-16 16:13 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-09-30 19:31 - 2012-12-16 16:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-09-30 19:31 - 2010-09-30 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-09-30 19:31 - 2010-09-30 08:47 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-09-30 19:29 - 2013-09-30 18:36 - 00000000 ____D C:\Windows\Panther
2013-09-30 19:28 - 2012-03-01 08:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2013-09-30 19:28 - 2012-03-01 08:33 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-09-30 19:28 - 2012-03-01 08:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2013-09-30 19:28 - 2012-03-01 07:33 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-09-30 19:28 - 2012-03-01 07:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2013-09-30 19:26 - 2013-02-15 08:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-09-30 19:26 - 2013-02-15 08:06 - 03717632 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-09-30 19:26 - 2013-02-15 08:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-09-30 19:26 - 2013-02-15 06:37 - 03217408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-09-30 19:26 - 2013-02-15 06:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-09-30 19:26 - 2013-02-15 05:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-09-30 19:26 - 2011-11-17 08:35 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2013-09-30 19:26 - 2011-11-17 07:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2013-09-30 19:26 - 2011-10-26 07:25 - 01572864 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2013-09-30 19:26 - 2011-10-26 07:25 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2013-09-30 19:26 - 2011-10-26 06:32 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2013-09-30 19:26 - 2011-10-26 06:32 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-09-30 19:26 - 2011-07-09 04:46 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2013-09-30 19:26 - 2011-06-15 12:02 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll
2013-09-30 19:26 - 2011-06-15 12:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll
2013-09-30 19:26 - 2011-06-15 12:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll
2013-09-30 19:26 - 2011-06-15 12:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll
2013-09-30 19:26 - 2011-06-15 10:55 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2013-09-30 19:26 - 2011-06-15 10:55 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2013-09-30 19:26 - 2011-06-15 10:55 - 00122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2013-09-30 19:26 - 2011-06-15 10:55 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2013-09-30 19:26 - 2011-06-15 10:55 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2013-09-30 19:26 - 2011-04-27 04:40 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2013-09-30 19:26 - 2011-04-27 04:39 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2013-09-30 19:26 - 2011-04-09 08:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2013-09-30 19:26 - 2011-04-09 07:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2013-09-30 19:26 - 2010-12-23 12:42 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2013-09-30 19:26 - 2010-12-23 12:42 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2013-09-30 19:26 - 2010-12-23 12:36 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2013-09-30 19:26 - 2010-12-23 07:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2013-09-30 19:26 - 2010-12-23 07:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2013-09-30 19:26 - 2010-12-23 07:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2013-09-30 19:25 - 2013-04-12 16:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-09-30 19:25 - 2013-01-03 08:00 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-09-30 19:25 - 2012-08-22 20:12 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-09-30 19:25 - 2012-06-06 08:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2013-09-30 19:25 - 2012-06-06 07:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2013-09-30 19:25 - 2012-06-02 07:50 - 00458704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-09-30 19:25 - 2012-06-02 07:48 - 00151920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-09-30 19:25 - 2012-06-02 07:48 - 00095600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-09-30 19:25 - 2012-06-02 07:45 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-09-30 19:25 - 2012-06-02 06:40 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-09-30 19:25 - 2012-06-02 06:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-09-30 19:25 - 2012-06-02 06:34 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-09-30 19:25 - 2012-04-28 05:55 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2013-09-30 19:25 - 2011-11-17 08:35 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-09-30 19:25 - 2011-11-17 08:35 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-09-30 19:25 - 2011-11-17 08:35 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-09-30 19:25 - 2011-11-17 08:35 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-09-30 19:25 - 2011-11-17 08:33 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-09-30 19:25 - 2011-04-29 05:06 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2013-09-30 19:25 - 2011-04-29 05:05 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2013-09-30 19:25 - 2011-04-29 05:05 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2013-09-30 19:24 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023x.sys
2013-09-30 19:24 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-09-30 19:24 - 2012-11-20 07:48 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-09-30 19:24 - 2012-11-20 06:51 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-09-30 19:24 - 2012-11-02 07:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2013-09-30 19:24 - 2012-11-02 07:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2013-09-30 19:24 - 2012-11-01 07:43 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2013-09-30 19:24 - 2012-11-01 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2013-09-30 19:24 - 2012-11-01 06:47 - 01389568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-09-30 19:24 - 2012-11-01 06:47 - 01236992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-09-30 19:24 - 2012-09-26 00:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2013-09-30 19:24 - 2012-09-26 00:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2013-09-30 19:24 - 2012-08-11 02:56 - 00715776 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-09-30 19:24 - 2012-08-11 01:56 - 00542208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-09-30 19:24 - 2012-07-05 00:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2013-09-30 19:24 - 2012-07-05 00:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2013-09-30 19:24 - 2012-07-05 00:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2013-09-30 19:24 - 2012-07-04 23:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2013-09-30 19:24 - 2012-07-04 23:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2013-09-30 19:24 - 2012-07-04 22:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rndismpx.sys
2013-09-30 19:24 - 2012-05-14 07:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-09-30 19:24 - 2012-04-26 07:41 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2013-09-30 19:24 - 2012-04-26 07:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2013-09-30 19:24 - 2012-04-26 07:34 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2013-09-30 19:24 - 2012-03-17 09:58 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2013-09-30 19:24 - 2011-12-28 05:59 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-09-30 19:24 - 2011-12-16 10:46 - 00634880 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2013-09-30 19:24 - 2011-12-16 09:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2013-09-30 19:24 - 2011-11-19 16:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2013-09-30 19:24 - 2011-11-19 16:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2013-09-30 19:24 - 2011-10-15 08:31 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2013-09-30 19:24 - 2011-10-15 07:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2013-09-30 19:24 - 2011-08-27 07:37 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-09-30 19:24 - 2011-08-27 07:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2013-09-30 19:24 - 2011-08-27 06:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-09-30 19:24 - 2011-08-27 06:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2013-09-30 19:24 - 2011-08-17 07:26 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2013-09-30 19:24 - 2011-08-17 07:25 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2013-09-30 19:24 - 2011-08-17 06:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2013-09-30 19:24 - 2011-08-17 06:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2013-09-30 19:24 - 2011-05-24 13:42 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2013-09-30 19:24 - 2011-05-24 12:40 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2013-09-30 19:24 - 2011-05-24 12:40 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2013-09-30 19:24 - 2011-05-24 12:39 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2013-09-30 19:24 - 2011-05-24 12:37 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2013-09-30 19:24 - 2011-05-03 07:29 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2013-09-30 19:24 - 2011-05-03 06:30 - 00741376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2013-09-30 19:24 - 2011-03-11 08:34 - 01395712 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2013-09-30 19:24 - 2011-03-11 08:34 - 01359872 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2013-09-30 19:24 - 2011-03-11 07:33 - 01164288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2013-09-30 19:24 - 2011-03-11 07:33 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2013-09-30 19:24 - 2011-03-03 08:24 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2013-09-30 19:24 - 2011-03-03 08:24 - 00183296 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2013-09-30 19:24 - 2011-03-03 08:21 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2013-09-30 19:24 - 2011-03-03 07:38 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2013-09-30 19:24 - 2011-03-03 07:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2013-09-30 19:24 - 2011-02-23 06:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2013-09-30 19:24 - 2011-02-12 13:34 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe
2013-09-30 19:24 - 2011-02-05 19:10 - 00642944 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2013-09-30 19:24 - 2011-02-05 19:10 - 00020352 _____ (Microsoft Corporation) C:\Windows\system32\kdusb.dll
2013-09-30 19:24 - 2011-02-05 19:10 - 00019328 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll
2013-09-30 19:24 - 2011-02-05 19:10 - 00017792 _____ (Microsoft Corporation) C:\Windows\system32\kdcom.dll
2013-09-30 19:24 - 2011-02-05 19:06 - 00605552 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2013-09-30 19:24 - 2011-02-05 19:06 - 00566208 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2013-09-30 19:24 - 2011-02-05 19:06 - 00518672 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2013-09-30 19:24 - 2010-11-20 15:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2013-09-30 19:24 - 2010-11-20 15:25 - 00974336 _____ (Microsoft Corporation) C:\Windows\system32\WFS.exe
2013-09-30 19:24 - 2010-11-20 15:25 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\cfgmgr32.dll
2013-09-30 19:24 - 2010-11-20 15:24 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax
2013-09-30 19:24 - 2010-11-20 15:24 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\Mpeg2Data.ax
2013-09-30 19:24 - 2010-11-20 15:24 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax
2013-09-30 19:24 - 2010-11-20 14:58 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\dpnaddr.dll
2013-09-30 19:24 - 2010-11-20 14:16 - 00204288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSNP.ax
2013-09-30 19:24 - 2010-11-20 14:16 - 00072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax
2013-09-30 19:24 - 2010-11-20 14:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax
2013-09-30 19:24 - 2010-11-20 13:57 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnaddr.dll
2013-09-30 19:24 - 2010-06-26 05:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2013-09-30 19:24 - 2010-06-26 05:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2013-09-30 19:20 - 2012-02-17 08:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2013-09-30 19:20 - 2012-02-17 07:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2013-09-30 19:20 - 2012-02-17 06:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2013-09-30 19:19 - 2013-09-30 19:19 - 00002766 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-09-30 19:19 - 2013-09-30 19:19 - 00000000 ____D C:\Program Files\CCleaner
2013-09-30 19:03 - 2013-10-01 00:48 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-30 19:03 - 2013-09-30 19:03 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-09-30 19:02 - 2013-10-01 00:44 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-09-30 19:02 - 2013-08-07 04:22 - 00278800 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-09-30 19:02 - 2009-01-25 13:14 - 00017272 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2013-09-30 18:59 - 2013-10-01 13:34 - 00000000 ____D C:\Users\#0\AppData\Local\Mozilla
2013-09-30 18:59 - 2013-09-30 18:59 - 00000000 ____D C:\Users\#0\AppData\Roaming\Mozilla
2013-09-30 18:58 - 2013-09-30 23:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-30 18:58 - 2013-09-30 18:58 - 00001159 _____ C:\Users\NoAdmin\Desktop\Mozilla Firefox.lnk
2013-09-30 18:58 - 2013-09-30 18:58 - 00000000 ____D C:\ProgramData\Mozilla
2013-09-30 18:58 - 2013-09-30 18:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-30 18:57 - 2013-09-30 23:10 - 00067872 _____ C:\Users\#0\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-30 18:55 - 2013-09-30 18:55 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
2013-09-30 18:54 - 2013-09-30 18:54 - 00000000 ___SD C:\ProgramData\Shared Space
2013-09-30 18:54 - 2013-09-30 18:54 - 00000000 ____D C:\ProgramData\Comodo Downloader
2013-09-30 18:54 - 2013-09-30 18:54 - 00000000 ____D C:\ProgramData\Comodo
2013-09-30 18:54 - 2013-09-30 18:54 - 00000000 ____D C:\Program Files\COMODO
2013-09-30 18:42 - 2013-09-30 18:42 - 00000000 ____D C:\Users\#0\AppData\Local\Downloaded Installations
2013-09-30 18:42 - 2013-09-30 18:42 - 00000000 ____D C:\Program Files (x86)\NEC Electronics
2013-09-30 18:42 - 2013-09-30 18:42 - 00000000 ____D C:\Program Files (x86)\ASRock Utility
2013-09-30 18:42 - 2012-06-03 00:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-09-30 18:42 - 2012-06-03 00:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-09-30 18:42 - 2012-06-03 00:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-09-30 18:42 - 2012-06-03 00:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-09-30 18:42 - 2012-06-03 00:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-09-30 18:42 - 2012-06-03 00:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-09-30 18:42 - 2012-06-03 00:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-09-30 18:42 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-09-30 18:42 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-09-30 18:42 - 2010-03-04 15:43 - 00346144 _____ (Realtek                                            ) C:\Windows\system32\Drivers\Rt64win7.sys
2013-09-30 18:42 - 2010-01-05 18:39 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2013-09-30 18:42 - 2009-12-03 11:27 - 00074272 _____ C:\Windows\system32\RtNicProp64.dll
2013-09-30 18:41 - 2013-10-01 01:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-30 18:41 - 2013-09-30 18:42 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-09-30 18:41 - 2013-09-30 18:41 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-09-30 18:41 - 2013-09-30 18:41 - 00000000 ____D C:\Program Files\Realtek

ivegotnoclue · 02.10.2013, 13:08

FRST - Teil 3

Code:

ATTFilter

__ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2013-09-30 18:41 - 2010-02-08 12:47 - 01631776 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2013-09-30 18:41 - 2010-02-08 12:47 - 01209376 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2013-09-30 18:41 - 2010-02-08 12:47 - 00612384 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2013-09-30 18:41 - 2010-02-08 12:47 - 00477216 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2013-09-30 18:41 - 2010-02-08 12:47 - 00332320 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2013-09-30 18:41 - 2010-02-08 12:47 - 00149536 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2013-09-30 18:41 - 2010-02-08 12:47 - 00069152 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInst64.dll
2013-09-30 18:41 - 2010-02-08 12:24 - 02267552 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2013-09-30 18:41 - 2010-02-01 10:14 - 01247776 ____R (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2013-09-30 18:41 - 2010-01-28 06:23 - 00325904 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2013-09-30 18:41 - 2010-01-26 05:38 - 00168288 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2013-09-30 18:41 - 2010-01-25 13:12 - 00321440 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2013-09-30 18:41 - 2009-12-15 12:26 - 00372936 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2013-09-30 18:41 - 2009-12-15 12:26 - 00201928 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2013-09-30 18:41 - 2009-12-15 12:26 - 00099016 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2013-09-30 18:41 - 2009-12-15 12:26 - 00076488 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2013-09-30 18:41 - 2009-12-11 03:55 - 00307920 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2013-09-30 18:41 - 2009-12-11 03:55 - 00307920 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2013-09-30 18:41 - 2009-11-24 03:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2013-09-30 18:41 - 2009-11-24 03:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2013-09-30 18:41 - 2009-11-24 03:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2013-09-30 18:41 - 2009-11-24 03:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2013-09-30 18:41 - 2009-11-18 12:42 - 02719504 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2013-09-30 18:41 - 2009-11-18 12:42 - 02197264 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2013-09-30 18:41 - 2009-11-18 01:16 - 00078936 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2013-09-30 18:41 - 2009-11-18 01:13 - 00607832 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2013-09-30 18:41 - 2009-11-18 01:13 - 00531032 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2013-09-30 18:41 - 2009-11-18 01:13 - 00064600 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
2013-09-30 18:41 - 2009-11-18 01:13 - 00060504 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn64.dll
2013-09-30 18:41 - 2009-11-17 12:12 - 00108960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2013-09-30 18:40 - 2013-09-30 21:56 - 00000000 ____D C:\Program Files\DIFX
2013-09-30 18:40 - 2013-09-30 18:40 - 00006170 _____ C:\Windows\DPINST.LOG
2013-09-30 18:40 - 2013-09-30 18:40 - 00000000 ____D C:\Program Files\ATI
2013-09-30 18:40 - 2013-09-30 18:40 - 00000000 ____D C:\Program Files (x86)\AMD
2013-09-30 18:40 - 2009-12-22 02:26 - 00038456 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
2013-09-30 18:40 - 2009-10-07 12:13 - 00070200 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2013-09-30 18:40 - 2009-10-07 12:13 - 00028728 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2013-09-30 18:40 - 2009-05-05 03:00 - 00016440 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\Drivers\AtiPcie.sys
2013-09-30 18:37 - 2013-09-30 23:41 - 00000000 ___RD C:\Users\#0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-30 18:37 - 2013-09-30 22:30 - 00001451 _____ C:\Users\#0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-30 18:37 - 2013-09-30 21:19 - 00000000 ___RD C:\Users\#0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-30 18:37 - 2013-09-30 20:25 - 00000837 _____ C:\Users\#0\Desktop\Downloads.lnk
2013-09-30 18:36 - 2013-10-02 12:01 - 00000000 ____D C:\Users\#0
2013-09-30 18:36 - 2013-10-02 11:05 - 01132096 _____ C:\Windows\WindowsUpdate.log
2013-09-30 18:36 - 2013-09-30 18:36 - 00000020 ___SH C:\Users\#0\ntuser.ini
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Default\Vorlagen
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\#0\Vorlagen
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\#0\Startmenü
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\#0\Netzwerkumgebung
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\#0\Lokale Einstellungen
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\#0\Eigene Dateien
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\#0\Druckumgebung
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\#0\Documents\Eigene Musik
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\#0\Documents\Eigene Bilder
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\#0\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\#0\AppData\Local\Verlauf
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\#0\AppData\Local\Anwendungsdaten
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\#0\Anwendungsdaten
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Programme
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\ProgramData\Vorlagen
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\ProgramData\Favoriten
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Dokumente und Einstellungen
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 __SHD C:\Recovery
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 ____D C:\Users\#0\AppData\Local\VirtualStore
2013-09-30 18:36 - 2009-07-14 06:54 - 00000000 ___RD C:\Users\#0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-09-30 18:36 - 2009-07-14 06:49 - 00000000 ___RD C:\Users\#0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-09-30 18:32 - 2013-09-30 18:32 - 00001313 _____ C:\Windows\TSSysprep.log
2013-09-24 11:54 - 2013-09-24 11:54 - 00709144 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
2013-09-24 11:54 - 2013-09-24 11:54 - 00096800 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
2013-09-24 11:54 - 2013-09-24 11:54 - 00048872 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
2013-09-24 11:54 - 2013-09-24 11:54 - 00023168 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
2013-09-24 11:53 - 2013-09-24 11:53 - 00444392 _____ (COMODO) C:\Windows\system32\guard64.dll
2013-09-24 11:53 - 2013-09-24 11:53 - 00354240 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
2013-09-24 11:53 - 2013-09-24 11:53 - 00347864 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
2013-09-24 11:53 - 2013-09-24 11:53 - 00280792 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
2013-09-24 11:53 - 2013-09-24 11:53 - 00045784 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll
2013-09-24 11:53 - 2013-09-24 11:53 - 00043216 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2013-09-24 11:53 - 2013-09-24 11:53 - 00040664 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll
2013-09-12 01:17 - 2013-09-12 01:17 - 00571168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

==================== One Month Modified Files and Folders =======

2013-10-02 12:04 - 2013-10-02 12:04 - 00377856 _____ C:\Users\#0\Downloads\zcf3iz5b.exe
2013-10-02 12:03 - 2013-10-02 12:03 - 00000000 ____D C:\FRST
2013-10-02 12:02 - 2013-10-02 12:02 - 01953880 _____ (Farbar) C:\Users\#0\Downloads\FRST64.exe
2013-10-02 12:01 - 2013-10-02 12:01 - 00050477 _____ C:\Users\#0\Downloads\Defogger.exe
2013-10-02 12:01 - 2013-10-02 12:01 - 00000466 _____ C:\Users\#0\Downloads\defogger_disable.log
2013-10-02 12:01 - 2013-10-02 12:01 - 00000000 _____ C:\Users\#0\defogger_reenable
2013-10-02 12:01 - 2013-09-30 18:36 - 00000000 ____D C:\Users\#0
2013-10-02 11:44 - 2013-09-30 22:39 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-02 11:23 - 2009-07-14 19:58 - 00699554 _____ C:\Windows\system32\perfh007.dat
2013-10-02 11:23 - 2009-07-14 19:58 - 00149376 _____ C:\Windows\system32\perfc007.dat
2013-10-02 11:23 - 2009-07-14 07:13 - 01621618 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-02 11:12 - 2013-10-02 11:12 - 00231099 _____ C:\Users\1380705144136.log
2013-10-02 11:12 - 2013-10-02 11:12 - 00000588 _____ C:\Users\#0\Desktop\XMind 2012.lnk
2013-10-02 11:12 - 2013-10-02 11:11 - 00000000 ____D C:\XMind
2013-10-02 11:12 - 2013-09-30 23:43 - 00000203 _____ C:\Users\org.eclipse.update\platform.xml
2013-10-02 11:12 - 2013-09-30 23:43 - 00000016 _____ C:\Users\org.eclipse.update\last.config.stamp
2013-10-02 11:12 - 2013-09-30 23:43 - 00000000 ____D C:\Users\org.eclipse.update
2013-10-02 11:12 - 2013-09-30 23:43 - 00000000 ____D C:\Users\org.eclipse.osgi\.manager
2013-10-02 11:12 - 2013-09-30 23:43 - 00000000 ____D C:\Users\org.eclipse.equinox.app\.manager
2013-10-02 11:12 - 2013-09-30 23:43 - 00000000 ____D C:\Users\org.eclipse.core.runtime\.manager
2013-10-02 11:11 - 2013-10-02 11:11 - 00000000 ____D C:\Neuer Ordner
2013-10-02 11:11 - 2013-10-02 11:10 - 34767909 _____ (XMind Ltd.                                                  ) C:\Users\#0\Downloads\xmind-windows-3.3.1.201212250029.exe
2013-10-02 11:08 - 2013-10-02 11:08 - 00000000 ____D C:\Users\#0\Downloads\WW
2013-10-02 11:07 - 2013-10-02 11:07 - 01376768 _____ C:\Users\#0\Downloads\7z920-x64.msi
2013-10-02 11:07 - 2013-10-02 11:07 - 00000000 ____D C:\Program Files\7-Zip
2013-10-02 11:05 - 2013-10-02 11:05 - 21682769 _____ C:\Users\#0\Downloads\WW.rar
2013-10-02 11:05 - 2013-09-30 18:36 - 01132096 _____ C:\Windows\WindowsUpdate.log
2013-10-02 11:03 - 2013-09-30 21:59 - 00000000 ____D C:\Program Files (x86)\Steam
2013-10-02 11:02 - 2013-09-30 23:30 - 00000000 ____D C:\ProgramData\VMware
2013-10-02 11:02 - 2013-09-30 22:39 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-02 11:02 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-02 11:02 - 2009-07-14 06:51 - 00025273 _____ C:\Windows\setupact.log
2013-10-02 11:01 - 2013-09-30 21:51 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-02 08:18 - 2009-07-14 06:45 - 00014112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-02 08:18 - 2009-07-14 06:45 - 00014112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-02 01:35 - 2013-10-01 20:41 - 00000000 ____D C:\Users\#0\AppData\Roaming\TrueCrypt
2013-10-01 23:44 - 2013-10-01 23:44 - 00000000 ____D C:\Users\#0\Desktop\vlc löschen
2013-10-01 23:42 - 2013-10-01 23:37 - 00000000 ____D C:\Users\#0\AppData\Roaming\vlc
2013-10-01 23:36 - 2013-10-01 23:36 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-10-01 23:35 - 2013-10-01 23:31 - 24278649 _____ C:\Users\#0\Downloads\vlc-2.1.0-win32.exe
2013-10-01 21:16 - 2013-10-01 21:16 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-10-01 21:05 - 2013-10-01 21:05 - 00231099 _____ C:\Users\1380654357082.log
2013-10-01 20:40 - 2013-10-01 20:40 - 00231376 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2013-10-01 20:40 - 2013-10-01 20:40 - 00000875 _____ C:\Users\Public\Desktop\TrueCrypt.lnk
2013-10-01 20:40 - 2013-10-01 20:40 - 00000000 ____D C:\Program Files\TrueCrypt
2013-10-01 20:37 - 2013-10-01 20:37 - 00000000 ____D C:\Users\#0\AppData\Roaming\Mobile Partner
2013-10-01 20:36 - 2013-10-01 20:36 - 00001079 _____ C:\Users\Public\Desktop\Mobile Partner.lnk
2013-10-01 20:36 - 2013-10-01 20:34 - 00000000 ____D C:\ProgramData\DatacardService
2013-10-01 20:36 - 2013-10-01 20:34 - 00000000 ____D C:\Program Files (x86)\Mobile Partner
2013-10-01 20:35 - 2013-10-01 20:35 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-10-01 20:18 - 2013-10-01 20:18 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-10-01 13:52 - 2013-10-01 13:52 - 00000000 ____D C:\Users\#0\Desktop\Neuer Ordner
2013-10-01 13:34 - 2013-09-30 18:59 - 00000000 ____D C:\Users\#0\AppData\Local\Mozilla
2013-10-01 13:32 - 2013-10-01 13:32 - 00000000 ____D C:\Program Files\Axantum
2013-10-01 13:20 - 2013-10-01 13:20 - 00000000 ____D C:\Users\NoAdmin\AppData\Roaming\IrfanView
2013-10-01 13:15 - 2013-10-01 13:15 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-10-01 13:15 - 2013-09-30 22:29 - 00000000 ____D C:\Users\NoAdmin
2013-10-01 01:14 - 2013-09-30 18:41 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-10-01 01:13 - 2013-10-01 01:13 - 00000000 ____D C:\ProgramData\Brother
2013-10-01 01:05 - 2013-10-02 00:47 - 00449438 _____ C:\Windows\system32\Drivers\etc\hosts.20131002-004721.backup
2013-10-01 01:05 - 2009-07-14 04:34 - 00449438 ____R C:\Windows\system32\Drivers\etc\hosts.20131002-004520.backup
2013-10-01 01:04 - 2013-10-01 01:05 - 00449438 ____R C:\Windows\system32\Drivers\etc\hosts.20131001-010546.backup
2013-10-01 00:57 - 2013-09-30 22:23 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-01 00:56 - 2013-09-30 22:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-10-01 00:48 - 2013-09-30 19:03 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-01 00:44 - 2013-09-30 19:02 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-10-01 00:35 - 2013-10-01 00:35 - 00000000 ____D C:\Users\NoAdmin\AppData\Roaming\Avira
2013-10-01 00:31 - 2013-10-01 00:31 - 00000000 ____D C:\Users\NoAdmin\AppData\Roaming\Mozilla
2013-10-01 00:31 - 2013-10-01 00:31 - 00000000 ____D C:\Users\NoAdmin\AppData\Local\Mozilla
2013-10-01 00:29 - 2013-09-30 22:30 - 00067872 _____ C:\Users\NoAdmin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-01 00:24 - 2013-09-30 23:37 - 00000000 ____D C:\Users\#0\AppData\Local\VMware
2013-10-01 00:22 - 2013-09-30 23:37 - 00000000 ____D C:\Users\#0\AppData\Roaming\VMware
2013-10-01 00:21 - 2013-10-01 00:21 - 00000000 ____D C:\Users\#0\Documents\Virtual Machines
2013-10-01 00:16 - 2013-10-01 00:03 - 959447040 _____ C:\Users\#0\Downloads\linuxmint-15-cinnamon-dvd-64bit.iso
2013-09-30 23:43 - 2013-09-30 23:43 - 00514791 _____ C:\Users\org.eclipse.osgi\.lazy.1
2013-09-30 23:43 - 2013-09-30 23:43 - 00286776 _____ C:\Users\org.eclipse.osgi\.bundledata.1
2013-09-30 23:43 - 2013-09-30 23:43 - 00246903 _____ C:\Users\org.eclipse.core.runtime\.mainData.1
2013-09-30 23:43 - 2013-09-30 23:43 - 00231099 _____ C:\Users\1380577386981.log
2013-09-30 23:43 - 2013-09-30 23:43 - 00123943 _____ C:\Users\org.eclipse.osgi\.state.1
2013-09-30 23:43 - 2013-09-30 23:43 - 00056631 _____ C:\Users\org.eclipse.core.runtime\.extraData.1
2013-09-30 23:43 - 2013-09-30 23:43 - 00013739 _____ C:\Users\org.eclipse.core.runtime\.table.1
2013-09-30 23:43 - 2013-09-30 23:43 - 00003120 _____ C:\Users\org.eclipse.core.runtime\.contributors.1
2013-09-30 23:43 - 2013-09-30 23:43 - 00002670 _____ C:\Users\org.eclipse.core.runtime\.namespaces.1
2013-09-30 23:43 - 2013-09-30 23:43 - 00002084 _____ C:\Users\org.eclipse.core.runtime\.contributions.1
2013-09-30 23:43 - 2013-09-30 23:43 - 00000004 _____ C:\Users\org.eclipse.core.runtime\.orphans.1
2013-09-30 23:43 - 2013-09-30 23:43 - 00000000 ____D C:\Users\org.eclipse.osgi
2013-09-30 23:43 - 2013-09-30 23:43 - 00000000 ____D C:\Users\org.eclipse.equinox.app
2013-09-30 23:43 - 2013-09-30 23:43 - 00000000 ____D C:\Users\org.eclipse.core.runtime
2013-09-30 23:42 - 2013-09-30 23:42 - 00477168 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2013-09-30 23:42 - 2013-09-30 23:42 - 00473072 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2013-09-30 23:42 - 2013-09-30 23:42 - 00157680 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2013-09-30 23:42 - 2013-09-30 23:42 - 00149488 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2013-09-30 23:42 - 2013-09-30 23:42 - 00149488 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2013-09-30 23:42 - 2013-09-30 23:42 - 00000000 ____D C:\ProgramData\Sun
2013-09-30 23:42 - 2013-09-30 23:42 - 00000000 ____D C:\Program Files (x86)\Java
2013-09-30 23:42 - 2013-09-30 18:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-30 23:41 - 2013-09-30 23:41 - 00000000 ____D C:\Program Files\D-Link
2013-09-30 23:41 - 2013-09-30 18:37 - 00000000 ___RD C:\Users\#0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-30 23:36 - 2013-09-30 23:36 - 00000000 ____D C:\Users\#0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2013-09-30 23:36 - 2013-09-30 23:36 - 00000000 ____D C:\Users\#0\AppData\Roaming\IrfanView
2013-09-30 23:36 - 2013-09-30 23:36 - 00000000 ____D C:\Program Files (x86)\IrfanView
2013-09-30 23:30 - 2013-09-30 23:30 - 00000000 ____D C:\Program Files\Common Files\VMware
2013-09-30 23:30 - 2013-09-30 23:30 - 00000000 ____D C:\Program Files (x86)\VMware
2013-09-30 23:30 - 2013-09-30 21:49 - 01641574 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-30 23:29 - 2013-09-30 23:29 - 00000000 ____D C:\Users\#0\AppData\Roaming\Unified Remote
2013-09-30 23:29 - 2013-09-30 23:29 - 00000000 ____D C:\Users\#0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unified Remote
2013-09-30 23:29 - 2013-09-30 23:29 - 00000000 ____D C:\Program Files (x86)\Unified Remote
2013-09-30 23:10 - 2013-09-30 20:51 - 00006224 _____ C:\Windows\PFRO.log
2013-09-30 23:10 - 2013-09-30 18:57 - 00067872 _____ C:\Users\#0\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-30 23:10 - 2009-07-14 06:45 - 00311104 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-30 23:01 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-09-30 22:44 - 2013-09-30 22:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-09-30 22:40 - 2013-09-30 22:39 - 00000000 ____D C:\Users\#0\AppData\Local\Google
2013-09-30 22:40 - 2013-09-30 22:39 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-30 22:39 - 2013-09-30 22:39 - 00004098 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-09-30 22:39 - 2013-09-30 22:39 - 00003846 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-09-30 22:30 - 2013-09-30 22:30 - 00001439 _____ C:\Users\NoAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-30 22:30 - 2013-09-30 22:30 - 00001417 _____ C:\Users\#0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-09-30 22:30 - 2013-09-30 22:30 - 00001405 _____ C:\Users\NoAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-09-30 22:30 - 2013-09-30 22:30 - 00000000 ___RD C:\Users\NoAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-30 22:30 - 2013-09-30 22:30 - 00000000 ___RD C:\Users\NoAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-30 22:30 - 2013-09-30 18:37 - 00001451 _____ C:\Users\#0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-30 22:29 - 2013-09-30 22:29 - 00000020 ___SH C:\Users\NoAdmin\ntuser.ini
2013-09-30 22:29 - 2013-09-30 22:29 - 00000000 _SHDL C:\Users\NoAdmin\Vorlagen
2013-09-30 22:29 - 2013-09-30 22:29 - 00000000 _SHDL C:\Users\NoAdmin\Startmenü
2013-09-30 22:29 - 2013-09-30 22:29 - 00000000 _SHDL C:\Users\NoAdmin\Netzwerkumgebung
2013-09-30 22:29 - 2013-09-30 22:29 - 00000000 _SHDL C:\Users\NoAdmin\Lokale Einstellungen
2013-09-30 22:29 - 2013-09-30 22:29 - 00000000 _SHDL C:\Users\NoAdmin\Eigene Dateien
2013-09-30 22:29 - 2013-09-30 22:29 - 00000000 _SHDL C:\Users\NoAdmin\Druckumgebung
2013-09-30 22:29 - 2013-09-30 22:29 - 00000000 _SHDL C:\Users\NoAdmin\Documents\Eigene Musik
2013-09-30 22:29 - 2013-09-30 22:29 - 00000000 _SHDL C:\Users\NoAdmin\Documents\Eigene Bilder
2013-09-30 22:29 - 2013-09-30 22:29 - 00000000 _SHDL C:\Users\NoAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-09-30 22:29 - 2013-09-30 22:29 - 00000000 _SHDL C:\Users\NoAdmin\AppData\Local\Verlauf
2013-09-30 22:29 - 2013-09-30 22:29 - 00000000 _SHDL C:\Users\NoAdmin\AppData\Local\Anwendungsdaten
2013-09-30 22:29 - 2013-09-30 22:29 - 00000000 _SHDL C:\Users\NoAdmin\Anwendungsdaten
2013-09-30 22:29 - 2013-09-30 22:29 - 00000000 ____D C:\Users\NoAdmin\AppData\Local\VirtualStore
2013-09-30 22:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-09-30 22:26 - 2013-09-30 22:26 - 00000000 ____D C:\Windows\PCHEALTH
2013-09-30 22:23 - 2013-09-30 22:23 - 00000000 ____D C:\Users\#0\AppData\Local\Microsoft Help
2013-09-30 22:23 - 2013-09-30 22:23 - 00000000 ____D C:\Program Files\Microsoft Office
2013-09-30 22:23 - 2009-07-14 20:18 - 00000000 ____D C:\Windows\ShellNew
2013-09-30 22:22 - 2013-09-30 22:22 - 00000000 __RHD C:\MSOCache
2013-09-30 22:04 - 2013-09-30 22:04 - 00000000 ____D C:\ProgramData\CMUV
2013-09-30 21:57 - 2013-09-30 21:57 - 00001151 _____ C:\Users\NoAdmin\Desktop\DVBViewer TERRATEC Edition.lnk
2013-09-30 21:57 - 2013-09-30 21:57 - 00000000 ____D C:\Program Files (x86)\DVBViewer TERRATEC Edition
2013-09-30 21:56 - 2013-09-30 21:56 - 00000000 ____D C:\Program Files (x86)\TERRATEC
2013-09-30 21:56 - 2013-09-30 18:40 - 00000000 ____D C:\Program Files\DIFX
2013-09-30 21:52 - 2013-09-30 21:51 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-09-30 21:52 - 2013-09-30 21:50 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-09-30 21:51 - 2013-09-30 21:51 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-09-30 21:51 - 2013-09-30 21:51 - 00000000 _SHDL C:\Users\UpdatusUser\Vorlagen
2013-09-30 21:51 - 2013-09-30 21:51 - 00000000 _SHDL C:\Users\UpdatusUser\Startmenü
2013-09-30 21:51 - 2013-09-30 21:51 - 00000000 _SHDL C:\Users\UpdatusUser\Netzwerkumgebung
2013-09-30 21:51 - 2013-09-30 21:51 - 00000000 _SHDL C:\Users\UpdatusUser\Lokale Einstellungen
2013-09-30 21:51 - 2013-09-30 21:51 - 00000000 _SHDL C:\Users\UpdatusUser\Eigene Dateien
2013-09-30 21:51 - 2013-09-30 21:51 - 00000000 _SHDL C:\Users\UpdatusUser\Druckumgebung
2013-09-30 21:51 - 2013-09-30 21:51 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Musik
2013-09-30 21:51 - 2013-09-30 21:51 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Bilder
2013-09-30 21:51 - 2013-09-30 21:51 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-09-30 21:51 - 2013-09-30 21:51 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Verlauf
2013-09-30 21:51 - 2013-09-30 21:51 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2013-09-30 21:51 - 2013-09-30 21:51 - 00000000 _SHDL C:\Users\UpdatusUser\Anwendungsdaten
2013-09-30 21:51 - 2013-09-30 21:51 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-09-30 21:51 - 2013-09-30 21:45 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-09-30 21:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Help
2013-09-30 21:47 - 2013-09-30 21:47 - 00000000 ____D C:\Users\#0\AppData\Roaming\Avira
2013-09-30 21:42 - 2013-09-30 21:42 - 00000000 ____D C:\ProgramData\Avira
2013-09-30 21:42 - 2013-09-30 21:42 - 00000000 ____D C:\Program Files (x86)\Avira
2013-09-30 21:41 - 2013-09-30 21:42 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-30 21:41 - 2013-09-30 21:42 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-30 21:41 - 2013-09-30 21:42 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-09-30 21:19 - 2013-09-30 21:19 - 00000000 ____D C:\Users\#0\AppData\Roaming\Adobe
2013-09-30 21:19 - 2013-09-30 18:37 - 00000000 ___RD C:\Users\#0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-30 20:50 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-09-30 20:50 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-09-30 20:50 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-09-30 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-09-30 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-09-30 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-09-30 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-09-30 20:40 - 2013-09-30 20:34 - 00012296 _____ C:\Windows\IE10_main.log
2013-09-30 20:35 - 2013-09-30 20:35 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-30 20:35 - 2013-09-30 20:35 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-09-30 20:25 - 2013-09-30 18:37 - 00000837 _____ C:\Users\#0\Desktop\Downloads.lnk
2013-09-30 20:22 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-09-30 20:22 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-09-30 20:22 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-09-30 20:22 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-09-30 20:22 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-09-30 20:22 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-09-30 20:22 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-09-30 20:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\sppui
2013-09-30 20:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2013-09-30 20:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-09-30 20:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-09-30 20:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2013-09-30 20:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-09-30 20:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2013-09-30 20:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\sppui
2013-09-30 20:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Setup
2013-09-30 20:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\oobe
2013-09-30 20:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\migwiz
2013-09-30 20:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\manifeststore
2013-09-30 20:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Dism
2013-09-30 20:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2013-09-30 20:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\servicing
2013-09-30 20:22 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-09-30 20:21 - 2009-07-14 04:36 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2013-09-30 20:21 - 2009-07-14 04:36 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2013-09-30 20:11 - 2013-09-30 20:09 - 00004723 _____ C:\Windows\IE9_main.log
2013-09-30 20:10 - 2013-09-30 20:10 - 17833472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 12335104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-09-30 20:10 - 2013-09-30 20:10 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-09-30 20:10 - 2013-09-30 20:10 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-30 20:10 - 2013-09-30 20:10 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-30 20:10 - 2013-09-30 20:10 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-30 20:10 - 2013-09-30 20:10 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-30 20:10 - 2013-09-30 20:10 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-09-30 20:10 - 2013-09-30 20:10 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-09-30 20:10 - 2013-09-30 20:10 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-30 20:10 - 2013-09-30 20:10 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-09-30 20:10 - 2013-09-30 20:10 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-09-30 20:10 - 2013-09-30 20:10 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-09-30 20:10 - 2013-09-30 20:10 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-09-30 20:10 - 2013-09-30 20:10 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-30 20:10 - 2013-09-30 20:10 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-09-30 20:10 - 2013-09-30 20:10 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-30 20:10 - 2013-09-30 20:10 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-30 20:10 - 2013-09-30 20:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-09-30 20:10 - 2013-09-30 20:10 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-09-30 20:10 - 2013-09-30 20:10 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-30 20:10 - 2013-09-30 20:10 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-09-30 20:10 - 2013-09-30 20:10 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-09-30 20:10 - 2013-09-30 20:10 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-09-30 20:10 - 2013-09-30 20:10 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-09-30 20:10 - 2013-09-30 20:10 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-09-30 20:10 - 2013-09-30 20:10 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-09-30 20:10 - 2013-09-30 20:10 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-09-30 20:08 - 2013-09-30 20:08 - 00000000 ____D C:\Windows\system32\SPReview
2013-09-30 20:08 - 2013-09-30 20:08 - 00000000 ____D C:\Windows\system32\EventProviders
2013-09-30 19:48 - 2013-09-30 19:47 - 00000000 ____D C:\Windows\system32\MRT
2013-09-30 19:39 - 2013-09-30 19:39 - 00000000 ____D C:\NVIDIA
2013-09-30 19:29 - 2009-07-14 07:38 - 00025600 ___SH C:\Windows\system32\config\BCD-Template.LOG
2013-09-30 19:29 - 2009-07-14 07:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2013-09-30 19:19 - 2013-09-30 19:19 - 00002766 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-09-30 19:19 - 2013-09-30 19:19 - 00000000 ____D C:\Program Files\CCleaner
2013-09-30 19:03 - 2013-09-30 19:03 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-09-30 18:59 - 2013-09-30 18:59 - 00000000 ____D C:\Users\#0\AppData\Roaming\Mozilla
2013-09-30 18:58 - 2013-09-30 18:58 - 00001159 _____ C:\Users\NoAdmin\Desktop\Mozilla Firefox.lnk
2013-09-30 18:58 - 2013-09-30 18:58 - 00000000 ____D C:\ProgramData\Mozilla
2013-09-30 18:58 - 2013-09-30 18:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-30 18:55 - 2013-09-30 18:55 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
2013-09-30 18:54 - 2013-09-30 18:54 - 00000000 ___SD C:\ProgramData\Shared Space
2013-09-30 18:54 - 2013-09-30 18:54 - 00000000 ____D C:\ProgramData\Comodo Downloader
2013-09-30 18:54 - 2013-09-30 18:54 - 00000000 ____D C:\ProgramData\Comodo
2013-09-30 18:54 - 2013-09-30 18:54 - 00000000 ____D C:\Program Files\COMODO
2013-09-30 18:42 - 2013-09-30 18:42 - 00000000 ____D C:\Users\#0\AppData\Local\Downloaded Installations
2013-09-30 18:42 - 2013-09-30 18:42 - 00000000 ____D C:\Program Files (x86)\NEC Electronics
2013-09-30 18:42 - 2013-09-30 18:42 - 00000000 ____D C:\Program Files (x86)\ASRock Utility
2013-09-30 18:42 - 2013-09-30 18:41 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-09-30 18:41 - 2013-09-30 18:41 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-09-30 18:41 - 2013-09-30 18:41 - 00000000 ____D C:\Program Files\Realtek
2013-09-30 18:41 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\restore
2013-09-30 18:40 - 2013-09-30 18:40 - 00006170 _____ C:\Windows\DPINST.LOG
2013-09-30 18:40 - 2013-09-30 18:40 - 00000000 ____D C:\Program Files\ATI
2013-09-30 18:40 - 2013-09-30 18:40 - 00000000 ____D C:\Program Files (x86)\AMD
2013-09-30 18:36 - 2013-09-30 19:29 - 00000000 ____D C:\Windows\Panther
2013-09-30 18:36 - 2013-09-30 18:36 - 00000020 ___SH C:\Users\#0\ntuser.ini
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Default\Vorlagen
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\#0\Vorlagen
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\#0\Startmenü
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\#0\Netzwerkumgebung
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\#0\Lokale Einstellungen
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\#0\Eigene Dateien
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\#0\Druckumgebung
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\#0\Documents\Eigene Musik
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\#0\Documents\Eigene Bilder
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\#0\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\#0\AppData\Local\Verlauf
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\#0\AppData\Local\Anwendungsdaten
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Users\#0\Anwendungsdaten
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Programme
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\ProgramData\Vorlagen
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\ProgramData\Favoriten
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 _SHDL C:\Dokumente und Einstellungen
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 __SHD C:\Recovery
2013-09-30 18:36 - 2013-09-30 18:36 - 00000000 ____D C:\Users\#0\AppData\Local\VirtualStore
2013-09-30 18:36 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-30 18:36 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Windows NT
2013-09-30 18:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-30 18:32 - 2013-09-30 18:32 - 00001313 _____ C:\Windows\TSSysprep.log
2013-09-30 18:32 - 2009-07-14 06:46 - 00001774 _____ C:\Windows\DtcInstall.log
2013-09-30 18:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\sysprep
2013-09-24 11:54 - 2013-09-24 11:54 - 00709144 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
2013-09-24 11:54 - 2013-09-24 11:54 - 00096800 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
2013-09-24 11:54 - 2013-09-24 11:54 - 00048872 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
2013-09-24 11:54 - 2013-09-24 11:54 - 00023168 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
2013-09-24 11:53 - 2013-09-24 11:53 - 00444392 _____ (COMODO) C:\Windows\system32\guard64.dll
2013-09-24 11:53 - 2013-09-24 11:53 - 00354240 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
2013-09-24 11:53 - 2013-09-24 11:53 - 00347864 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
2013-09-24 11:53 - 2013-09-24 11:53 - 00280792 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
2013-09-24 11:53 - 2013-09-24 11:53 - 00045784 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll
2013-09-24 11:53 - 2013-09-24 11:53 - 00043216 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2013-09-24 11:53 - 2013-09-24 11:53 - 00040664 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll
2013-09-12 10:58 - 2013-09-30 21:50 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2013-09-12 10:58 - 2013-09-30 21:50 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2013-09-12 10:58 - 2013-09-30 21:45 - 29337376 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-09-12 10:58 - 2013-09-30 21:45 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-09-12 10:58 - 2013-09-30 21:45 - 22102304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-09-12 10:58 - 2013-09-30 21:45 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-09-12 10:58 - 2013-09-30 21:45 - 15703688 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-09-12 10:58 - 2013-09-30 21:45 - 13628208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-09-12 10:58 - 2013-09-30 21:45 - 12947360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-09-12 10:58 - 2013-09-30 21:45 - 11274528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-09-12 10:58 - 2013-09-30 21:45 - 09281032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-09-12 10:58 - 2013-09-30 21:45 - 07720576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-09-12 10:58 - 2013-09-30 21:45 - 07648000 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-09-12 10:58 - 2013-09-30 21:45 - 06329552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-09-12 10:58 - 2013-09-30 21:45 - 02986672 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-09-12 10:58 - 2013-09-30 21:45 - 02970400 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-09-12 10:58 - 2013-09-30 21:45 - 02789152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-09-12 10:58 - 2013-09-30 21:45 - 02630304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-09-12 10:58 - 2013-09-30 21:45 - 02367264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-09-12 10:58 - 2013-09-30 21:45 - 02007328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-09-12 10:58 - 2013-09-30 21:45 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432723.dll
2013-09-12 10:58 - 2013-09-30 21:45 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432723.dll
2013-09-12 10:58 - 2013-09-30 21:45 - 00681760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-09-12 10:58 - 2013-09-30 21:45 - 00603424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-09-12 10:58 - 2013-09-30 21:45 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-09-12 10:58 - 2013-09-30 21:45 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-09-12 10:58 - 2013-09-30 21:45 - 00022814 _____ C:\Windows\system32\nvinfo.pb
2013-09-12 10:58 - 2009-07-13 23:59 - 15901448 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-09-12 09:25 - 2013-09-30 21:50 - 06599968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-09-12 09:25 - 2013-09-30 21:50 - 03452192 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-09-12 09:25 - 2013-09-30 21:50 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-09-12 09:25 - 2013-09-30 21:50 - 00920864 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-09-12 09:25 - 2013-09-30 21:50 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-09-12 09:25 - 2013-09-30 21:50 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-09-12 01:17 - 2013-09-12 01:17 - 00571168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

Some content of TEMP:
====================
C:\Users\#0\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-30 21:16

==================== End Of Log ============================

Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-09-2013 02
Ran by #0 at 2013-10-02 12:05:16
Running from C:\Users\#0\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
AMD USB Filter Driver (x32 Version: 1.0.15.94)
ASRock InstantBoot v1.24 (x32)
ATI Catalyst Install Manager (Version: 3.0.765.0)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
AxCrypt 1.7.2976.0 (Version: 1.7.2976.0)
CCleaner (Version: 4.06)
COMODO Firewall (Version: 6.3.32439.2937)
DVBViewer TERRATEC Edition (x32)
GeForce Experience NvStream Client Components (Version: 0.1.87)
Google Chrome (x32 Version: 29.0.1547.76)
Google Update Helper (x32 Version: 1.3.21.153)
IrfanView (remove only) (x32 Version: 4.36)
Java Auto Updater (x32 Version: 2.0.7.2)
Java(TM) 6 Update 37 (x32 Version: 6.0.370)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mobile Partner (x32 Version: 16.002.03.04.511)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0)
NVIDIA 3D Vision Controller-Treiber 326.01 (Version: 326.01)
NVIDIA 3D Vision Treiber 327.23 (Version: 327.23)
NVIDIA GeForce Experience 1.6.1 (Version: 1.6.1)
NVIDIA Grafiktreiber 327.23 (Version: 327.23)
NVIDIA Install Application (Version: 2.1002.133.902)
NVIDIA PhysX (x32 Version: 9.13.0725)
NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2723)
NVIDIA Systemsteuerung 327.23 (Version: 327.23)
NVIDIA Update 8.3.14 (Version: 8.3.14)
NVIDIA Update Components (Version: 8.3.14)
NVIDIA Virtual Audio 1.2.5 (Version: 1.2.5)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.17.304.2010)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6043)
SharePort Plus (Version: 4.2.1 B1)
SHIELD Streaming (Version: 1.05.28)
Spybot - Search & Destroy (x32 Version: 2.1.21)
Steam (x32 Version: 1.0.0.0)
TERRATEC Cinergy T Stick+ (64 Bit) (x32 Version: 86.001.1129.2011)
TrueCrypt (x32 Version: 7.1a)
Unified Remote (x32 Version: 2.10.0.0)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
VLC media player 2.1.0 (x32 Version: 2.1.0)
VMware Player (Version: 6.0.0)
VMware Player (x32 Version: 6.0.0)
Windows-Treiberpaket - TERRATEC (RTL2832U_IRHID) HIDClass  (06/17/2010 8664.001.0617.2010) (Version: 06/17/2010 8664.001.0617.2010)
Windows-Treiberpaket - TERRATEC (RTL2832UUSB) MEDIA  (08/02/2010 64.001.0802.2010) (Version: 08/02/2010 64.001.0802.2010)
XMind 2012 (v3.3.1) (x32 Version: 3.3.1.201212250029)

==================== Restore Points  =========================

01-10-2013 18:40:41 TrueCrypt installation
02-10-2013 09:07:27 Installed 7-Zip 9.20 (x64 edition)

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-10-02 00:47 - 00449438 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {187F0847-04E9-4393-A6C2-80AA386B884B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-30] (Google Inc.)
Task: {48455AF0-4988-45D9-8F9E-150BEC02C4AF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {4B3C9F96-997E-4890-8503-8932345AC621} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-30] (Google Inc.)
Task: {9903A72D-598A-4D58-B230-09AFED6B6F93} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-09-24] (COMODO)
Task: {A1A16417-526A-4C56-BE17-C01BBD727813} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {C00CA440-F321-4E49-ADAF-5C911BD1D8F3} - System32\Tasks\COMODO\COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [2013-09-24] (COMODO)
Task: {EB6C6357-534A-4675-BD00-4D04CDFD6F0C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {FA740357-E632-44D1-904F-2EEBCD37A843} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-30 23:41 - 2012-10-11 08:43 - 00304640 ____N () C:\Program Files\D-Link\SharePort Plus\Svlscapi.dll
2013-09-30 21:42 - 2013-09-30 21:41 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-09-30 19:02 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-09-30 19:02 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-09-30 19:02 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-09-30 19:02 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-09-30 19:02 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-08-27 12:42 - 2013-08-27 12:42 - 01260624 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2013-09-30 22:40 - 2013-09-17 05:20 - 00709584 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\libglesv2.dll
2013-09-30 22:40 - 2013-09-17 05:20 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\libegl.dll
2013-09-30 22:40 - 2013-09-17 05:21 - 04053456 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll
2013-09-30 22:40 - 2013-09-17 05:21 - 00410576 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
2013-09-30 22:40 - 2013-09-17 05:20 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ffmpegsumo.dll
2013-09-30 22:40 - 2013-09-17 05:21 - 13611984 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll
2013-10-02 11:11 - 2012-12-25 16:54 - 00053248 _____ () C:\XMind\plugins\org.eclipse.equinox.launcher.win32.win32.x86_1.1.200.v20120522-1813\eclipse_1503.dll
2013-10-01 20:34 - 2010-01-08 15:59 - 00014848 _____ () C:\Program Files (x86)\Mobile Partner\isaputrace.dll
2013-10-01 20:34 - 2010-01-29 16:56 - 00114688 _____ () C:\Program Files (x86)\Mobile Partner\DeviceMgrPlugin.dll
2013-10-01 20:34 - 2010-01-29 16:59 - 00057344 _____ () C:\Program Files (x86)\Mobile Partner\ConfigFilePlugin.dll
2013-10-01 20:34 - 2010-01-29 16:52 - 00147456 _____ () C:\Program Files (x86)\Mobile Partner\NetInfoPlugin.dll
2013-10-01 20:34 - 2010-01-29 16:47 - 00090112 _____ () C:\Program Files (x86)\Mobile Partner\DialUpPlugin.dll
2013-10-01 20:34 - 2010-01-29 16:07 - 00991232 _____ () C:\Program Files (x86)\Mobile Partner\NDISAPI.dll
2013-10-01 20:34 - 2010-01-08 15:59 - 00167936 _____ () C:\Program Files (x86)\Mobile Partner\DetectDev.dll
2013-10-01 20:34 - 2010-01-08 15:59 - 00598016 _____ () C:\Program Files (x86)\Mobile Partner\atcomm.dll
2013-10-01 20:34 - 2010-01-08 15:59 - 00061440 _____ () C:\Program Files (x86)\Mobile Partner\XCodec.dll
2013-10-01 20:34 - 2010-01-08 15:59 - 00061440 _____ () C:\Program Files (x86)\Mobile Partner\DeviceOperate.dll
2013-10-01 20:34 - 2010-01-29 17:03 - 00032768 _____ () C:\Program Files (x86)\Mobile Partner\NotifyServicePlugin.dll
2013-10-01 20:34 - 2010-01-29 16:45 - 00245760 _____ () C:\Program Files (x86)\Mobile Partner\DeviceMgrUIPlugin.dll
2013-10-01 20:34 - 2010-01-29 17:07 - 00143360 _____ () C:\Program Files (x86)\Mobile Partner\LocaleMgrPlugin.dll
2013-10-01 20:34 - 2010-01-08 15:59 - 00090112 _____ () C:\Program Files (x86)\Mobile Partner\FileManager.dll
2013-10-01 20:34 - 2010-01-29 17:05 - 00163840 _____ () C:\Program Files (x86)\Mobile Partner\SMSPlugin.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/01/2013 00:57:38 AM) (Source: Windows Search Service) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Kontext:  Anwendung, SystemIndex Katalog

Error: (10/01/2013 00:57:03 AM) (Source: Windows Search Service) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Kontext:  Anwendung, SystemIndex Katalog

Error: (09/30/2013 08:08:24 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Volume bzw. Datenträger ist nicht richtig angeschlossen oder wurde nicht gefunden.
Fehlerkontext: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy6,0xc0000000,0x00000003,...).


Vorgang:
   PostFinalCommitSnapshots wird verarbeitet

Kontext:
   Ausführungskontext: System Provider

Error: (09/30/2013 07:55:51 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SDWSCSvc.exe, Version: 2.1.18.2, Zeitstempel: 0x51936fb9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x74b36a64
ID des fehlerhaften Prozesses: 0x534
Startzeit der fehlerhaften Anwendung: 0xSDWSCSvc.exe0
Pfad der fehlerhaften Anwendung: SDWSCSvc.exe1
Pfad des fehlerhaften Moduls: SDWSCSvc.exe2
Berichtskennung: SDWSCSvc.exe3

Error: (09/30/2013 07:55:51 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SDUpdSvc.exe, Version: 2.1.18.76, Zeitstempel: 0x51949f41
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x74b36a64
ID des fehlerhaften Prozesses: 0x6d8
Startzeit der fehlerhaften Anwendung: 0xSDUpdSvc.exe0
Pfad der fehlerhaften Anwendung: SDUpdSvc.exe1
Pfad des fehlerhaften Moduls: SDUpdSvc.exe2
Berichtskennung: SDUpdSvc.exe3

Error: (09/30/2013 07:55:50 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SDFSSvc.exe, Version: 2.1.18.208, Zeitstempel: 0x51949f3c
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x74b36a64
ID des fehlerhaften Prozesses: 0x618
Startzeit der fehlerhaften Anwendung: 0xSDFSSvc.exe0
Pfad der fehlerhaften Anwendung: SDFSSvc.exe1
Pfad des fehlerhaften Moduls: SDFSSvc.exe2
Berichtskennung: SDFSSvc.exe3

Error: (09/30/2013 06:35:44 PM) (Source: Software Protection Platform Service) (User: )
Description: Fehler bei der Installation des Kaufnachweises. 0xC004F050
Teil-Pkey=6DCXY
ACID=?
Genauer Fehler[?]


System errors:
=============
Error: (10/02/2013 11:02:56 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (10/02/2013 11:02:55 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (10/02/2013 11:02:55 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (10/02/2013 11:02:54 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (10/01/2013 08:35:23 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HWDeviceService64.exe" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (10/01/2013 01:15:07 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎01.‎10.‎2013 um 02:44:59 unerwartet heruntergefahren.

Error: (10/01/2013 00:57:46 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (10/01/2013 00:57:46 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.

Error: (10/01/2013 00:55:59 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (10/01/2013 00:55:59 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 34%
Total physical RAM: 8191.24 MB
Available physical RAM: 5390.71 MB
Total Pagefile: 16380.66 MB
Available Pagefile: 12803.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:59.53 GB) (Free:20.18 GB) NTFS
Drive e: (Mobile Partner) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 60 GB) (Disk ID: BA6269CA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=60 GB) - (Type=07 NTFS)

==================== End Of Log ============================

ivegotnoclue · 02.10.2013, 13:10

GMER

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-02 12:21:03
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 M4-CT064M4SSD2 rev.040H 59,63GB
Running: zcf3iz5b.exe; Driver: C:\Users\#0\AppData\Local\Temp\pxldypog.sys


---- User code sections - GMER 2.1 ----

.text  C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                               0000000077af1360 8 bytes JMP 000000016fff00d8
.text  C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                             0000000077af1560 8 bytes JMP 000000016fff0110
.text  C:\Windows\system32\csrss.exe[528] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                            0000000077af1b00 8 bytes JMP 000000016fff0148
.text  C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                                               0000000077af1360 8 bytes JMP 000000016fff00d8
.text  C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                                             0000000077af1560 8 bytes JMP 000000016fff0110
.text  C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                            0000000077af1b00 8 bytes JMP 000000016fff0148
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                      0000000077ac3b10 6 bytes {JMP QWORD [RIP+0x857c520]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                           0000000077af13a0 6 bytes {JMP QWORD [RIP+0x852ec90]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                0000000077af1570 6 bytes {JMP QWORD [RIP+0x8aeeac0]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                        0000000077af15e0 6 bytes {JMP QWORD [RIP+0x8bcea50]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                     0000000077af1620 6 bytes {JMP QWORD [RIP+0x8b8ea10]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                           0000000077af16c0 6 bytes {JMP QWORD [RIP+0x8bee970]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                   0000000077af1750 6 bytes {JMP QWORD [RIP+0x8b6e8e0]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                    0000000077af1790 6 bytes {JMP QWORD [RIP+0x8a6e8a0]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                 0000000077af17e0 6 bytes {JMP QWORD [RIP+0x8a8e850]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                      0000000077af1800 6 bytes {JMP QWORD [RIP+0x8bae830]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                 0000000077af19f0 6 bytes {JMP QWORD [RIP+0x8c6e640]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                         0000000077af1b00 6 bytes {JMP QWORD [RIP+0x8a4e530]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                     0000000077af1bd0 6 bytes {JMP QWORD [RIP+0x8b0e460]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                        0000000077af1d20 6 bytes {JMP QWORD [RIP+0x8c0e310]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                  0000000077af1d30 6 bytes {JMP QWORD [RIP+0x8c4e300]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                      0000000077af20a0 6 bytes {JMP QWORD [RIP+0x8b2df90]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                             0000000077af2130 6 bytes {JMP QWORD [RIP+0x8c2df00]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                            0000000077af29a0 6 bytes {JMP QWORD [RIP+0x8b4d690]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                  0000000077af2a20 6 bytes {JMP QWORD [RIP+0x8aad610]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                              0000000077af2aa0 6 bytes {JMP QWORD [RIP+0x8acd590]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                           000000007782a420 6 bytes {JMP QWORD [RIP+0x8875c10]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                 0000000077841b50 6 bytes {JMP QWORD [RIP+0x881e4e0]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                 00000000778b8810 6 bytes {JMP QWORD [RIP+0x87c7820]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                         000007fefe269055 3 bytes [B5, 6F, 0D]
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                 000007fefe2753c0 5 bytes [FF, 25, 70, AC, 11]
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx                                                                            000007feff9f4750 6 bytes JMP 0
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\USER32.dll!RegisterRawInputDevices                                                                          0000000077726ef0 6 bytes {JMP QWORD [RIP+0x8cb9140]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\USER32.dll!SystemParametersInfoA                                                                            0000000077728184 6 bytes {JMP QWORD [RIP+0x8d97eac]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\USER32.dll!SetParent                                                                                        0000000077728530 6 bytes {JMP QWORD [RIP+0x8cd7b00]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\USER32.dll!SetWindowLongA                                                                                   0000000077729bcc 6 bytes {JMP QWORD [RIP+0x8a36464]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\USER32.dll!PostMessageA                                                                                     000000007772a404 6 bytes {JMP QWORD [RIP+0x8a75c2c]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\USER32.dll!EnableWindow                                                                                     000000007772aaa0 6 bytes {JMP QWORD [RIP+0x8dd5590]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\USER32.dll!MoveWindow                                                                                       000000007772aad0 6 bytes {JMP QWORD [RIP+0x8cf5560]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\USER32.dll!GetAsyncKeyState                                                                                 000000007772c720 6 bytes {JMP QWORD [RIP+0x8c93910]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\USER32.dll!RegisterHotKey                                                                                   000000007772cd50 6 bytes {JMP QWORD [RIP+0x8d732e0]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\USER32.dll!PostThreadMessageA                                                                               000000007772d2b0 6 bytes {JMP QWORD [RIP+0x8ab2d80]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\USER32.dll!SendMessageA                                                                                     000000007772d338 6 bytes {JMP QWORD [RIP+0x8af2cf8]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\USER32.dll!SendNotifyMessageW                                                                               000000007772dc40 6 bytes {JMP QWORD [RIP+0x8bd23f0]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\USER32.dll!SystemParametersInfoW                                                                            000000007772f510 6 bytes {JMP QWORD [RIP+0x8db0b20]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\USER32.dll!SetWindowsHookExW                                                                                000000007772f874 6 bytes {JMP QWORD [RIP+0x89f07bc]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\USER32.dll!SendMessageTimeoutW                                                                              000000007772fac0 6 bytes {JMP QWORD [RIP+0x8b50570]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\USER32.dll!PostThreadMessageW                                                                               0000000077730b74 6 bytes {JMP QWORD [RIP+0x8acf4bc]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\USER32.dll!SetWindowLongW                                                                                   00000000777333b0 6 bytes {JMP QWORD [RIP+0x8a4cc80]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\USER32.dll!SetWinEventHook + 1                                                                              0000000077734d4d 5 bytes {JMP QWORD [RIP+0x8a0b2e4]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\USER32.dll!GetKeyState                                                                                      0000000077735010 6 bytes {JMP QWORD [RIP+0x8c6b020]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\USER32.dll!SendMessageCallbackW                                                                             0000000077735438 6 bytes {JMP QWORD [RIP+0x8b8abf8]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\USER32.dll!SendMessageW                                                                                     0000000077736b50 6 bytes {JMP QWORD [RIP+0x8b094e0]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\USER32.dll!PostMessageW                                                                                     00000000777376e4 6 bytes {JMP QWORD [RIP+0x8a8894c]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\USER32.dll!SendDlgItemMessageW                                                                              000000007773dd90 6 bytes {JMP QWORD [RIP+0x8c022a0]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\USER32.dll!GetClipboardData                                                                                 000000007773e874 6 bytes {JMP QWORD [RIP+0x8d417bc]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\USER32.dll!SetClipboardViewer                                                                               000000007773f780 6 bytes {JMP QWORD [RIP+0x8d008b0]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\USER32.dll!SendNotifyMessageA                                                                               00000000777428e4 6 bytes {JMP QWORD [RIP+0x8b9d74c]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\USER32.dll!mouse_event                                                                                      0000000077743894 6 bytes {JMP QWORD [RIP+0x899c79c]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\USER32.dll!GetKeyboardState                                                                                 0000000077748a10 6 bytes {JMP QWORD [RIP+0x8c37620]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\USER32.dll!SendMessageTimeoutA                                                                              0000000077748be0 6 bytes {JMP QWORD [RIP+0x8b17450]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\USER32.dll!SetWindowsHookExA                                                                                0000000077748c20 6 bytes {JMP QWORD [RIP+0x89b7410]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\USER32.dll!SendInput                                                                                        0000000077748cd0 6 bytes {JMP QWORD [RIP+0x8c17360]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\USER32.dll!BlockInput                                                                                       000000007774ad60 6 bytes {JMP QWORD [RIP+0x8d152d0]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\USER32.dll!ExitWindowsEx                                                                                    00000000777714e0 6 bytes {JMP QWORD [RIP+0x8daeb50]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\USER32.dll!keybd_event                                                                                      00000000777945a4 6 bytes {JMP QWORD [RIP+0x892ba8c]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\USER32.dll!SendDlgItemMessageA                                                                              000000007779cc08 6 bytes {JMP QWORD [RIP+0x8b83428]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\USER32.dll!SendMessageCallbackA                                                                             000000007779df18 6 bytes {JMP QWORD [RIP+0x8b02118]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                          000007fefe2d22cc 6 bytes {JMP QWORD [RIP+0x13dd64]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\GDI32.dll!BitBlt                                                                                            000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x15db70]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                           000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x17a450]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                         000007fefe2d8398 6 bytes {JMP QWORD [RIP+0xf7c98]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                         000007fefe2d89c8 6 bytes {JMP QWORD [RIP+0xd7668]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\GDI32.dll!GetPixel                                                                                          000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x116cec]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                        000007fefe2db9e8 6 bytes {JMP QWORD [RIP+0x324648]}
.text  C:\Windows\system32\services.exe[660] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                            000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x2fac20]}
.text  C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                         0000000077ac3b10 6 bytes {JMP QWORD [RIP+0x857c520]}
.text  C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                              0000000077af13a0 6 bytes {JMP QWORD [RIP+0x852ec90]}
.text  C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                   0000000077af1570 6 bytes {JMP QWORD [RIP+0x8aeeac0]}
.text  C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                           0000000077af15e0 6 bytes {JMP QWORD [RIP+0x8bcea50]}
.text  C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                        0000000077af1620 6 bytes {JMP QWORD [RIP+0x8b8ea10]}
.text  C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                              0000000077af16c0 6 bytes {JMP QWORD [RIP+0x8bee970]}
.text  C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                      0000000077af1750 6 bytes {JMP QWORD [RIP+0x8b6e8e0]}
.text  C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                       0000000077af1790 6 bytes {JMP QWORD [RIP+0x8a6e8a0]}
.text  C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                    0000000077af17e0 6 bytes {JMP QWORD [RIP+0x8a8e850]}
.text  C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                         0000000077af1800 6 bytes {JMP QWORD [RIP+0x8bae830]}
.text  C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                    0000000077af19f0 6 bytes {JMP QWORD [RIP+0x8c6e640]}
.text  C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                            0000000077af1b00 6 bytes {JMP QWORD [RIP+0x8a4e530]}
.text  C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                        0000000077af1bd0 6 bytes {JMP QWORD [RIP+0x8b0e460]}
.text  C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                           0000000077af1d20 6 bytes {JMP QWORD [RIP+0x8c0e310]}
.text  C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                     0000000077af1d30 6 bytes {JMP QWORD [RIP+0x8c4e300]}
.text  C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                         0000000077af20a0 6 bytes {JMP QWORD [RIP+0x8b2df90]}
.text  C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                                0000000077af2130 6 bytes {JMP QWORD [RIP+0x8c2df00]}
.text  C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                               0000000077af29a0 6 bytes {JMP QWORD [RIP+0x8b4d690]}
.text  C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                     0000000077af2a20 6 bytes {JMP QWORD [RIP+0x8aad610]}
.text  C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                 0000000077af2aa0 6 bytes {JMP QWORD [RIP+0x8acd590]}
.text  C:\Windows\system32\lsass.exe[668] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                            000007fefe269055 3 bytes CALL 0
.text  C:\Windows\system32\lsass.exe[668] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                    000007fefe2753c0 5 bytes JMP 0
.text  C:\Windows\system32\lsass.exe[668] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                             000007fefe2d22cc 6 bytes {JMP QWORD [RIP+0x13dd64]}
.text  C:\Windows\system32\lsass.exe[668] C:\Windows\system32\GDI32.dll!BitBlt                                                                                               000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x15db70]}
.text  C:\Windows\system32\lsass.exe[668] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                              000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x17a450]}
.text  C:\Windows\system32\lsass.exe[668] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                            000007fefe2d8398 6 bytes JMP 0
.text  C:\Windows\system32\lsass.exe[668] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                            000007fefe2d89c8 6 bytes JMP 0
.text  C:\Windows\system32\lsass.exe[668] C:\Windows\system32\GDI32.dll!GetPixel                                                                                             000007fefe2d9344 6 bytes JMP 0
.text  C:\Windows\system32\lsass.exe[668] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                           000007fefe2db9e8 6 bytes {JMP QWORD [RIP+0x324648]}
.text  C:\Windows\system32\lsass.exe[668] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                               000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x2fac20]}
.text  C:\Windows\system32\lsass.exe[668] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA                                                                              000007feffb2a1a0 6 bytes JMP 0
.text  C:\Windows\system32\lsass.exe[668] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                                           000007feffb4fa50 6 bytes JMP 0
.text  C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                           0000000077ac3b10 6 bytes {JMP QWORD [RIP+0x857c520]}
.text  C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                0000000077af13a0 6 bytes {JMP QWORD [RIP+0x852ec90]}
.text  C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                     0000000077af1570 6 bytes {JMP QWORD [RIP+0x8aeeac0]}
.text  C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                             0000000077af15e0 6 bytes {JMP QWORD [RIP+0x8bcea50]}
.text  C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                          0000000077af1620 6 bytes {JMP QWORD [RIP+0x8b8ea10]}
.text  C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                                0000000077af16c0 6 bytes {JMP QWORD [RIP+0x8bee970]}
.text  C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                        0000000077af1750 6 bytes {JMP QWORD [RIP+0x8b6e8e0]}
.text  C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                         0000000077af1790 6 bytes {JMP QWORD [RIP+0x8a6e8a0]}
.text  C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                      0000000077af17e0 6 bytes {JMP QWORD [RIP+0x8a8e850]}
.text  C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                           0000000077af1800 6 bytes {JMP QWORD [RIP+0x8bae830]}
.text  C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                      0000000077af19f0 6 bytes {JMP QWORD [RIP+0x8c6e640]}
.text  C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                              0000000077af1b00 6 bytes {JMP QWORD [RIP+0x8a4e530]}
.text  C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                          0000000077af1bd0 6 bytes {JMP QWORD [RIP+0x8b0e460]}
.text  C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                             0000000077af1d20 6 bytes {JMP QWORD [RIP+0x8c0e310]}
.text  C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                       0000000077af1d30 6 bytes {JMP QWORD [RIP+0x8c4e300]}
.text  C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                           0000000077af20a0 6 bytes {JMP QWORD [RIP+0x8b2df90]}
.text  C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                                  0000000077af2130 6 bytes {JMP QWORD [RIP+0x8c2df00]}
.text  C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                 0000000077af29a0 6 bytes {JMP QWORD [RIP+0x8b4d690]}
.text  C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                       0000000077af2a20 6 bytes {JMP QWORD [RIP+0x8aad610]}
.text  C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                   0000000077af2aa0 6 bytes {JMP QWORD [RIP+0x8acd590]}
.text  C:\Windows\system32\lsm.exe[676] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                              000007fefe269055 3 bytes [B5, 6F, 0D]
.text  C:\Windows\system32\lsm.exe[676] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                      000007fefe2753c0 5 bytes [FF, 25, 70, AC, 11]
.text  C:\Windows\system32\lsm.exe[676] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                               000007fefe2d22cc 6 bytes {JMP QWORD [RIP+0x13dd64]}
.text  C:\Windows\system32\lsm.exe[676] C:\Windows\system32\GDI32.dll!BitBlt                                                                                                 000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x15db70]}
.text  C:\Windows\system32\lsm.exe[676] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                                000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x17a450]}
.text  C:\Windows\system32\lsm.exe[676] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                              000007fefe2d8398 6 bytes {JMP QWORD [RIP+0xf7c98]}
.text  C:\Windows\system32\lsm.exe[676] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                              000007fefe2d89c8 6 bytes {JMP QWORD [RIP+0xd7668]}
.text  C:\Windows\system32\lsm.exe[676] C:\Windows\system32\GDI32.dll!GetPixel                                                                                               000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x116cec]}
.text  C:\Windows\system32\lsm.exe[676] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                             000007fefe2db9e8 6 bytes JMP 0
.text  C:\Windows\system32\lsm.exe[676] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                                 000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x2fac20]}
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                       0000000077ac3b10 6 bytes {JMP QWORD [RIP+0x857c520]}
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                            0000000077af13a0 6 bytes {JMP QWORD [RIP+0x852ec90]}
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                 0000000077af1570 6 bytes {JMP QWORD [RIP+0x8aeeac0]}
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                         0000000077af15e0 6 bytes {JMP QWORD [RIP+0x8bcea50]}
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                      0000000077af1620 6 bytes {JMP QWORD [RIP+0x8b8ea10]}
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                            0000000077af16c0 6 bytes {JMP QWORD [RIP+0x8bee970]}
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                    0000000077af1750 6 bytes {JMP QWORD [RIP+0x8b6e8e0]}
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                     0000000077af1790 6 bytes {JMP QWORD [RIP+0x8a6e8a0]}
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                  0000000077af17e0 6 bytes {JMP QWORD [RIP+0x8a8e850]}
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                       0000000077af1800 6 bytes {JMP QWORD [RIP+0x8bae830]}
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                  0000000077af19f0 6 bytes {JMP QWORD [RIP+0x8c6e640]}
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                          0000000077af1b00 6 bytes {JMP QWORD [RIP+0x8a4e530]}
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                      0000000077af1bd0 6 bytes {JMP QWORD [RIP+0x8b0e460]}
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                         0000000077af1d20 6 bytes {JMP QWORD [RIP+0x8c0e310]}
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                   0000000077af1d30 6 bytes {JMP QWORD [RIP+0x8c4e300]}
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                       0000000077af20a0 6 bytes {JMP QWORD [RIP+0x8b2df90]}
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                              0000000077af2130 6 bytes {JMP QWORD [RIP+0x8c2df00]}
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                             0000000077af29a0 6 bytes {JMP QWORD [RIP+0x8b4d690]}
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                   0000000077af2a20 6 bytes {JMP QWORD [RIP+0x8aad610]}
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                               0000000077af2aa0 6 bytes {JMP QWORD [RIP+0x8acd590]}
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                            000000007782a420 6 bytes {JMP QWORD [RIP+0x8875c10]}
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                  0000000077841b50 6 bytes {JMP QWORD [RIP+0x881e4e0]}
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                  00000000778b8810 6 bytes {JMP QWORD [RIP+0x87c7820]}
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                          000007fefe269055 3 bytes [B5, 6F, 0D]
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                  000007fefe2753c0 5 bytes [FF, 25, 70, AC, 11]
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx                                                                             000007feff9f4750 6 bytes {JMP QWORD [RIP+0x26b8e0]}
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                           000007fefe2d22cc 6 bytes {JMP QWORD [RIP+0x13dd64]}
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\system32\GDI32.dll!BitBlt                                                                                             000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x15db70]}
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                            000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x17a450]}
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                          000007fefe2d8398 6 bytes {JMP QWORD [RIP+0xf7c98]}
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                          000007fefe2d89c8 6 bytes {JMP QWORD [RIP+0xd7668]}
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\system32\GDI32.dll!GetPixel                                                                                           000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x116cec]}
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                         000007fefe2db9e8 6 bytes JMP 50030000
.text  C:\Windows\system32\svchost.exe[836] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                             000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x2fac20]}
.text  C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                        0000000077ac3b10 6 bytes {JMP QWORD [RIP+0x857c520]}
.text  C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                             0000000077af13a0 6 bytes {JMP QWORD [RIP+0x852ec90]}
.text  C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                  0000000077af1570 6 bytes {JMP QWORD [RIP+0x8aeeac0]}
.text  C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                          0000000077af15e0 6 bytes {JMP QWORD [RIP+0x8bcea50]}
.text  C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                       0000000077af1620 6 bytes {JMP QWORD [RIP+0x8b8ea10]}
.text  C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                             0000000077af16c0 6 bytes {JMP QWORD [RIP+0x8bee970]}
.text  C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                     0000000077af1750 6 bytes {JMP QWORD [RIP+0x8b6e8e0]}
.text  C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                      0000000077af1790 6 bytes {JMP QWORD [RIP+0x8a6e8a0]}
.text  C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                   0000000077af17e0 6 bytes {JMP QWORD [RIP+0x8a8e850]}
.text  C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                        0000000077af1800 6 bytes {JMP QWORD [RIP+0x8bae830]}
.text  C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                   0000000077af19f0 6 bytes {JMP QWORD [RIP+0x8c6e640]}
.text  C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                           0000000077af1b00 6 bytes {JMP QWORD [RIP+0x8a4e530]}
.text  C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                       0000000077af1bd0 6 bytes {JMP QWORD [RIP+0x8b0e460]}
.text  C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                          0000000077af1d20 6 bytes {JMP QWORD [RIP+0x8c0e310]}
.text  C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                    0000000077af1d30 6 bytes {JMP QWORD [RIP+0x8c4e300]}
.text  C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                        0000000077af20a0 6 bytes {JMP QWORD [RIP+0x8b2df90]}
.text  C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                               0000000077af2130 6 bytes {JMP QWORD [RIP+0x8c2df00]}
.text  C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                              0000000077af29a0 6 bytes {JMP QWORD [RIP+0x8b4d690]}
.text  C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                    0000000077af2a20 6 bytes {JMP QWORD [RIP+0x8aad610]}
.text  C:\Windows\system32\nvvsvc.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                0000000077af2aa0 6 bytes {JMP QWORD [RIP+0x8acd590]}
.text  C:\Windows\system32\nvvsvc.exe[892] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                             000000007782a420 6 bytes {JMP QWORD [RIP+0x8875c10]}
.text  C:\Windows\system32\nvvsvc.exe[892] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                   0000000077841b50 6 bytes {JMP QWORD [RIP+0x881e4e0]}
.text  C:\Windows\system32\nvvsvc.exe[892] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                   00000000778b8810 6 bytes {JMP QWORD [RIP+0x87c7820]}
.text  C:\Windows\system32\nvvsvc.exe[892] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                           000007fefe269055 3 bytes CALL 20006e00
.text  C:\Windows\system32\nvvsvc.exe[892] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                   000007fefe2753c0 5 bytes [FF, 25, 70, AC, 11]
.text  C:\Windows\system32\nvvsvc.exe[892] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                            000007fefe2d22cc 6 bytes {JMP QWORD [RIP+0x13dd64]}
.text  C:\Windows\system32\nvvsvc.exe[892] C:\Windows\system32\GDI32.dll!BitBlt                                                                                              000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x15db70]}
.text  C:\Windows\system32\nvvsvc.exe[892] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                             000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x17a450]}
.text  C:\Windows\system32\nvvsvc.exe[892] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                           000007fefe2d8398 6 bytes {JMP QWORD [RIP+0xf7c98]}
.text  C:\Windows\system32\nvvsvc.exe[892] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                           000007fefe2d89c8 6 bytes JMP 720065
.text  C:\Windows\system32\nvvsvc.exe[892] C:\Windows\system32\GDI32.dll!GetPixel                                                                                            000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x116cec]}
.text  C:\Windows\system32\nvvsvc.exe[892] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                          000007fefe2db9e8 6 bytes {JMP QWORD [RIP+0x824648]}
.text  C:\Windows\system32\nvvsvc.exe[892] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                              000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x7fac20]}
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                        0000000077c9f9e0 3 bytes JMP 71af000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4                                                    0000000077c9f9e4 2 bytes JMP 71af000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                             0000000077c9fcb0 3 bytes JMP 70fa000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4                                         0000000077c9fcb4 2 bytes JMP 70fa000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                     0000000077c9fd64 3 bytes JMP 70e5000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                 0000000077c9fd68 2 bytes JMP 70e5000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                  0000000077c9fdc8 3 bytes JMP 70eb000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4                                              0000000077c9fdcc 2 bytes JMP 70eb000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                        0000000077c9fec0 3 bytes JMP 70e2000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4                                    0000000077c9fec4 2 bytes JMP 70e2000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                0000000077c9ffa4 3 bytes JMP 70ee000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4                                            0000000077c9ffa8 2 bytes JMP 70ee000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                 0000000077ca0004 3 bytes JMP 7106000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4                                             0000000077ca0008 2 bytes JMP 7106000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                              0000000077ca0084 3 bytes JMP 7103000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4                                          0000000077ca0088 2 bytes JMP 7103000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                   0000000077ca00b4 3 bytes JMP 70e8000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                               0000000077ca00b8 2 bytes JMP 70e8000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                              0000000077ca03b8 3 bytes JMP 70d6000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4                                          0000000077ca03bc 2 bytes JMP 70d6000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                      0000000077ca0550 3 bytes JMP 7109000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4                                  0000000077ca0554 2 bytes JMP 7109000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                  0000000077ca0694 3 bytes JMP 70f7000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4                                              0000000077ca0698 2 bytes JMP 70f7000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                     0000000077ca088c 3 bytes JMP 70df000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4                                 0000000077ca0890 2 bytes JMP 70df000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                               0000000077ca08a4 3 bytes JMP 70d9000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4                                           0000000077ca08a8 2 bytes JMP 70d9000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                   0000000077ca0df4 3 bytes JMP 70f4000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4                                               0000000077ca0df8 2 bytes JMP 70f4000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                          0000000077ca0ed8 3 bytes JMP 70dc000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4                                      0000000077ca0edc 2 bytes JMP 70dc000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                         0000000077ca1be4 3 bytes JMP 70f1000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4                                     0000000077ca1be8 2 bytes JMP 70f1000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                               0000000077ca1cb4 3 bytes JMP 7100000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4                                           0000000077ca1cb8 2 bytes JMP 7100000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                           0000000077ca1d8c 3 bytes JMP 70fd000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4                                       0000000077ca1d90 2 bytes JMP 70fd000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                   0000000077cc1287 6 bytes JMP 71a8000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                              0000000075ce103d 6 bytes JMP 719c000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                              0000000075ce1072 6 bytes JMP 7199000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                        0000000075d0c965 6 bytes JMP 7190000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters                              0000000075c5f776 6 bytes JMP 719f000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                      0000000075c62c91 4 bytes CALL 71ac0000
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                        0000000075732538 6 bytes JMP 7196000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                     00000000757352e9 6 bytes JMP 7193000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\GDI32.dll!DeleteDC                                                       00000000761d58b3 6 bytes JMP 7184000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\GDI32.dll!BitBlt                                                         00000000761d5ea6 6 bytes JMP 7181000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\GDI32.dll!CreateDCA                                                      00000000761d7bcc 6 bytes JMP 718d000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\GDI32.dll!StretchBlt                                                     00000000761db895 6 bytes JMP 7178000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\GDI32.dll!MaskBlt                                                        00000000761dc332 6 bytes JMP 717e000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\GDI32.dll!GetPixel                                                       00000000761dcbfb 6 bytes JMP 7187000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\GDI32.dll!CreateDCW                                                      00000000761de743 6 bytes JMP 718a000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\GDI32.dll!PlgBlt                                                         0000000076204646 6 bytes JMP 717b000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!SetWindowLongW                                                0000000075988332 6 bytes JMP 7163000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!PostThreadMessageW                                            0000000075988bff 6 bytes JMP 7157000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW                                         00000000759890d3 6 bytes JMP 7112000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!SendMessageW                                                  0000000075989679 6 bytes JMP 7151000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW                                           00000000759897d2 6 bytes JMP 714b000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                               000000007598ee09 6 bytes JMP 7169000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!RegisterHotKey                                                000000007598efc9 3 bytes JMP 7118000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4                                            000000007598efcd 2 bytes JMP 7118000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!PostMessageW                                                  00000000759912a5 6 bytes JMP 715d000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!GetKeyState                                                   000000007599291f 6 bytes JMP 7130000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!SetParent                                                     0000000075992d64 3 bytes JMP 7127000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!SetParent + 4                                                 0000000075992d68 2 bytes JMP 7127000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!EnableWindow                                                  0000000075992da4 6 bytes JMP 710f000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!MoveWindow                                                    0000000075993698 3 bytes JMP 7124000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!MoveWindow + 4                                                000000007599369c 2 bytes JMP 7124000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!PostMessageA                                                  0000000075993baa 6 bytes JMP 7160000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!PostThreadMessageA                                            0000000075993c61 6 bytes JMP 715a000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!SetWindowLongA                                                0000000075996110 6 bytes JMP 7166000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!SendMessageA                                                  000000007599612e 6 bytes JMP 7154000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA                                         0000000075996c30 6 bytes JMP 7115000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                             0000000075997603 6 bytes JMP 716c000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW                                            0000000075997668 6 bytes JMP 713f000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW                                          00000000759976e0 6 bytes JMP 7145000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA                                           000000007599781f 6 bytes JMP 714e000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                             000000007599835c 6 bytes JMP 716f000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                                            000000007599c4b6 3 bytes JMP 7121000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4                                        000000007599c4ba 2 bytes JMP 7121000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA                                           00000000759ac112 6 bytes JMP 713c000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW                                           00000000759ad0f5 6 bytes JMP 7139000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                              00000000759aeb96 6 bytes JMP 712d000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!GetKeyboardState                                              00000000759aec68 3 bytes JMP 7133000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4                                          00000000759aec6c 2 bytes JMP 7133000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!SendInput                                                     00000000759aff4a 3 bytes JMP 7136000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!SendInput + 4                                                 00000000759aff4e 2 bytes JMP 7136000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!GetClipboardData                                              00000000759c9f1d 6 bytes JMP 711b000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!ExitWindowsEx                                                 00000000759d1497 6 bytes JMP 710c000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!mouse_event                                                   00000000759e027b 6 bytes JMP 7172000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!keybd_event                                                   00000000759e02bf 6 bytes JMP 7175000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA                                          00000000759e6cfc 6 bytes JMP 7148000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA                                            00000000759e6d5d 6 bytes JMP 7142000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!BlockInput                                                    00000000759e7dd7 3 bytes JMP 711e000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!BlockInput + 4                                                00000000759e7ddb 2 bytes JMP 711e000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices                                       00000000759e88eb 3 bytes JMP 712a000a
.text  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[916] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4                                   00000000759e88ef 2 bytes JMP 712a000a
.text  C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                       0000000077ac3b10 6 bytes {JMP QWORD [RIP+0x857c520]}
.text  C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                            0000000077af13a0 6 bytes {JMP QWORD [RIP+0x852ec90]}
.text  C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                 0000000077af1570 6 bytes {JMP QWORD [RIP+0x8aeeac0]}
.text  C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                         0000000077af15e0 6 bytes {JMP QWORD [RIP+0x8bcea50]}
.text  C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                      0000000077af1620 6 bytes {JMP QWORD [RIP+0x8b8ea10]}
.text  C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                            0000000077af16c0 6 bytes {JMP QWORD [RIP+0x8bee970]}
.text  C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                    0000000077af1750 6 bytes {JMP QWORD [RIP+0x8b6e8e0]}
.text  C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                     0000000077af1790 6 bytes {JMP QWORD [RIP+0x8a6e8a0]}
.text  C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                  0000000077af17e0 6 bytes {JMP QWORD [RIP+0x8a8e850]}
.text  C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                       0000000077af1800 6 bytes {JMP QWORD [RIP+0x8bae830]}
.text  C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                  0000000077af19f0 6 bytes {JMP QWORD [RIP+0x8c6e640]}
.text  C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                          0000000077af1b00 6 bytes {JMP QWORD [RIP+0x8a4e530]}
.text  C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                      0000000077af1bd0 6 bytes {JMP QWORD [RIP+0x8b0e460]}
.text  C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                         0000000077af1d20 6 bytes {JMP QWORD [RIP+0x8c0e310]}
.text  C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                   0000000077af1d30 6 bytes {JMP QWORD [RIP+0x8c4e300]}
.text  C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                       0000000077af20a0 6 bytes {JMP QWORD [RIP+0x8b2df90]}
.text  C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                              0000000077af2130 6 bytes {JMP QWORD [RIP+0x8c2df00]}
.text  C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                             0000000077af29a0 6 bytes {JMP QWORD [RIP+0x8b4d690]}
.text  C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                   0000000077af2a20 6 bytes {JMP QWORD [RIP+0x8aad610]}
.text  C:\Windows\system32\svchost.exe[952] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                               0000000077af2aa0 6 bytes {JMP QWORD [RIP+0x8acd590]}
.text  C:\Windows\system32\svchost.exe[952] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                          000007fefe269055 3 bytes [B5, 6F, 0D]
.text  C:\Windows\system32\svchost.exe[952] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                  000007fefe2753c0 5 bytes [FF, 25, 70, AC, 11]
.text  C:\Windows\system32\svchost.exe[952] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx                                                                             000007feff9f4750 6 bytes {JMP QWORD [RIP+0x26b8e0]}
.text  C:\Windows\system32\svchost.exe[952] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                           000007fefe2d22cc 6 bytes {JMP QWORD [RIP+0x13dd64]}
.text  C:\Windows\system32\svchost.exe[952] C:\Windows\system32\GDI32.dll!BitBlt                                                                                             000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x15db70]}
.text  C:\Windows\system32\svchost.exe[952] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                            000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x17a450]}
.text  C:\Windows\system32\svchost.exe[952] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                          000007fefe2d8398 6 bytes {JMP QWORD [RIP+0xf7c98]}
.text  C:\Windows\system32\svchost.exe[952] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                          000007fefe2d89c8 6 bytes {JMP QWORD [RIP+0xd7668]}
.text  C:\Windows\system32\svchost.exe[952] C:\Windows\system32\GDI32.dll!GetPixel                                                                                           000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x116cec]}
.text  C:\Windows\system32\svchost.exe[952] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                         000007fefe2db9e8 6 bytes {JMP QWORD [RIP+0x324648]}
.text  C:\Windows\system32\svchost.exe[952] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                             000007fefe2e5410 6 bytes JMP 0
.text  C:\Windows\system32\svchost.exe[952] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA                                                                            000007feffb2a1a0 6 bytes {JMP QWORD [RIP+0xf5e90]}
.text  C:\Windows\system32\svchost.exe[952] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                                         000007feffb4fa50 6 bytes JMP 0
.text  C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                              0000000077af1430 8 bytes JMP 000000016fff00d8
.text  C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                         0000000077af1800 8 bytes JMP 000000016fff0110
.text  C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                       0000000077ac3b10 6 bytes {JMP QWORD [RIP+0x857c520]}
.text  C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                            0000000077af13a0 6 bytes {JMP QWORD [RIP+0x852ec90]}
.text  C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                 0000000077af1570 6 bytes {JMP QWORD [RIP+0x8aeeac0]}
.text  C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                         0000000077af15e0 6 bytes {JMP QWORD [RIP+0x8bcea50]}
.text  C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                      0000000077af1620 6 bytes {JMP QWORD [RIP+0x8b8ea10]}
.text  C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                            0000000077af16c0 6 bytes {JMP QWORD [RIP+0x8bee970]}
.text  C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                    0000000077af1750 6 bytes {JMP QWORD [RIP+0x8b6e8e0]}
.text  C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                     0000000077af1790 6 bytes {JMP QWORD [RIP+0x8a6e8a0]}
.text  C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                  0000000077af17e0 6 bytes {JMP QWORD [RIP+0x8a8e850]}
.text  C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                       0000000077af1800 6 bytes {JMP QWORD [RIP+0x8bae830]}
.text  C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                  0000000077af19f0 6 bytes {JMP QWORD [RIP+0x8c6e640]}
.text  C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                          0000000077af1b00 6 bytes {JMP QWORD [RIP+0x8a4e530]}
.text  C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                      0000000077af1bd0 6 bytes {JMP QWORD [RIP+0x8b0e460]}
.text  C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                         0000000077af1d20 6 bytes {JMP QWORD [RIP+0x8c0e310]}

ivegotnoclue · 02.10.2013, 13:10

GMER - Teil 2

Code:

ATTFilter

.text  C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                   0000000077af1d30 6 bytes {JMP QWORD [RIP+0x8c4e300]}
.text  C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                       0000000077af20a0 6 bytes {JMP QWORD [RIP+0x8b2df90]}
.text  C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                              0000000077af2130 6 bytes {JMP QWORD [RIP+0x8c2df00]}
.text  C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                             0000000077af29a0 6 bytes {JMP QWORD [RIP+0x8b4d690]}
.text  C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                   0000000077af2a20 6 bytes {JMP QWORD [RIP+0x8aad610]}
.text  C:\Windows\system32\svchost.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                               0000000077af2aa0 6 bytes {JMP QWORD [RIP+0x8acd590]}
.text  C:\Windows\system32\svchost.exe[472] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                            000000007782a420 6 bytes {JMP QWORD [RIP+0x8875c10]}
.text  C:\Windows\system32\svchost.exe[472] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                  0000000077841b50 6 bytes {JMP QWORD [RIP+0x881e4e0]}
.text  C:\Windows\system32\svchost.exe[472] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                  00000000778b8810 6 bytes {JMP QWORD [RIP+0x87c7820]}
.text  C:\Windows\system32\svchost.exe[472] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                          000007fefe269055 3 bytes CALL 0
.text  C:\Windows\system32\svchost.exe[472] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                  000007fefe2753c0 5 bytes JMP 0
.text  C:\Windows\system32\svchost.exe[472] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                           000007fefe2d22cc 6 bytes {JMP QWORD [RIP+0x13dd64]}
.text  C:\Windows\system32\svchost.exe[472] C:\Windows\system32\GDI32.dll!BitBlt                                                                                             000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x15db70]}
.text  C:\Windows\system32\svchost.exe[472] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                            000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x17a450]}
.text  C:\Windows\system32\svchost.exe[472] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                          000007fefe2d8398 6 bytes JMP 0
.text  C:\Windows\system32\svchost.exe[472] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                          000007fefe2d89c8 6 bytes JMP 0
.text  C:\Windows\system32\svchost.exe[472] C:\Windows\system32\GDI32.dll!GetPixel                                                                                           000007fefe2d9344 6 bytes JMP 0
.text  C:\Windows\system32\svchost.exe[472] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                         000007fefe2db9e8 6 bytes {JMP QWORD [RIP+0x324648]}
.text  C:\Windows\system32\svchost.exe[472] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                             000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x2fac20]}
.text  C:\Windows\system32\svchost.exe[472] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA                                                                            000007feffb2a1a0 6 bytes JMP 0
.text  C:\Windows\system32\svchost.exe[472] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                                         000007feffb4fa50 6 bytes JMP 0
.text  C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                       0000000077ac3b10 6 bytes {JMP QWORD [RIP+0x857c520]}
.text  C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                            0000000077af13a0 6 bytes {JMP QWORD [RIP+0x852ec90]}
.text  C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                 0000000077af1570 6 bytes {JMP QWORD [RIP+0x8aeeac0]}
.text  C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                         0000000077af15e0 6 bytes {JMP QWORD [RIP+0x8bcea50]}
.text  C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                      0000000077af1620 6 bytes {JMP QWORD [RIP+0x8b8ea10]}
.text  C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                            0000000077af16c0 6 bytes {JMP QWORD [RIP+0x8bee970]}
.text  C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                    0000000077af1750 6 bytes {JMP QWORD [RIP+0x8b6e8e0]}
.text  C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                     0000000077af1790 6 bytes {JMP QWORD [RIP+0x8a6e8a0]}
.text  C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                  0000000077af17e0 6 bytes {JMP QWORD [RIP+0x8a8e850]}
.text  C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                       0000000077af1800 6 bytes {JMP QWORD [RIP+0x8bae830]}
.text  C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                  0000000077af19f0 6 bytes {JMP QWORD [RIP+0x8c6e640]}
.text  C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                          0000000077af1b00 6 bytes {JMP QWORD [RIP+0x8a4e530]}
.text  C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                      0000000077af1bd0 6 bytes {JMP QWORD [RIP+0x8b0e460]}
.text  C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                         0000000077af1d20 6 bytes {JMP QWORD [RIP+0x8c0e310]}
.text  C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                   0000000077af1d30 6 bytes {JMP QWORD [RIP+0x8c4e300]}
.text  C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                       0000000077af20a0 6 bytes {JMP QWORD [RIP+0x8b2df90]}
.text  C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                              0000000077af2130 6 bytes {JMP QWORD [RIP+0x8c2df00]}
.text  C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                             0000000077af29a0 6 bytes {JMP QWORD [RIP+0x8b4d690]}
.text  C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                   0000000077af2a20 6 bytes {JMP QWORD [RIP+0x8aad610]}
.text  C:\Windows\System32\svchost.exe[736] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                               0000000077af2aa0 6 bytes {JMP QWORD [RIP+0x8acd590]}
.text  C:\Windows\System32\svchost.exe[736] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                            000000007782a420 6 bytes {JMP QWORD [RIP+0x8875c10]}
.text  C:\Windows\System32\svchost.exe[736] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                  0000000077841b50 6 bytes {JMP QWORD [RIP+0x881e4e0]}
.text  C:\Windows\System32\svchost.exe[736] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                  00000000778b8810 6 bytes {JMP QWORD [RIP+0x87c7820]}
.text  C:\Windows\System32\svchost.exe[736] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                          000007fefe269055 3 bytes [B5, 6F, 0D]
.text  C:\Windows\System32\svchost.exe[736] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                  000007fefe2753c0 5 bytes [FF, 25, 70, AC, 11]
.text  C:\Windows\System32\svchost.exe[736] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                           000007fefe2d22cc 6 bytes JMP 5000000
.text  C:\Windows\System32\svchost.exe[736] C:\Windows\system32\GDI32.dll!BitBlt                                                                                             000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x15db70]}
.text  C:\Windows\System32\svchost.exe[736] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                            000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x17a450]}
.text  C:\Windows\System32\svchost.exe[736] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                          000007fefe2d8398 6 bytes {JMP QWORD [RIP+0xf7c98]}
.text  C:\Windows\System32\svchost.exe[736] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                          000007fefe2d89c8 6 bytes {JMP QWORD [RIP+0xd7668]}
.text  C:\Windows\System32\svchost.exe[736] C:\Windows\system32\GDI32.dll!GetPixel                                                                                           000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x116cec]}
.text  C:\Windows\System32\svchost.exe[736] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                         000007fefe2db9e8 6 bytes JMP 0
.text  C:\Windows\System32\svchost.exe[736] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                             000007fefe2e5410 6 bytes JMP 0
.text  C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                       0000000077ac3b10 6 bytes JMP 8ec0
.text  C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                            0000000077af13a0 6 bytes JMP 7f04f11
.text  C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                 0000000077af1570 6 bytes JMP 647701
.text  C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                         0000000077af15e0 6 bytes JMP 8706491
.text  C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                      0000000077af1620 6 bytes JMP 40004
.text  C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                            0000000077af16c0 6 bytes JMP 7c501
.text  C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                    0000000077af1750 6 bytes JMP 0
.text  C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                     0000000077af1790 6 bytes JMP 0
.text  C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                  0000000077af17e0 6 bytes JMP 0
.text  C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                       0000000077af1800 6 bytes JMP 87937d9
.text  C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                  0000000077af19f0 6 bytes JMP 87055b9
.text  C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                          0000000077af1b00 6 bytes JMP 0
.text  C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                      0000000077af1bd0 6 bytes JMP 0
.text  C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                         0000000077af1d20 6 bytes JMP 0
.text  C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                   0000000077af1d30 6 bytes JMP 0
.text  C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                       0000000077af20a0 6 bytes JMP 0
.text  C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                              0000000077af2130 6 bytes JMP 0
.text  C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                             0000000077af29a0 6 bytes JMP 8840099
.text  C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                   0000000077af2a20 6 bytes JMP 63501
.text  C:\Windows\System32\svchost.exe[672] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                               0000000077af2aa0 6 bytes JMP 85201
.text  C:\Windows\System32\svchost.exe[672] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                            000000007782a420 6 bytes JMP 8d967f0
.text  C:\Windows\System32\svchost.exe[672] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                  0000000077841b50 6 bytes JMP 4
.text  C:\Windows\System32\svchost.exe[672] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                  00000000778b8810 6 bytes JMP 8e01c80
.text  C:\Windows\System32\svchost.exe[672] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                          000007fefe269055 3 bytes [B5, 6F, 0D]
.text  C:\Windows\System32\svchost.exe[672] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                  000007fefe2753c0 5 bytes [FF, 25, 70, AC, 11]
.text  C:\Windows\System32\svchost.exe[672] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                           000007fefe2d22cc 6 bytes JMP 0
.text  C:\Windows\System32\svchost.exe[672] C:\Windows\system32\GDI32.dll!BitBlt                                                                                             000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x15db70]}
.text  C:\Windows\System32\svchost.exe[672] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                            000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x17a450]}
.text  C:\Windows\System32\svchost.exe[672] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                          000007fefe2d8398 6 bytes JMP aba7
.text  C:\Windows\System32\svchost.exe[672] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                          000007fefe2d89c8 6 bytes {JMP QWORD [RIP+0xd7668]}
.text  C:\Windows\System32\svchost.exe[672] C:\Windows\system32\GDI32.dll!GetPixel                                                                                           000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x116cec]}
.text  C:\Windows\System32\svchost.exe[672] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                         000007fefe2db9e8 6 bytes {JMP QWORD [RIP+0x324648]}
.text  C:\Windows\System32\svchost.exe[672] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                             000007fefe2e5410 6 bytes JMP 0
.text  C:\Windows\System32\svchost.exe[672] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA                                                                            000007feffb2a1a0 6 bytes JMP 6f25
.text  C:\Windows\System32\svchost.exe[672] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                                         000007feffb4fa50 6 bytes JMP cfc
.text  C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                      0000000077ac3b10 6 bytes {JMP QWORD [RIP+0x857c520]}
.text  C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                           0000000077af13a0 6 bytes {JMP QWORD [RIP+0x852ec90]}
.text  C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                0000000077af1570 6 bytes {JMP QWORD [RIP+0x8aeeac0]}
.text  C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                        0000000077af15e0 6 bytes {JMP QWORD [RIP+0x8bcea50]}
.text  C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                     0000000077af1620 6 bytes {JMP QWORD [RIP+0x8b8ea10]}
.text  C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                           0000000077af16c0 6 bytes {JMP QWORD [RIP+0x8bee970]}
.text  C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                   0000000077af1750 6 bytes {JMP QWORD [RIP+0x8b6e8e0]}
.text  C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                    0000000077af1790 6 bytes {JMP QWORD [RIP+0x8a6e8a0]}
.text  C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                 0000000077af17e0 6 bytes {JMP QWORD [RIP+0x8a8e850]}
.text  C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                      0000000077af1800 6 bytes {JMP QWORD [RIP+0x8bae830]}
.text  C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                 0000000077af19f0 6 bytes {JMP QWORD [RIP+0x8c6e640]}
.text  C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                         0000000077af1b00 6 bytes {JMP QWORD [RIP+0x8a4e530]}
.text  C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                     0000000077af1bd0 6 bytes {JMP QWORD [RIP+0x8b0e460]}
.text  C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                        0000000077af1d20 6 bytes {JMP QWORD [RIP+0x8c0e310]}
.text  C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                  0000000077af1d30 6 bytes {JMP QWORD [RIP+0x8c4e300]}
.text  C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                      0000000077af20a0 6 bytes {JMP QWORD [RIP+0x8b2df90]}
.text  C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                             0000000077af2130 6 bytes {JMP QWORD [RIP+0x8c2df00]}
.text  C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                            0000000077af29a0 6 bytes {JMP QWORD [RIP+0x8b4d690]}
.text  C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                  0000000077af2a20 6 bytes {JMP QWORD [RIP+0x8aad610]}
.text  C:\Windows\system32\svchost.exe[1088] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                              0000000077af2aa0 6 bytes {JMP QWORD [RIP+0x8acd590]}
.text  C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                           000000007782a420 6 bytes {JMP QWORD [RIP+0x8875c10]}
.text  C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                 0000000077841b50 6 bytes {JMP QWORD [RIP+0x881e4e0]}
.text  C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                 00000000778b8810 6 bytes {JMP QWORD [RIP+0x87c7820]}
.text  C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                         000007fefe269055 3 bytes [B5, 6F, 0D]
.text  C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                 000007fefe2753c0 5 bytes [FF, 25, 70, AC, 11]
.text  C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                          000007fefe2d22cc 6 bytes {JMP QWORD [RIP+0x13dd64]}
.text  C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!BitBlt                                                                                            000007fefe2d24c0 6 bytes JMP 158500
.text  C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                           000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x17a450]}
.text  C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                         000007fefe2d8398 6 bytes {JMP QWORD [RIP+0xf7c98]}
.text  C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                         000007fefe2d89c8 6 bytes {JMP QWORD [RIP+0xd7668]}
.text  C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!GetPixel                                                                                          000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x116cec]}
.text  C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                        000007fefe2db9e8 6 bytes {JMP QWORD [RIP+0x324648]}
.text  C:\Windows\system32\svchost.exe[1088] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                            000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x2fac20]}
.text  C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                      0000000077ac3b10 6 bytes {JMP QWORD [RIP+0x857c520]}
.text  C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                           0000000077af13a0 6 bytes {JMP QWORD [RIP+0x852ec90]}
.text  C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                0000000077af1570 6 bytes {JMP QWORD [RIP+0x8aeeac0]}
.text  C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                        0000000077af15e0 6 bytes {JMP QWORD [RIP+0x8bcea50]}
.text  C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                     0000000077af1620 6 bytes {JMP QWORD [RIP+0x8b8ea10]}
.text  C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                           0000000077af16c0 6 bytes {JMP QWORD [RIP+0x8bee970]}
.text  C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                   0000000077af1750 6 bytes {JMP QWORD [RIP+0x8b6e8e0]}
.text  C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                    0000000077af1790 6 bytes {JMP QWORD [RIP+0x8a6e8a0]}
.text  C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                 0000000077af17e0 6 bytes {JMP QWORD [RIP+0x8a8e850]}
.text  C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                      0000000077af1800 6 bytes {JMP QWORD [RIP+0x8bae830]}
.text  C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                 0000000077af19f0 6 bytes {JMP QWORD [RIP+0x8c6e640]}
.text  C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                         0000000077af1b00 6 bytes {JMP QWORD [RIP+0x8a4e530]}
.text  C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                     0000000077af1bd0 6 bytes {JMP QWORD [RIP+0x8b0e460]}
.text  C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                        0000000077af1d20 6 bytes {JMP QWORD [RIP+0x8c0e310]}
.text  C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                  0000000077af1d30 6 bytes {JMP QWORD [RIP+0x8c4e300]}
.text  C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                      0000000077af20a0 6 bytes {JMP QWORD [RIP+0x8b2df90]}
.text  C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                             0000000077af2130 6 bytes {JMP QWORD [RIP+0x8c2df00]}
.text  C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                            0000000077af29a0 6 bytes {JMP QWORD [RIP+0x8b4d690]}
.text  C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                  0000000077af2a20 6 bytes {JMP QWORD [RIP+0x8aad610]}
.text  C:\Windows\system32\svchost.exe[1124] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                              0000000077af2aa0 6 bytes {JMP QWORD [RIP+0x8acd590]}
.text  C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                           000000007782a420 6 bytes {JMP QWORD [RIP+0x8875c10]}
.text  C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                 0000000077841b50 6 bytes JMP 18000
.text  C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                 00000000778b8810 6 bytes JMP 87c8a20
.text  C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                         000007fefe269055 3 bytes [B5, 6F, 0D]
.text  C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                 000007fefe2753c0 5 bytes [FF, 25, 70, AC, 11]
.text  C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx                                                                            000007feff9f4750 6 bytes JMP 0
.text  C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                          000007fefe2d22cc 6 bytes {JMP QWORD [RIP+0x13dd64]}
.text  C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\GDI32.dll!BitBlt                                                                                            000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x15db70]}
.text  C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                           000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x17a450]}
.text  C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                         000007fefe2d8398 6 bytes {JMP QWORD [RIP+0xf7c98]}
.text  C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                         000007fefe2d89c8 6 bytes {JMP QWORD [RIP+0xd7668]}
.text  C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\GDI32.dll!GetPixel                                                                                          000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x116cec]}
.text  C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                        000007fefe2db9e8 6 bytes JMP 0
.text  C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                            000007fefe2e5410 6 bytes JMP 0
.text  C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA                                                                           000007feffb2a1a0 6 bytes {JMP QWORD [RIP+0xf5e90]}
.text  C:\Windows\system32\svchost.exe[1124] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                                        000007feffb4fa50 6 bytes {JMP QWORD [RIP+0xf05e0]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                             0000000077ac3b10 6 bytes {JMP QWORD [RIP+0x857c520]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                  0000000077af13a0 6 bytes {JMP QWORD [RIP+0x852ec90]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                       0000000077af1570 6 bytes {JMP QWORD [RIP+0x8aeeac0]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                               0000000077af15e0 6 bytes {JMP QWORD [RIP+0x8bcea50]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                            0000000077af1620 6 bytes {JMP QWORD [RIP+0x8b8ea10]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                  0000000077af16c0 6 bytes {JMP QWORD [RIP+0x8bee970]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                          0000000077af1750 6 bytes {JMP QWORD [RIP+0x8b6e8e0]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                           0000000077af1790 6 bytes {JMP QWORD [RIP+0x8a6e8a0]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                        0000000077af17e0 6 bytes {JMP QWORD [RIP+0x8a8e850]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                             0000000077af1800 6 bytes {JMP QWORD [RIP+0x8bae830]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                        0000000077af19f0 6 bytes {JMP QWORD [RIP+0x8c6e640]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                0000000077af1b00 6 bytes {JMP QWORD [RIP+0x8a4e530]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                            0000000077af1bd0 6 bytes {JMP QWORD [RIP+0x8b0e460]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                               0000000077af1d20 6 bytes {JMP QWORD [RIP+0x8c0e310]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                         0000000077af1d30 6 bytes {JMP QWORD [RIP+0x8c4e300]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                             0000000077af20a0 6 bytes {JMP QWORD [RIP+0x8b2df90]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                    0000000077af2130 6 bytes {JMP QWORD [RIP+0x8c2df00]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                   0000000077af29a0 6 bytes {JMP QWORD [RIP+0x8b4d690]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                         0000000077af2a20 6 bytes {JMP QWORD [RIP+0x8aad610]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                     0000000077af2aa0 6 bytes {JMP QWORD [RIP+0x8acd590]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                  000000007782a420 6 bytes {JMP QWORD [RIP+0x8875c10]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\system32\kernel32.dll!CreateProcessW                                                        0000000077841b50 6 bytes {JMP QWORD [RIP+0x881e4e0]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\system32\kernel32.dll!CreateProcessA                                                        00000000778b8810 6 bytes {JMP QWORD [RIP+0x87c7820]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                000007fefe269055 3 bytes [B5, 6F, 0D]
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                        000007fefe2753c0 5 bytes [FF, 25, 70, AC, 11]
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\system32\GDI32.dll!DeleteDC                                                                 000007fefe2d22cc 6 bytes {JMP QWORD [RIP+0x13dd64]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\system32\GDI32.dll!BitBlt                                                                   000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x15db70]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\system32\GDI32.dll!MaskBlt                                                                  000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x17a450]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\system32\GDI32.dll!CreateDCW                                                                000007fefe2d8398 6 bytes {JMP QWORD [RIP+0xf7c98]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\system32\GDI32.dll!CreateDCA                                                                000007fefe2d89c8 6 bytes JMP 33
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\system32\GDI32.dll!GetPixel                                                                 000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x116cec]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\system32\GDI32.dll!StretchBlt                                                               000007fefe2db9e8 6 bytes JMP 0
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1380] C:\Windows\system32\GDI32.dll!PlgBlt                                                                   000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x2fac20]}
.text  C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                       0000000077ac3b10 6 bytes {JMP QWORD [RIP+0x857c520]}
.text  C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                            0000000077af13a0 6 bytes {JMP QWORD [RIP+0x852ec90]}
.text  C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                 0000000077af1570 6 bytes {JMP QWORD [RIP+0x8aeeac0]}
.text  C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                         0000000077af15e0 6 bytes {JMP QWORD [RIP+0x8bcea50]}
.text  C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                      0000000077af1620 6 bytes {JMP QWORD [RIP+0x8b8ea10]}
.text  C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                            0000000077af16c0 6 bytes {JMP QWORD [RIP+0x8bee970]}
.text  C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                    0000000077af1750 6 bytes {JMP QWORD [RIP+0x8b6e8e0]}
.text  C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                     0000000077af1790 6 bytes {JMP QWORD [RIP+0x8a6e8a0]}
.text  C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                  0000000077af17e0 6 bytes {JMP QWORD [RIP+0x8a8e850]}
.text  C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                       0000000077af1800 6 bytes {JMP QWORD [RIP+0x8bae830]}
.text  C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                  0000000077af19f0 6 bytes {JMP QWORD [RIP+0x8c6e640]}
.text  C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                          0000000077af1b00 6 bytes {JMP QWORD [RIP+0x8a4e530]}
.text  C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                      0000000077af1bd0 6 bytes {JMP QWORD [RIP+0x8b0e460]}
.text  C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                         0000000077af1d20 6 bytes {JMP QWORD [RIP+0x8c0e310]}
.text  C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                   0000000077af1d30 6 bytes {JMP QWORD [RIP+0x8c4e300]}
.text  C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                       0000000077af20a0 6 bytes {JMP QWORD [RIP+0x8b2df90]}
.text  C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                              0000000077af2130 6 bytes {JMP QWORD [RIP+0x8c2df00]}
.text  C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                             0000000077af29a0 6 bytes {JMP QWORD [RIP+0x8b4d690]}
.text  C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                   0000000077af2a20 6 bytes {JMP QWORD [RIP+0x8aad610]}
.text  C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                               0000000077af2aa0 6 bytes {JMP QWORD [RIP+0x8acd590]}
.text  C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                            000000007782a420 6 bytes {JMP QWORD [RIP+0x8875c10]}
.text  C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                  0000000077841b50 6 bytes {JMP QWORD [RIP+0x881e4e0]}
.text  C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                  00000000778b8810 6 bytes {JMP QWORD [RIP+0x87c7820]}
.text  C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                          000007fefe269055 3 bytes CALL 0
.text  C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                  000007fefe2753c0 5 bytes JMP 0
.text  C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                           000007fefe2d22cc 6 bytes JMP 0
.text  C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\system32\GDI32.dll!BitBlt                                                                                             000007fefe2d24c0 6 bytes JMP 15dbc0
.text  C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                            000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x17a450]}
.text  C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                          000007fefe2d8398 6 bytes JMP 0
.text  C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                          000007fefe2d89c8 6 bytes JMP 30302420
.text  C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\system32\GDI32.dll!GetPixel                                                                                           000007fefe2d9344 6 bytes JMP 0
.text  C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                         000007fefe2db9e8 6 bytes {JMP QWORD [RIP+0x824648]}
.text  C:\Windows\system32\nvvsvc.exe[1388] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                             000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x7fac20]}
.text  C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                      0000000077ac3b10 6 bytes {JMP QWORD [RIP+0x857c520]}
.text  C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                           0000000077af13a0 6 bytes {JMP QWORD [RIP+0x852ec90]}
.text  C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                0000000077af1570 6 bytes {JMP QWORD [RIP+0x8aeeac0]}
.text  C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                        0000000077af15e0 6 bytes {JMP QWORD [RIP+0x8bcea50]}
.text  C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                     0000000077af1620 6 bytes {JMP QWORD [RIP+0x8b8ea10]}
.text  C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                           0000000077af16c0 6 bytes {JMP QWORD [RIP+0x8bee970]}
.text  C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                   0000000077af1750 6 bytes {JMP QWORD [RIP+0x8b6e8e0]}
.text  C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                    0000000077af1790 6 bytes {JMP QWORD [RIP+0x8a6e8a0]}
.text  C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                 0000000077af17e0 6 bytes {JMP QWORD [RIP+0x8a8e850]}
.text  C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                      0000000077af1800 6 bytes {JMP QWORD [RIP+0x8bae830]}
.text  C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                 0000000077af19f0 6 bytes {JMP QWORD [RIP+0x8c6e640]}
.text  C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                         0000000077af1b00 6 bytes {JMP QWORD [RIP+0x8a4e530]}
.text  C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                     0000000077af1bd0 6 bytes {JMP QWORD [RIP+0x8b0e460]}
.text  C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                        0000000077af1d20 6 bytes {JMP QWORD [RIP+0x8c0e310]}
.text  C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                  0000000077af1d30 6 bytes {JMP QWORD [RIP+0x8c4e300]}
.text  C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                      0000000077af20a0 6 bytes {JMP QWORD [RIP+0x8b2df90]}
.text  C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                             0000000077af2130 6 bytes {JMP QWORD [RIP+0x8c2df00]}
.text  C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                            0000000077af29a0 6 bytes {JMP QWORD [RIP+0x8b4d690]}
.text  C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                  0000000077af2a20 6 bytes {JMP QWORD [RIP+0x8aad610]}
.text  C:\Windows\system32\svchost.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                              0000000077af2aa0 6 bytes {JMP QWORD [RIP+0x8acd590]}
.text  C:\Windows\system32\svchost.exe[1428] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                           000000007782a420 6 bytes {JMP QWORD [RIP+0x8875c10]}
.text  C:\Windows\system32\svchost.exe[1428] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                 0000000077841b50 6 bytes {JMP QWORD [RIP+0x881e4e0]}
.text  C:\Windows\system32\svchost.exe[1428] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                 00000000778b8810 6 bytes {JMP QWORD [RIP+0x87c7820]}
.text  C:\Windows\system32\svchost.exe[1428] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                         000007fefe269055 3 bytes [B5, 6F, 0D]
.text  C:\Windows\system32\svchost.exe[1428] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                 000007fefe2753c0 5 bytes [FF, 25, 70, AC, 11]
.text  C:\Windows\system32\svchost.exe[1428] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx                                                                            000007feff9f4750 6 bytes {JMP QWORD [RIP+0x26b8e0]}
.text  C:\Windows\system32\svchost.exe[1428] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                          000007fefe2d22cc 6 bytes {JMP QWORD [RIP+0x13dd64]}
.text  C:\Windows\system32\svchost.exe[1428] C:\Windows\system32\GDI32.dll!BitBlt                                                                                            000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x15db70]}
.text  C:\Windows\system32\svchost.exe[1428] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                           000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x17a450]}
.text  C:\Windows\system32\svchost.exe[1428] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                         000007fefe2d8398 6 bytes {JMP QWORD [RIP+0xf7c98]}
.text  C:\Windows\system32\svchost.exe[1428] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                         000007fefe2d89c8 6 bytes {JMP QWORD [RIP+0xd7668]}
.text  C:\Windows\system32\svchost.exe[1428] C:\Windows\system32\GDI32.dll!GetPixel                                                                                          000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x116cec]}
.text  C:\Windows\system32\svchost.exe[1428] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                        000007fefe2db9e8 6 bytes {JMP QWORD [RIP+0x324648]}
.text  C:\Windows\system32\svchost.exe[1428] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                            000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x2fac20]}
.text  C:\Windows\system32\svchost.exe[1428] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA                                                                           000007feffb2a1a0 6 bytes {JMP QWORD [RIP+0xf5e90]}
.text  C:\Windows\system32\svchost.exe[1428] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                                        000007feffb4fa50 6 bytes JMP 0
.text  C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                      0000000077ac3b10 6 bytes {JMP QWORD [RIP+0x857c520]}
.text  C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                           0000000077af13a0 6 bytes {JMP QWORD [RIP+0x852ec90]}
.text  C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                0000000077af1570 6 bytes {JMP QWORD [RIP+0x8aeeac0]}
.text  C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                        0000000077af15e0 6 bytes {JMP QWORD [RIP+0x8bcea50]}
.text  C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                     0000000077af1620 6 bytes {JMP QWORD [RIP+0x8b8ea10]}
.text  C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                           0000000077af16c0 6 bytes {JMP QWORD [RIP+0x8bee970]}
.text  C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                   0000000077af1750 6 bytes {JMP QWORD [RIP+0x8b6e8e0]}
.text  C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                    0000000077af1790 6 bytes {JMP QWORD [RIP+0x8a6e8a0]}
.text  C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                 0000000077af17e0 6 bytes {JMP QWORD [RIP+0x8a8e850]}
.text  C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                      0000000077af1800 6 bytes {JMP QWORD [RIP+0x8bae830]}
.text  C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                 0000000077af19f0 6 bytes {JMP QWORD [RIP+0x8c6e640]}
.text  C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                         0000000077af1b00 6 bytes {JMP QWORD [RIP+0x8a4e530]}
.text  C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                     0000000077af1bd0 6 bytes {JMP QWORD [RIP+0x8b0e460]}
.text  C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                        0000000077af1d20 6 bytes {JMP QWORD [RIP+0x8c0e310]}
.text  C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                  0000000077af1d30 6 bytes {JMP QWORD [RIP+0x8c4e300]}
.text  C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                      0000000077af20a0 6 bytes {JMP QWORD [RIP+0x8b2df90]}
.text  C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                             0000000077af2130 6 bytes {JMP QWORD [RIP+0x8c2df00]}
.text  C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                            0000000077af29a0 6 bytes {JMP QWORD [RIP+0x8b4d690]}
.text  C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                  0000000077af2a20 6 bytes {JMP QWORD [RIP+0x8aad610]}
.text  C:\Windows\System32\spoolsv.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                              0000000077af2aa0 6 bytes {JMP QWORD [RIP+0x8acd590]}
.text  C:\Windows\System32\spoolsv.exe[1604] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                           000000007782a420 6 bytes {JMP QWORD [RIP+0x8875c10]}
.text  C:\Windows\System32\spoolsv.exe[1604] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                 0000000077841b50 6 bytes {JMP QWORD [RIP+0x881e4e0]}
.text  C:\Windows\System32\spoolsv.exe[1604] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                 00000000778b8810 6 bytes {JMP QWORD [RIP+0x87c7820]}
.text  C:\Windows\System32\spoolsv.exe[1604] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                         000007fefe269055 3 bytes [B5, 6F, 12]
.text  C:\Windows\System32\spoolsv.exe[1604] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                 000007fefe2753c0 5 bytes [FF, 25, 70, AC, 16]
.text  C:\Windows\System32\spoolsv.exe[1604] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                          000007fefe2d22cc 6 bytes {JMP QWORD [RIP+0x18dd64]}
.text  C:\Windows\System32\spoolsv.exe[1604] C:\Windows\system32\GDI32.dll!BitBlt                                                                                            000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x81db70]}
.text  C:\Windows\System32\spoolsv.exe[1604] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                           000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x83a450]}
.text  C:\Windows\System32\spoolsv.exe[1604] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                         000007fefe2d8398 6 bytes {JMP QWORD [RIP+0x147c98]}
.text  C:\Windows\System32\spoolsv.exe[1604] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                         000007fefe2d89c8 6 bytes {JMP QWORD [RIP+0x127668]}
.text  C:\Windows\System32\spoolsv.exe[1604] C:\Windows\system32\GDI32.dll!GetPixel                                                                                          000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x166cec]}
.text  C:\Windows\System32\spoolsv.exe[1604] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                        000007fefe2db9e8 6 bytes {JMP QWORD [RIP+0x874648]}
.text  C:\Windows\System32\spoolsv.exe[1604] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                            000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x84ac20]}
.text  C:\Program Files\D-Link\SharePort Plus\Spnuhelper.exe[1744] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                     000000007782a420 6 bytes {JMP QWORD [RIP+0x8875c10]}
.text  C:\Program Files\D-Link\SharePort Plus\Spnuhelper.exe[1744] C:\Windows\system32\kernel32.dll!CreateProcessW                                                           0000000077841b50 6 bytes {JMP QWORD [RIP+0x881e4e0]}
.text  C:\Program Files\D-Link\SharePort Plus\Spnuhelper.exe[1744] C:\Windows\system32\kernel32.dll!CreateProcessA                                                           00000000778b8810 6 bytes {JMP QWORD [RIP+0x87c7820]}
.text  C:\Program Files\D-Link\SharePort Plus\Spnuhelper.exe[1744] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                   000007fefe269055 3 bytes [B5, 6F, 0D]
.text  C:\Program Files\D-Link\SharePort Plus\Spnuhelper.exe[1744] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                           000007fefe2753c0 5 bytes [FF, 25, 70, AC, 11]
.text  C:\Program Files\D-Link\SharePort Plus\Spnuhelper.exe[1744] C:\Windows\system32\GDI32.dll!DeleteDC                                                                    000007fefe2d22cc 6 bytes {JMP QWORD [RIP+0x13dd64]}
.text  C:\Program Files\D-Link\SharePort Plus\Spnuhelper.exe[1744] C:\Windows\system32\GDI32.dll!BitBlt                                                                      000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x15db70]}
.text  C:\Program Files\D-Link\SharePort Plus\Spnuhelper.exe[1744] C:\Windows\system32\GDI32.dll!MaskBlt                                                                     000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x17a450]}
.text  C:\Program Files\D-Link\SharePort Plus\Spnuhelper.exe[1744] C:\Windows\system32\GDI32.dll!CreateDCW                                                                   000007fefe2d8398 6 bytes {JMP QWORD [RIP+0xf7c98]}
.text  C:\Program Files\D-Link\SharePort Plus\Spnuhelper.exe[1744] C:\Windows\system32\GDI32.dll!CreateDCA                                                                   000007fefe2d89c8 6 bytes {JMP QWORD [RIP+0xd7668]}
.text  C:\Program Files\D-Link\SharePort Plus\Spnuhelper.exe[1744] C:\Windows\system32\GDI32.dll!GetPixel                                                                    000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x116cec]}
.text  C:\Program Files\D-Link\SharePort Plus\Spnuhelper.exe[1744] C:\Windows\system32\GDI32.dll!StretchBlt                                                                  000007fefe2db9e8 6 bytes {JMP QWORD [RIP+0x324648]}
.text  C:\Program Files\D-Link\SharePort Plus\Spnuhelper.exe[1744] C:\Windows\system32\GDI32.dll!PlgBlt                                                                      000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x2fac20]}
.text  C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                 0000000077ac3b10 6 bytes {JMP QWORD [RIP+0x857c520]}
.text  C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                      0000000077af13a0 6 bytes {JMP QWORD [RIP+0x852ec90]}
.text  C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                           0000000077af1570 6 bytes {JMP QWORD [RIP+0x8aeeac0]}
.text  C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                   0000000077af15e0 6 bytes {JMP QWORD [RIP+0x8bcea50]}
.text  C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                0000000077af1620 6 bytes {JMP QWORD [RIP+0x8b8ea10]}
.text  C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                      0000000077af16c0 6 bytes {JMP QWORD [RIP+0x8bee970]}
.text  C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                              0000000077af1750 6 bytes {JMP QWORD [RIP+0x8b6e8e0]}
.text  C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                               0000000077af1790 6 bytes {JMP QWORD [RIP+0x8a6e8a0]}
.text  C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                            0000000077af17e0 6 bytes {JMP QWORD [RIP+0x8a8e850]}
.text  C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                 0000000077af1800 6 bytes {JMP QWORD [RIP+0x8bae830]}
.text  C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                            0000000077af19f0 6 bytes {JMP QWORD [RIP+0x8c6e640]}
.text  C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                    0000000077af1b00 6 bytes {JMP QWORD [RIP+0x8a4e530]}
.text  C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                0000000077af1bd0 6 bytes {JMP QWORD [RIP+0x8b0e460]}
.text  C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                   0000000077af1d20 6 bytes {JMP QWORD [RIP+0x8c0e310]}
.text  C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                             0000000077af1d30 6 bytes {JMP QWORD [RIP+0x8c4e300]}
.text  C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                 0000000077af20a0 6 bytes {JMP QWORD [RIP+0x8b2df90]}
.text  C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                        0000000077af2130 6 bytes {JMP QWORD [RIP+0x8c2df00]}
.text  C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                       0000000077af29a0 6 bytes {JMP QWORD [RIP+0x8b4d690]}
.text  C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                             0000000077af2a20 6 bytes {JMP QWORD [RIP+0x8aad610]}
.text  C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                         0000000077af2aa0 6 bytes {JMP QWORD [RIP+0x8acd590]}
.text  C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                      000000007782a420 6 bytes {JMP QWORD [RIP+0x8875c10]}
.text  C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\system32\kernel32.dll!CreateProcessW                                                            0000000077841b50 6 bytes {JMP QWORD [RIP+0x881e4e0]}
.text  C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\system32\kernel32.dll!CreateProcessA                                                            00000000778b8810 6 bytes {JMP QWORD [RIP+0x87c7820]}
.text  C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                    000007fefe269055 3 bytes [B5, 6F, 12]
.text  C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                            000007fefe2753c0 5 bytes [FF, 25, 70, AC, 16]
.text  C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\system32\GDI32.dll!DeleteDC                                                                     000007fefe2d22cc 6 bytes {JMP QWORD [RIP+0x18dd64]}
.text  C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\system32\GDI32.dll!BitBlt                                                                       000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x81db70]}
.text  C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\system32\GDI32.dll!MaskBlt                                                                      000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x83a450]}
.text  C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\system32\GDI32.dll!CreateDCW                                                                    000007fefe2d8398 6 bytes {JMP QWORD [RIP+0x147c98]}
.text  C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\system32\GDI32.dll!CreateDCA                                                                    000007fefe2d89c8 6 bytes {JMP QWORD [RIP+0x127668]}
.text  C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\system32\GDI32.dll!GetPixel                                                                     000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x166cec]}
.text  C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\system32\GDI32.dll!StretchBlt                                                                   000007fefe2db9e8 6 bytes {JMP QWORD [RIP+0x874648]}
.text  C:\ProgramData\DatacardService\HWDeviceService64.exe[1780] C:\Windows\system32\GDI32.dll!PlgBlt                                                                       000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x84ac20]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                      0000000077ac3b10 6 bytes {JMP QWORD [RIP+0x857c520]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                           0000000077af13a0 6 bytes {JMP QWORD [RIP+0x852ec90]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                0000000077af1570 6 bytes {JMP QWORD [RIP+0x8aeeac0]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                        0000000077af15e0 6 bytes {JMP QWORD [RIP+0x8bcea50]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                     0000000077af1620 6 bytes {JMP QWORD [RIP+0x8b8ea10]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                           0000000077af16c0 6 bytes {JMP QWORD [RIP+0x8bee970]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                   0000000077af1750 6 bytes {JMP QWORD [RIP+0x8b6e8e0]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                    0000000077af1790 6 bytes {JMP QWORD [RIP+0x8a6e8a0]}

ivegotnoclue · 02.10.2013, 13:11

GMER - Teil 3

Code:

ATTFilter

.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                 0000000077af17e0 6 bytes {JMP QWORD [RIP+0x8a8e850]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                      0000000077af1800 6 bytes {JMP QWORD [RIP+0x8bae830]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                 0000000077af19f0 6 bytes {JMP QWORD [RIP+0x8c6e640]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                         0000000077af1b00 6 bytes {JMP QWORD [RIP+0x8a4e530]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                     0000000077af1bd0 6 bytes {JMP QWORD [RIP+0x8b0e460]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                        0000000077af1d20 6 bytes {JMP QWORD [RIP+0x8c0e310]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                  0000000077af1d30 6 bytes {JMP QWORD [RIP+0x8c4e300]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                      0000000077af20a0 6 bytes {JMP QWORD [RIP+0x8b2df90]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                             0000000077af2130 6 bytes {JMP QWORD [RIP+0x8c2df00]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                            0000000077af29a0 6 bytes {JMP QWORD [RIP+0x8b4d690]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                  0000000077af2a20 6 bytes {JMP QWORD [RIP+0x8aad610]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                              0000000077af2aa0 6 bytes {JMP QWORD [RIP+0x8acd590]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                           000000007782a420 6 bytes {JMP QWORD [RIP+0x8875c10]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\system32\kernel32.dll!CreateProcessW                                                 0000000077841b50 6 bytes {JMP QWORD [RIP+0x881e4e0]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\system32\kernel32.dll!CreateProcessA                                                 00000000778b8810 6 bytes {JMP QWORD [RIP+0x87c7820]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                         000007fefe269055 3 bytes [B5, 6F, 12]
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                 000007fefe2753c0 5 bytes [FF, 25, 70, AC, 16]
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\system32\GDI32.dll!DeleteDC                                                          000007fefe2d22cc 6 bytes {JMP QWORD [RIP+0x18dd64]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\system32\GDI32.dll!BitBlt                                                            000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x81db70]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\system32\GDI32.dll!MaskBlt                                                           000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x83a450]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\system32\GDI32.dll!CreateDCW                                                         000007fefe2d8398 6 bytes {JMP QWORD [RIP+0x147c98]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\system32\GDI32.dll!CreateDCA                                                         000007fefe2d89c8 6 bytes {JMP QWORD [RIP+0x127668]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\system32\GDI32.dll!GetPixel                                                          000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x166cec]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\system32\GDI32.dll!StretchBlt                                                        000007fefe2db9e8 6 bytes {JMP QWORD [RIP+0x874648]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1824] C:\Windows\system32\GDI32.dll!PlgBlt                                                            000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x84ac20]}
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                  0000000077c9f9e0 3 bytes JMP 71af000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4                                              0000000077c9f9e4 2 bytes JMP 71af000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                       0000000077c9fcb0 3 bytes JMP 70fa000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4                                   0000000077c9fcb4 2 bytes JMP 70fa000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                               0000000077c9fd64 3 bytes JMP 70e5000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                           0000000077c9fd68 2 bytes JMP 70e5000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                            0000000077c9fdc8 3 bytes JMP 70eb000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4                                        0000000077c9fdcc 2 bytes JMP 70eb000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                  0000000077c9fec0 3 bytes JMP 70e2000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4                              0000000077c9fec4 2 bytes JMP 70e2000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                          0000000077c9ffa4 3 bytes JMP 70ee000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4                                      0000000077c9ffa8 2 bytes JMP 70ee000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                           0000000077ca0004 3 bytes JMP 7106000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4                                       0000000077ca0008 2 bytes JMP 7106000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                        0000000077ca0084 3 bytes JMP 7103000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4                                    0000000077ca0088 2 bytes JMP 7103000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                             0000000077ca00b4 3 bytes JMP 70e8000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                         0000000077ca00b8 2 bytes JMP 70e8000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                        0000000077ca03b8 3 bytes JMP 70d6000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4                                    0000000077ca03bc 2 bytes JMP 70d6000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                0000000077ca0550 3 bytes JMP 7109000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4                            0000000077ca0554 2 bytes JMP 7109000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                            0000000077ca0694 3 bytes JMP 70f7000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4                                        0000000077ca0698 2 bytes JMP 70f7000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                               0000000077ca088c 3 bytes JMP 70df000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4                           0000000077ca0890 2 bytes JMP 70df000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                         0000000077ca08a4 3 bytes JMP 70d9000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4                                     0000000077ca08a8 2 bytes JMP 70d9000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                             0000000077ca0df4 3 bytes JMP 70f4000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4                                         0000000077ca0df8 2 bytes JMP 70f4000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                    0000000077ca0ed8 3 bytes JMP 70dc000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4                                0000000077ca0edc 2 bytes JMP 70dc000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                   0000000077ca1be4 3 bytes JMP 70f1000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4                               0000000077ca1be8 2 bytes JMP 70f1000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                         0000000077ca1cb4 3 bytes JMP 7100000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4                                     0000000077ca1cb8 2 bytes JMP 7100000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                     0000000077ca1d8c 3 bytes JMP 70fd000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4                                 0000000077ca1d90 2 bytes JMP 70fd000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                             0000000077cc1287 6 bytes JMP 71a8000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                        0000000075ce103d 6 bytes JMP 719c000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                        0000000075ce1072 6 bytes JMP 7199000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                  0000000075d0c965 6 bytes JMP 7190000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters                        0000000075c5f776 6 bytes JMP 719f000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                0000000075c62c91 4 bytes CALL 71ac0000
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                  0000000075732538 6 bytes JMP 7196000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                               00000000757352e9 6 bytes JMP 7193000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\GDI32.dll!DeleteDC                                                 00000000761d58b3 6 bytes JMP 7184000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\GDI32.dll!BitBlt                                                   00000000761d5ea6 6 bytes JMP 7181000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\GDI32.dll!CreateDCA                                                00000000761d7bcc 6 bytes JMP 718d000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\GDI32.dll!StretchBlt                                               00000000761db895 6 bytes JMP 7178000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\GDI32.dll!MaskBlt                                                  00000000761dc332 6 bytes JMP 717e000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\GDI32.dll!GetPixel                                                 00000000761dcbfb 6 bytes JMP 7187000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\GDI32.dll!CreateDCW                                                00000000761de743 6 bytes JMP 718a000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\GDI32.dll!PlgBlt                                                   0000000076204646 6 bytes JMP 717b000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!SetWindowLongW                                          0000000075988332 6 bytes JMP 7163000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!PostThreadMessageW                                      0000000075988bff 6 bytes JMP 7157000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW                                   00000000759890d3 6 bytes JMP 7112000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!SendMessageW                                            0000000075989679 6 bytes JMP 7151000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW                                     00000000759897d2 6 bytes JMP 714b000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                         000000007598ee09 6 bytes JMP 7169000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!RegisterHotKey                                          000000007598efc9 3 bytes JMP 7118000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4                                      000000007598efcd 2 bytes JMP 7118000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!PostMessageW                                            00000000759912a5 6 bytes JMP 715d000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!GetKeyState                                             000000007599291f 6 bytes JMP 7130000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!SetParent                                               0000000075992d64 3 bytes JMP 7127000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!SetParent + 4                                           0000000075992d68 2 bytes JMP 7127000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!EnableWindow                                            0000000075992da4 6 bytes JMP 710f000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!MoveWindow                                              0000000075993698 3 bytes JMP 7124000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!MoveWindow + 4                                          000000007599369c 2 bytes JMP 7124000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!PostMessageA                                            0000000075993baa 6 bytes JMP 7160000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!PostThreadMessageA                                      0000000075993c61 6 bytes JMP 715a000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!SetWindowLongA                                          0000000075996110 6 bytes JMP 7166000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!SendMessageA                                            000000007599612e 6 bytes JMP 7154000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA                                   0000000075996c30 6 bytes JMP 7115000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                       0000000075997603 6 bytes JMP 716c000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW                                      0000000075997668 6 bytes JMP 713f000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW                                    00000000759976e0 6 bytes JMP 7145000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA                                     000000007599781f 6 bytes JMP 714e000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                       000000007599835c 6 bytes JMP 716f000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                                      000000007599c4b6 3 bytes JMP 7121000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4                                  000000007599c4ba 2 bytes JMP 7121000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA                                     00000000759ac112 6 bytes JMP 713c000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW                                     00000000759ad0f5 6 bytes JMP 7139000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                        00000000759aeb96 6 bytes JMP 712d000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!GetKeyboardState                                        00000000759aec68 3 bytes JMP 7133000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4                                    00000000759aec6c 2 bytes JMP 7133000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!SendInput                                               00000000759aff4a 3 bytes JMP 7136000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!SendInput + 4                                           00000000759aff4e 2 bytes JMP 7136000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!GetClipboardData                                        00000000759c9f1d 6 bytes JMP 711b000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!ExitWindowsEx                                           00000000759d1497 6 bytes JMP 710c000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!mouse_event                                             00000000759e027b 6 bytes JMP 7172000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!keybd_event                                             00000000759e02bf 6 bytes JMP 7175000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA                                    00000000759e6cfc 6 bytes JMP 7148000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA                                      00000000759e6d5d 6 bytes JMP 7142000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!BlockInput                                              00000000759e7dd7 3 bytes JMP 711e000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!BlockInput + 4                                          00000000759e7ddb 2 bytes JMP 711e000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices                                 00000000759e88eb 3 bytes JMP 712a000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1920] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4                             00000000759e88ef 2 bytes JMP 712a000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                            0000000077c9f9e0 3 bytes JMP 71af000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4                                                        0000000077c9f9e4 2 bytes JMP 71af000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                 0000000077c9fcb0 3 bytes JMP 70f4000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4                                             0000000077c9fcb4 2 bytes JMP 70f4000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                         0000000077c9fd64 3 bytes JMP 70df000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                     0000000077c9fd68 2 bytes JMP 70df000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                      0000000077c9fdc8 3 bytes JMP 70e5000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4                                                  0000000077c9fdcc 2 bytes JMP 70e5000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                            0000000077c9fec0 3 bytes JMP 70dc000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4                                        0000000077c9fec4 2 bytes JMP 70dc000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                    0000000077c9ffa4 3 bytes JMP 70e8000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4                                                0000000077c9ffa8 2 bytes JMP 70e8000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                     0000000077ca0004 3 bytes JMP 7100000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4                                                 0000000077ca0008 2 bytes JMP 7100000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                  0000000077ca0084 3 bytes JMP 70fd000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4                                              0000000077ca0088 2 bytes JMP 70fd000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                       0000000077ca00b4 3 bytes JMP 70e2000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                   0000000077ca00b8 2 bytes JMP 70e2000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                  0000000077ca03b8 3 bytes JMP 70d0000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4                                              0000000077ca03bc 2 bytes JMP 70d0000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                          0000000077ca0550 3 bytes JMP 7103000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4                                      0000000077ca0554 2 bytes JMP 7103000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                      0000000077ca0694 3 bytes JMP 70f1000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4                                                  0000000077ca0698 2 bytes JMP 70f1000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                         0000000077ca088c 3 bytes JMP 70d9000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4                                     0000000077ca0890 2 bytes JMP 70d9000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                   0000000077ca08a4 3 bytes JMP 70d3000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4                                               0000000077ca08a8 2 bytes JMP 70d3000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                       0000000077ca0df4 3 bytes JMP 70ee000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4                                                   0000000077ca0df8 2 bytes JMP 70ee000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                              0000000077ca0ed8 3 bytes JMP 70d6000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4                                          0000000077ca0edc 2 bytes JMP 70d6000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                             0000000077ca1be4 3 bytes JMP 70eb000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4                                         0000000077ca1be8 2 bytes JMP 70eb000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                   0000000077ca1cb4 3 bytes JMP 70fa000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4                                               0000000077ca1cb8 2 bytes JMP 70fa000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                               0000000077ca1d8c 3 bytes JMP 70f7000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4                                           0000000077ca1d90 2 bytes JMP 70f7000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                       0000000077cc1287 6 bytes JMP 71a8000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                  0000000075ce103d 6 bytes JMP 719c000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                  0000000075ce1072 6 bytes JMP 7199000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                            0000000075d0c965 6 bytes JMP 7190000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters                                  0000000075c5f776 6 bytes JMP 719f000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                          0000000075c62c91 4 bytes CALL 71ac0000
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\GDI32.dll!DeleteDC                                                           00000000761d58b3 6 bytes JMP 717e000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\GDI32.dll!BitBlt                                                             00000000761d5ea6 6 bytes JMP 717b000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\GDI32.dll!CreateDCA                                                          00000000761d7bcc 6 bytes JMP 718d000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\GDI32.dll!StretchBlt                                                         00000000761db895 6 bytes JMP 7172000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\GDI32.dll!MaskBlt                                                            00000000761dc332 6 bytes JMP 7178000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\GDI32.dll!GetPixel                                                           00000000761dcbfb 6 bytes JMP 7187000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\GDI32.dll!CreateDCW                                                          00000000761de743 6 bytes JMP 718a000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\GDI32.dll!PlgBlt                                                             0000000076204646 6 bytes JMP 7175000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!SetWindowLongW                                                    0000000075988332 6 bytes JMP 715d000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!PostThreadMessageW                                                0000000075988bff 6 bytes JMP 7151000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW                                             00000000759890d3 6 bytes JMP 710c000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!SendMessageW                                                      0000000075989679 6 bytes JMP 714b000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW                                               00000000759897d2 6 bytes JMP 7145000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                   000000007598ee09 6 bytes JMP 7163000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!RegisterHotKey                                                    000000007598efc9 3 bytes JMP 7112000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4                                                000000007598efcd 2 bytes JMP 7112000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!PostMessageW                                                      00000000759912a5 6 bytes JMP 7157000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!GetKeyState                                                       000000007599291f 6 bytes JMP 712a000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!SetParent                                                         0000000075992d64 3 bytes JMP 7121000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!SetParent + 4                                                     0000000075992d68 2 bytes JMP 7121000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!EnableWindow                                                      0000000075992da4 6 bytes JMP 7109000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!MoveWindow                                                        0000000075993698 3 bytes JMP 711e000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!MoveWindow + 4                                                    000000007599369c 2 bytes JMP 711e000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!PostMessageA                                                      0000000075993baa 6 bytes JMP 715a000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!PostThreadMessageA                                                0000000075993c61 6 bytes JMP 7154000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!SetWindowLongA                                                    0000000075996110 6 bytes JMP 7160000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!SendMessageA                                                      000000007599612e 6 bytes JMP 714e000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA                                             0000000075996c30 6 bytes JMP 710f000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                 0000000075997603 6 bytes JMP 7166000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW                                                0000000075997668 6 bytes JMP 7139000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW                                              00000000759976e0 6 bytes JMP 713f000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA                                               000000007599781f 6 bytes JMP 7148000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                 000000007599835c 6 bytes JMP 7169000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                                                000000007599c4b6 3 bytes JMP 711b000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4                                            000000007599c4ba 2 bytes JMP 711b000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA                                               00000000759ac112 6 bytes JMP 7136000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW                                               00000000759ad0f5 6 bytes JMP 7133000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                  00000000759aeb96 6 bytes JMP 7127000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!GetKeyboardState                                                  00000000759aec68 3 bytes JMP 712d000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4                                              00000000759aec6c 2 bytes JMP 712d000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!SendInput                                                         00000000759aff4a 3 bytes JMP 7130000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!SendInput + 4                                                     00000000759aff4e 2 bytes JMP 7130000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                  00000000759c9f1d 6 bytes JMP 7115000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!ExitWindowsEx                                                     00000000759d1497 6 bytes JMP 7106000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!mouse_event                                                       00000000759e027b 6 bytes JMP 716c000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!keybd_event                                                       00000000759e02bf 6 bytes JMP 716f000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA                                              00000000759e6cfc 6 bytes JMP 7142000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA                                                00000000759e6d5d 6 bytes JMP 713c000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!BlockInput                                                        00000000759e7dd7 3 bytes JMP 7118000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!BlockInput + 4                                                    00000000759e7ddb 2 bytes JMP 7118000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices                                           00000000759e88eb 3 bytes JMP 7124000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4                                       00000000759e88ef 2 bytes JMP 7124000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                            0000000075732538 6 bytes JMP 7196000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                         00000000757352e9 6 bytes JMP 7193000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                          00000000754b1465 2 bytes [4B, 75]
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1956] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                         00000000754b14bb 2 bytes [4B, 75]
.text  ...                                                                                                                                                                   * 2
.text  C:\Windows\system32\svchost.exe[1176] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                           000000007782a420 6 bytes {JMP QWORD [RIP+0x8875c10]}
.text  C:\Windows\system32\svchost.exe[1176] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                 0000000077841b50 6 bytes {JMP QWORD [RIP+0x881e4e0]}
.text  C:\Windows\system32\svchost.exe[1176] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                 00000000778b8810 6 bytes {JMP QWORD [RIP+0x87c7820]}
.text  C:\Windows\system32\svchost.exe[1176] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                         000007fefe269055 3 bytes [B5, 6F, 0D]
.text  C:\Windows\system32\svchost.exe[1176] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                 000007fefe2753c0 5 bytes [FF, 25, 70, AC, 11]
.text  C:\Windows\system32\svchost.exe[1176] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                          000007fefe2d22cc 6 bytes {JMP QWORD [RIP+0x13dd64]}
.text  C:\Windows\system32\svchost.exe[1176] C:\Windows\system32\GDI32.dll!BitBlt                                                                                            000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x15db70]}
.text  C:\Windows\system32\svchost.exe[1176] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                           000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x17a450]}
.text  C:\Windows\system32\svchost.exe[1176] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                         000007fefe2d8398 6 bytes {JMP QWORD [RIP+0xf7c98]}
.text  C:\Windows\system32\svchost.exe[1176] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                         000007fefe2d89c8 6 bytes {JMP QWORD [RIP+0xd7668]}
.text  C:\Windows\system32\svchost.exe[1176] C:\Windows\system32\GDI32.dll!GetPixel                                                                                          000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x116cec]}
.text  C:\Windows\system32\svchost.exe[1176] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                        000007fefe2db9e8 6 bytes JMP 0
.text  C:\Windows\system32\svchost.exe[1176] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                            000007fefe2e5410 6 bytes JMP 0
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                             0000000077c9f9e0 3 bytes JMP 71af000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4                                                                                         0000000077c9f9e4 2 bytes JMP 71af000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                  0000000077c9fcb0 3 bytes JMP 70fa000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4                                                                              0000000077c9fcb4 2 bytes JMP 70fa000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                          0000000077c9fd64 3 bytes JMP 70e5000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                                                      0000000077c9fd68 2 bytes JMP 70e5000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                       0000000077c9fdc8 3 bytes JMP 70eb000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4                                                                                   0000000077c9fdcc 2 bytes JMP 70eb000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                                                             0000000077c9fec0 3 bytes JMP 70e2000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4                                                                         0000000077c9fec4 2 bytes JMP 70e2000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                     0000000077c9ffa4 3 bytes JMP 70ee000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4                                                                                 0000000077c9ffa8 2 bytes JMP 70ee000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                      0000000077ca0004 3 bytes JMP 7106000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4                                                                                  0000000077ca0008 2 bytes JMP 7106000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                                   0000000077ca0084 3 bytes JMP 7103000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4                                                                               0000000077ca0088 2 bytes JMP 7103000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                        0000000077ca00b4 3 bytes JMP 70e8000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                                                    0000000077ca00b8 2 bytes JMP 70e8000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                                                   0000000077ca03b8 3 bytes JMP 70d6000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4                                                                               0000000077ca03bc 2 bytes JMP 70d6000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                                                           0000000077ca0550 3 bytes JMP 7109000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4                                                                       0000000077ca0554 2 bytes JMP 7109000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                                                       0000000077ca0694 3 bytes JMP 70f7000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4                                                                                   0000000077ca0698 2 bytes JMP 70f7000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                          0000000077ca088c 3 bytes JMP 70df000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4                                                                      0000000077ca0890 2 bytes JMP 70df000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                    0000000077ca08a4 3 bytes JMP 70d9000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4                                                                                0000000077ca08a8 2 bytes JMP 70d9000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                        0000000077ca0df4 3 bytes JMP 70f4000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4                                                                                    0000000077ca0df8 2 bytes JMP 70f4000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                                                               0000000077ca0ed8 3 bytes JMP 70dc000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4                                                                           0000000077ca0edc 2 bytes JMP 70dc000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                              0000000077ca1be4 3 bytes JMP 70f1000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4                                                                          0000000077ca1be8 2 bytes JMP 70f1000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                                                    0000000077ca1cb4 3 bytes JMP 7100000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4                                                                                0000000077ca1cb8 2 bytes JMP 7100000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                                0000000077ca1d8c 3 bytes JMP 70fd000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4                                                                            0000000077ca1d90 2 bytes JMP 70fd000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                        0000000077cc1287 6 bytes JMP 71a8000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                   0000000075ce103d 6 bytes JMP 719c000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                   0000000075ce1072 6 bytes JMP 7199000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                             0000000075d0c965 6 bytes JMP 7190000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters                                                                   0000000075c5f776 6 bytes JMP 719f000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                                           0000000075c62c91 4 bytes CALL 71ac0000
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!SetWindowLongW                                                                                     0000000075988332 6 bytes JMP 7163000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!PostThreadMessageW                                                                                 0000000075988bff 6 bytes JMP 7157000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW                                                                              00000000759890d3 6 bytes JMP 7112000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!SendMessageW                                                                                       0000000075989679 6 bytes JMP 7151000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW                                                                                00000000759897d2 6 bytes JMP 714b000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                    000000007598ee09 6 bytes JMP 7169000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!RegisterHotKey                                                                                     000000007598efc9 3 bytes JMP 7118000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4                                                                                 000000007598efcd 2 bytes JMP 7118000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                                       00000000759912a5 6 bytes JMP 715d000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!GetKeyState                                                                                        000000007599291f 6 bytes JMP 7130000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!SetParent                                                                                          0000000075992d64 3 bytes JMP 7127000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!SetParent + 4                                                                                      0000000075992d68 2 bytes JMP 7127000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!EnableWindow                                                                                       0000000075992da4 6 bytes JMP 710f000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!MoveWindow                                                                                         0000000075993698 3 bytes JMP 7124000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!MoveWindow + 4                                                                                     000000007599369c 2 bytes JMP 7124000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                                       0000000075993baa 6 bytes JMP 7160000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!PostThreadMessageA                                                                                 0000000075993c61 6 bytes JMP 715a000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!SetWindowLongA                                                                                     0000000075996110 6 bytes JMP 7166000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!SendMessageA                                                                                       000000007599612e 6 bytes JMP 7154000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA                                                                              0000000075996c30 6 bytes JMP 7115000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                  0000000075997603 6 bytes JMP 716c000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW                                                                                 0000000075997668 6 bytes JMP 713f000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW                                                                               00000000759976e0 6 bytes JMP 7145000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA                                                                                000000007599781f 6 bytes JMP 714e000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                                  000000007599835c 6 bytes JMP 716f000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                                                                                 000000007599c4b6 3 bytes JMP 7121000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4                                                                             000000007599c4ba 2 bytes JMP 7121000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA                                                                                00000000759ac112 6 bytes JMP 713c000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW                                                                                00000000759ad0f5 6 bytes JMP 7139000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                                                   00000000759aeb96 6 bytes JMP 712d000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!GetKeyboardState                                                                                   00000000759aec68 3 bytes JMP 7133000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4                                                                               00000000759aec6c 2 bytes JMP 7133000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!SendInput                                                                                          00000000759aff4a 3 bytes JMP 7136000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!SendInput + 4                                                                                      00000000759aff4e 2 bytes JMP 7136000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                                                   00000000759c9f1d 6 bytes JMP 711b000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!ExitWindowsEx                                                                                      00000000759d1497 6 bytes JMP 710c000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!mouse_event                                                                                        00000000759e027b 6 bytes JMP 7172000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!keybd_event                                                                                        00000000759e02bf 6 bytes JMP 7175000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA                                                                               00000000759e6cfc 6 bytes JMP 7148000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA                                                                                 00000000759e6d5d 6 bytes JMP 7142000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!BlockInput                                                                                         00000000759e7dd7 3 bytes JMP 711e000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!BlockInput + 4                                                                                     00000000759e7ddb 2 bytes JMP 711e000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices                                                                            00000000759e88eb 3 bytes JMP 712a000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4                                                                        00000000759e88ef 2 bytes JMP 712a000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\GDI32.dll!DeleteDC                                                                                            00000000761d58b3 6 bytes JMP 7184000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\GDI32.dll!BitBlt                                                                                              00000000761d5ea6 6 bytes JMP 7181000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\GDI32.dll!CreateDCA                                                                                           00000000761d7bcc 6 bytes JMP 718d000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\GDI32.dll!StretchBlt                                                                                          00000000761db895 6 bytes JMP 7178000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\GDI32.dll!MaskBlt                                                                                             00000000761dc332 6 bytes JMP 717e000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\GDI32.dll!GetPixel                                                                                            00000000761dcbfb 6 bytes JMP 7187000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\GDI32.dll!CreateDCW                                                                                           00000000761de743 6 bytes JMP 718a000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\GDI32.dll!PlgBlt                                                                                              0000000076204646 6 bytes JMP 717b000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                                             0000000075732538 6 bytes JMP 7196000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                                          00000000757352e9 6 bytes JMP 7193000a
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 26                                                                            0000000072c813c6 2 bytes [C8, 72]
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 74                                                                            0000000072c813f6 2 bytes [C8, 72]
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 257                                                                           0000000072c814ad 2 bytes [C8, 72]
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 303                                                                           0000000072c814db 2 bytes [C8, 72]
.text  ...                                                                                                                                                                   * 2
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 79                                                                            0000000072c81577 2 bytes [C8, 72]
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 175                                                                           0000000072c815d7 2 bytes [C8, 72]
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 620                                                                           0000000072c81794 2 bytes [C8, 72]
.text  C:\Windows\SysWOW64\vmnat.exe[1356] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 921                                                                           0000000072c818c1 2 bytes [C8, 72]
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                           0000000077c9f9e0 3 bytes JMP 71af000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4                                                       0000000077c9f9e4 2 bytes JMP 71af000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                0000000077c9fcb0 3 bytes JMP 70f4000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4                                            0000000077c9fcb4 2 bytes JMP 70f4000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                        0000000077c9fd64 3 bytes JMP 70df000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                    0000000077c9fd68 2 bytes JMP 70df000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                     0000000077c9fdc8 3 bytes JMP 70e5000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4                                                 0000000077c9fdcc 2 bytes JMP 70e5000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                           0000000077c9fec0 3 bytes JMP 70dc000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4                                       0000000077c9fec4 2 bytes JMP 70dc000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                   0000000077c9ffa4 3 bytes JMP 70e8000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4                                               0000000077c9ffa8 2 bytes JMP 70e8000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                    0000000077ca0004 3 bytes JMP 7100000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4                                                0000000077ca0008 2 bytes JMP 7100000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                 0000000077ca0084 3 bytes JMP 70fd000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4                                             0000000077ca0088 2 bytes JMP 70fd000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                      0000000077ca00b4 3 bytes JMP 70e2000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                  0000000077ca00b8 2 bytes JMP 70e2000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                 0000000077ca03b8 3 bytes JMP 70d0000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4                                             0000000077ca03bc 2 bytes JMP 70d0000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                         0000000077ca0550 3 bytes JMP 7103000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4                                     0000000077ca0554 2 bytes JMP 7103000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                     0000000077ca0694 3 bytes JMP 70f1000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4                                                 0000000077ca0698 2 bytes JMP 70f1000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                        0000000077ca088c 3 bytes JMP 70d9000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4                                    0000000077ca0890 2 bytes JMP 70d9000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                  0000000077ca08a4 3 bytes JMP 70d3000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4                                              0000000077ca08a8 2 bytes JMP 70d3000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                      0000000077ca0df4 3 bytes JMP 70ee000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4                                                  0000000077ca0df8 2 bytes JMP 70ee000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                             0000000077ca0ed8 3 bytes JMP 70d6000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4                                         0000000077ca0edc 2 bytes JMP 70d6000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                            0000000077ca1be4 3 bytes JMP 70eb000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4                                        0000000077ca1be8 2 bytes JMP 70eb000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                  0000000077ca1cb4 3 bytes JMP 70fa000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4                                              0000000077ca1cb8 2 bytes JMP 70fa000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                              0000000077ca1d8c 3 bytes JMP 70f7000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4                                          0000000077ca1d90 2 bytes JMP 70f7000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                      0000000077cc1287 6 bytes JMP 71a8000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                 0000000075ce103d 6 bytes JMP 719c000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                 0000000075ce1072 6 bytes JMP 7199000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                           0000000075d0c965 6 bytes JMP 7190000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters                                 0000000075c5f776 6 bytes JMP 719f000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                         0000000075c62c91 4 bytes CALL 71ac0000
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\GDI32.dll!DeleteDC                                                          00000000761d58b3 6 bytes JMP 717e000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\GDI32.dll!BitBlt                                                            00000000761d5ea6 6 bytes JMP 717b000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\GDI32.dll!CreateDCA                                                         00000000761d7bcc 6 bytes JMP 718d000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\GDI32.dll!StretchBlt                                                        00000000761db895 6 bytes JMP 7172000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\GDI32.dll!MaskBlt                                                           00000000761dc332 6 bytes JMP 7178000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\GDI32.dll!GetPixel                                                          00000000761dcbfb 6 bytes JMP 7187000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\GDI32.dll!CreateDCW                                                         00000000761de743 6 bytes JMP 718a000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\GDI32.dll!PlgBlt                                                            0000000076204646 6 bytes JMP 7175000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!SetWindowLongW                                                   0000000075988332 6 bytes JMP 715d000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!PostThreadMessageW                                               0000000075988bff 6 bytes JMP 7151000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW                                            00000000759890d3 6 bytes JMP 710c000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!SendMessageW                                                     0000000075989679 6 bytes JMP 714b000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW                                              00000000759897d2 6 bytes JMP 7145000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                  000000007598ee09 6 bytes JMP 7163000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!RegisterHotKey                                                   000000007598efc9 3 bytes JMP 7112000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4                                               000000007598efcd 2 bytes JMP 7112000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!PostMessageW                                                     00000000759912a5 6 bytes JMP 7157000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!GetKeyState                                                      000000007599291f 6 bytes JMP 712a000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!SetParent                                                        0000000075992d64 3 bytes JMP 7121000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!SetParent + 4                                                    0000000075992d68 2 bytes JMP 7121000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!EnableWindow                                                     0000000075992da4 6 bytes JMP 7109000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!MoveWindow                                                       0000000075993698 3 bytes JMP 711e000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!MoveWindow + 4                                                   000000007599369c 2 bytes JMP 711e000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!PostMessageA                                                     0000000075993baa 6 bytes JMP 715a000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!PostThreadMessageA                                               0000000075993c61 6 bytes JMP 7154000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!SetWindowLongA                                                   0000000075996110 6 bytes JMP 7160000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!SendMessageA                                                     000000007599612e 6 bytes JMP 714e000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA                                            0000000075996c30 6 bytes JMP 710f000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                0000000075997603 6 bytes JMP 7166000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW                                               0000000075997668 6 bytes JMP 7139000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW                                             00000000759976e0 6 bytes JMP 713f000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA                                              000000007599781f 6 bytes JMP 7148000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                000000007599835c 6 bytes JMP 7169000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                                               000000007599c4b6 3 bytes JMP 711b000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4                                           000000007599c4ba 2 bytes JMP 711b000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA                                              00000000759ac112 6 bytes JMP 7136000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW                                              00000000759ad0f5 6 bytes JMP 7133000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                 00000000759aeb96 6 bytes JMP 7127000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!GetKeyboardState                                                 00000000759aec68 3 bytes JMP 712d000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4                                             00000000759aec6c 2 bytes JMP 712d000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!SendInput                                                        00000000759aff4a 3 bytes JMP 7130000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!SendInput + 4                                                    00000000759aff4e 2 bytes JMP 7130000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                 00000000759c9f1d 6 bytes JMP 7115000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!ExitWindowsEx                                                    00000000759d1497 6 bytes JMP 7106000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!mouse_event                                                      00000000759e027b 6 bytes JMP 716c000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!keybd_event                                                      00000000759e02bf 6 bytes JMP 716f000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA                                             00000000759e6cfc 6 bytes JMP 7142000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA                                               00000000759e6d5d 6 bytes JMP 713c000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!BlockInput                                                       00000000759e7dd7 3 bytes JMP 7118000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!BlockInput + 4                                                   00000000759e7ddb 2 bytes JMP 7118000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices                                          00000000759e88eb 3 bytes JMP 7124000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4                                      00000000759e88ef 2 bytes JMP 7124000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                           0000000075732538 6 bytes JMP 7196000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[1676] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                        00000000757352e9 6 bytes JMP 7193000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                              0000000077c9f9e0 3 bytes JMP 71af000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4                                                          0000000077c9f9e4 2 bytes JMP 71af000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                   0000000077c9fcb0 3 bytes JMP 70fa000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4                                               0000000077c9fcb4 2 bytes JMP 70fa000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                           0000000077c9fd64 3 bytes JMP 70e5000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                       0000000077c9fd68 2 bytes JMP 70e5000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                        0000000077c9fdc8 3 bytes JMP 70eb000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4                                                    0000000077c9fdcc 2 bytes JMP 70eb000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                              0000000077c9fec0 3 bytes JMP 70e2000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4                                          0000000077c9fec4 2 bytes JMP 70e2000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                      0000000077c9ffa4 3 bytes JMP 70ee000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4                                                  0000000077c9ffa8 2 bytes JMP 70ee000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                       0000000077ca0004 3 bytes JMP 7106000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4                                                   0000000077ca0008 2 bytes JMP 7106000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                    0000000077ca0084 3 bytes JMP 7103000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4                                                0000000077ca0088 2 bytes JMP 7103000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                         0000000077ca00b4 3 bytes JMP 70e8000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                     0000000077ca00b8 2 bytes JMP 70e8000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                    0000000077ca03b8 3 bytes JMP 70d6000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4                                                0000000077ca03bc 2 bytes JMP 70d6000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                            0000000077ca0550 3 bytes JMP 7109000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4                                        0000000077ca0554 2 bytes JMP 7109000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                        0000000077ca0694 3 bytes JMP 70f7000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4                                                    0000000077ca0698 2 bytes JMP 70f7000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                           0000000077ca088c 3 bytes JMP 70df000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4                                       0000000077ca0890 2 bytes JMP 70df000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                     0000000077ca08a4 3 bytes JMP 70d9000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4                                                 0000000077ca08a8 2 bytes JMP 70d9000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                         0000000077ca0df4 3 bytes JMP 70f4000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4                                                     0000000077ca0df8 2 bytes JMP 70f4000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                                0000000077ca0ed8 3 bytes JMP 70dc000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4                                            0000000077ca0edc 2 bytes JMP 70dc000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                               0000000077ca1be4 3 bytes JMP 70f1000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4                                           0000000077ca1be8 2 bytes JMP 70f1000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                     0000000077ca1cb4 3 bytes JMP 7100000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4                                                 0000000077ca1cb8 2 bytes JMP 7100000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                 0000000077ca1d8c 3 bytes JMP 70fd000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4                                             0000000077ca1d90 2 bytes JMP 70fd000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                         0000000077cc1287 6 bytes JMP 71a8000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                    0000000075ce103d 6 bytes JMP 719c000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                    0000000075ce1072 6 bytes JMP 7199000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                              0000000075d0c965 6 bytes JMP 7190000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters                                    0000000075c5f776 6 bytes JMP 719f000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                            0000000075c62c91 4 bytes CALL 71ac0000
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                              0000000075732538 6 bytes JMP 7196000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                           00000000757352e9 6 bytes JMP 7193000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                            00000000754b1465 2 bytes [4B, 75]
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                           00000000754b14bb 2 bytes [4B, 75]
.text  ...                                                                                                                                                                   * 2
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!SetWindowLongW                                                      0000000075988332 6 bytes JMP 7163000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!PostThreadMessageW                                                  0000000075988bff 6 bytes JMP 7157000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW                                               00000000759890d3 6 bytes JMP 7112000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!SendMessageW                                                        0000000075989679 6 bytes JMP 7151000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW                                                 00000000759897d2 6 bytes JMP 714b000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                     000000007598ee09 6 bytes JMP 7169000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!RegisterHotKey                                                      000000007598efc9 3 bytes JMP 7118000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4                                                  000000007598efcd 2 bytes JMP 7118000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!PostMessageW                                                        00000000759912a5 6 bytes JMP 715d000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!GetKeyState                                                         000000007599291f 6 bytes JMP 7130000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!SetParent                                                           0000000075992d64 3 bytes JMP 7127000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!SetParent + 4                                                       0000000075992d68 2 bytes JMP 7127000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!EnableWindow                                                        0000000075992da4 6 bytes JMP 710f000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!MoveWindow                                                          0000000075993698 3 bytes JMP 7124000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!MoveWindow + 4                                                      000000007599369c 2 bytes JMP 7124000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!PostMessageA                                                        0000000075993baa 6 bytes JMP 7160000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!PostThreadMessageA                                                  0000000075993c61 6 bytes JMP 715a000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!SetWindowLongA                                                      0000000075996110 6 bytes JMP 7166000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!SendMessageA                                                        000000007599612e 6 bytes JMP 7154000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA                                               0000000075996c30 6 bytes JMP 7115000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                   0000000075997603 6 bytes JMP 716c000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW                                                  0000000075997668 6 bytes JMP 713f000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW                                                00000000759976e0 6 bytes JMP 7145000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA                                                 000000007599781f 6 bytes JMP 714e000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                   000000007599835c 6 bytes JMP 716f000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                                                  000000007599c4b6 3 bytes JMP 7121000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4                                              000000007599c4ba 2 bytes JMP 7121000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA                                                 00000000759ac112 6 bytes JMP 713c000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW                                                 00000000759ad0f5 6 bytes JMP 7139000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                    00000000759aeb96 6 bytes JMP 712d000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!GetKeyboardState                                                    00000000759aec68 3 bytes JMP 7133000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4                                                00000000759aec6c 2 bytes JMP 7133000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!SendInput                                                           00000000759aff4a 3 bytes JMP 7136000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!SendInput + 4                                                       00000000759aff4e 2 bytes JMP 7136000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                    00000000759c9f1d 6 bytes JMP 711b000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!ExitWindowsEx                                                       00000000759d1497 6 bytes JMP 710c000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!mouse_event                                                         00000000759e027b 6 bytes JMP 7172000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!keybd_event                                                         00000000759e02bf 6 bytes JMP 7175000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA                                                00000000759e6cfc 6 bytes JMP 7148000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA                                                  00000000759e6d5d 6 bytes JMP 7142000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!BlockInput                                                          00000000759e7dd7 3 bytes JMP 711e000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!BlockInput + 4                                                      00000000759e7ddb 2 bytes JMP 711e000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices                                             00000000759e88eb 3 bytes JMP 712a000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4                                         00000000759e88ef 2 bytes JMP 712a000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\GDI32.dll!DeleteDC                                                             00000000761d58b3 6 bytes JMP 7184000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\GDI32.dll!BitBlt                                                               00000000761d5ea6 6 bytes JMP 7181000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\GDI32.dll!CreateDCA                                                            00000000761d7bcc 6 bytes JMP 718d000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\GDI32.dll!StretchBlt                                                           00000000761db895 6 bytes JMP 7178000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\GDI32.dll!MaskBlt                                                              00000000761dc332 6 bytes JMP 717e000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\GDI32.dll!GetPixel                                                             00000000761dcbfb 6 bytes JMP 7187000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\GDI32.dll!CreateDCW                                                            00000000761de743 6 bytes JMP 718a000a
.text  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2104] C:\Windows\syswow64\GDI32.dll!PlgBlt                                                               0000000076204646 6 bytes JMP 717b000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                         0000000077c9f9e0 3 bytes JMP 71af000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4                                                                                     0000000077c9f9e4 2 bytes JMP 71af000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                              0000000077c9fcb0 3 bytes JMP 70fa000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4                                                                          0000000077c9fcb4 2 bytes JMP 70fa000a

ivegotnoclue · 02.10.2013, 13:13

GMER - Teil 4

Code:

ATTFilter

.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                      0000000077c9fd64 3 bytes JMP 70e5000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                                                  0000000077c9fd68 2 bytes JMP 70e5000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                   0000000077c9fdc8 3 bytes JMP 70eb000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4                                                                               0000000077c9fdcc 2 bytes JMP 70eb000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                                                         0000000077c9fec0 3 bytes JMP 70e2000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4                                                                     0000000077c9fec4 2 bytes JMP 70e2000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                 0000000077c9ffa4 3 bytes JMP 70ee000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4                                                                             0000000077c9ffa8 2 bytes JMP 70ee000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                  0000000077ca0004 3 bytes JMP 7106000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4                                                                              0000000077ca0008 2 bytes JMP 7106000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                               0000000077ca0084 3 bytes JMP 7103000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4                                                                           0000000077ca0088 2 bytes JMP 7103000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                    0000000077ca00b4 3 bytes JMP 70e8000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                                                0000000077ca00b8 2 bytes JMP 70e8000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                                               0000000077ca03b8 3 bytes JMP 70d6000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4                                                                           0000000077ca03bc 2 bytes JMP 70d6000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                                                       0000000077ca0550 3 bytes JMP 7109000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4                                                                   0000000077ca0554 2 bytes JMP 7109000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                                                   0000000077ca0694 3 bytes JMP 70f7000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4                                                                               0000000077ca0698 2 bytes JMP 70f7000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                      0000000077ca088c 3 bytes JMP 70df000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4                                                                  0000000077ca0890 2 bytes JMP 70df000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                0000000077ca08a4 3 bytes JMP 70d9000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4                                                                            0000000077ca08a8 2 bytes JMP 70d9000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                    0000000077ca0df4 3 bytes JMP 70f4000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4                                                                                0000000077ca0df8 2 bytes JMP 70f4000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                                                           0000000077ca0ed8 3 bytes JMP 70dc000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4                                                                       0000000077ca0edc 2 bytes JMP 70dc000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                          0000000077ca1be4 3 bytes JMP 70f1000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4                                                                      0000000077ca1be8 2 bytes JMP 70f1000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                                                0000000077ca1cb4 3 bytes JMP 7100000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4                                                                            0000000077ca1cb8 2 bytes JMP 7100000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                            0000000077ca1d8c 3 bytes JMP 70fd000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4                                                                        0000000077ca1d90 2 bytes JMP 70fd000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                    0000000077cc1287 6 bytes JMP 71a8000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                               0000000075ce103d 6 bytes JMP 719c000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                               0000000075ce1072 6 bytes JMP 7199000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                         0000000075d0c965 6 bytes JMP 7190000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters                                                               0000000075c5f776 6 bytes JMP 719f000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                                       0000000075c62c91 4 bytes CALL 71ac0000
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!SetWindowLongW                                                                                 0000000075988332 6 bytes JMP 7163000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!PostThreadMessageW                                                                             0000000075988bff 6 bytes JMP 7157000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW                                                                          00000000759890d3 6 bytes JMP 7112000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!SendMessageW                                                                                   0000000075989679 6 bytes JMP 7151000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW                                                                            00000000759897d2 6 bytes JMP 714b000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                000000007598ee09 6 bytes JMP 7169000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!RegisterHotKey                                                                                 000000007598efc9 3 bytes JMP 7118000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4                                                                             000000007598efcd 2 bytes JMP 7118000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                                   00000000759912a5 6 bytes JMP 715d000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!GetKeyState                                                                                    000000007599291f 6 bytes JMP 7130000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!SetParent                                                                                      0000000075992d64 3 bytes JMP 7127000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!SetParent + 4                                                                                  0000000075992d68 2 bytes JMP 7127000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!EnableWindow                                                                                   0000000075992da4 6 bytes JMP 710f000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!MoveWindow                                                                                     0000000075993698 3 bytes JMP 7124000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!MoveWindow + 4                                                                                 000000007599369c 2 bytes JMP 7124000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                                   0000000075993baa 6 bytes JMP 7160000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!PostThreadMessageA                                                                             0000000075993c61 6 bytes JMP 715a000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!SetWindowLongA                                                                                 0000000075996110 6 bytes JMP 7166000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!SendMessageA                                                                                   000000007599612e 6 bytes JMP 7154000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA                                                                          0000000075996c30 6 bytes JMP 7115000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                              0000000075997603 6 bytes JMP 716c000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW                                                                             0000000075997668 6 bytes JMP 713f000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW                                                                           00000000759976e0 6 bytes JMP 7145000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA                                                                            000000007599781f 6 bytes JMP 714e000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                              000000007599835c 6 bytes JMP 716f000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                                                                             000000007599c4b6 3 bytes JMP 7121000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4                                                                         000000007599c4ba 2 bytes JMP 7121000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA                                                                            00000000759ac112 6 bytes JMP 713c000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW                                                                            00000000759ad0f5 6 bytes JMP 7139000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                                               00000000759aeb96 6 bytes JMP 712d000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!GetKeyboardState                                                                               00000000759aec68 3 bytes JMP 7133000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4                                                                           00000000759aec6c 2 bytes JMP 7133000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!SendInput                                                                                      00000000759aff4a 3 bytes JMP 7136000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!SendInput + 4                                                                                  00000000759aff4e 2 bytes JMP 7136000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                                               00000000759c9f1d 6 bytes JMP 711b000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!ExitWindowsEx                                                                                  00000000759d1497 6 bytes JMP 710c000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!mouse_event                                                                                    00000000759e027b 6 bytes JMP 7172000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!keybd_event                                                                                    00000000759e02bf 6 bytes JMP 7175000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA                                                                           00000000759e6cfc 6 bytes JMP 7148000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA                                                                             00000000759e6d5d 6 bytes JMP 7142000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!BlockInput                                                                                     00000000759e7dd7 3 bytes JMP 711e000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!BlockInput + 4                                                                                 00000000759e7ddb 2 bytes JMP 711e000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices                                                                        00000000759e88eb 3 bytes JMP 712a000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4                                                                    00000000759e88ef 2 bytes JMP 712a000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\GDI32.dll!DeleteDC                                                                                        00000000761d58b3 6 bytes JMP 7184000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\GDI32.dll!BitBlt                                                                                          00000000761d5ea6 6 bytes JMP 7181000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\GDI32.dll!CreateDCA                                                                                       00000000761d7bcc 6 bytes JMP 718d000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\GDI32.dll!StretchBlt                                                                                      00000000761db895 6 bytes JMP 7178000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\GDI32.dll!MaskBlt                                                                                         00000000761dc332 6 bytes JMP 717e000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\GDI32.dll!GetPixel                                                                                        00000000761dcbfb 6 bytes JMP 7187000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\GDI32.dll!CreateDCW                                                                                       00000000761de743 6 bytes JMP 718a000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\GDI32.dll!PlgBlt                                                                                          0000000076204646 6 bytes JMP 717b000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                                         0000000075732538 6 bytes JMP 7196000a
.text  C:\Windows\SysWOW64\vmnetdhcp.exe[2124] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                                      00000000757352e9 6 bytes JMP 7193000a
.text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                            0000000077ac3b10 6 bytes {JMP QWORD [RIP+0x857c520]}
.text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                 0000000077af13a0 6 bytes {JMP QWORD [RIP+0x852ec90]}
.text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                      0000000077af1570 6 bytes {JMP QWORD [RIP+0x8aeeac0]}
.text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                              0000000077af15e0 6 bytes {JMP QWORD [RIP+0x8bcea50]}
.text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                           0000000077af1620 6 bytes {JMP QWORD [RIP+0x8b8ea10]}
.text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                 0000000077af16c0 6 bytes {JMP QWORD [RIP+0x8bee970]}
.text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                         0000000077af1750 6 bytes {JMP QWORD [RIP+0x8b6e8e0]}
.text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                          0000000077af1790 6 bytes {JMP QWORD [RIP+0x8a6e8a0]}
.text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                       0000000077af17e0 6 bytes {JMP QWORD [RIP+0x8a8e850]}
.text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                            0000000077af1800 6 bytes {JMP QWORD [RIP+0x8bae830]}
.text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                       0000000077af19f0 6 bytes {JMP QWORD [RIP+0x8c6e640]}
.text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                               0000000077af1b00 6 bytes {JMP QWORD [RIP+0x8a4e530]}
.text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                           0000000077af1bd0 6 bytes {JMP QWORD [RIP+0x8b0e460]}
.text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                              0000000077af1d20 6 bytes {JMP QWORD [RIP+0x8c0e310]}
.text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                        0000000077af1d30 6 bytes {JMP QWORD [RIP+0x8c4e300]}
.text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                            0000000077af20a0 6 bytes {JMP QWORD [RIP+0x8b2df90]}
.text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                   0000000077af2130 6 bytes {JMP QWORD [RIP+0x8c2df00]}
.text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                  0000000077af29a0 6 bytes {JMP QWORD [RIP+0x8b4d690]}
.text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                        0000000077af2a20 6 bytes {JMP QWORD [RIP+0x8aad610]}
.text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2144] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                    0000000077af2aa0 6 bytes {JMP QWORD [RIP+0x8acd590]}
.text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2144] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                 000000007782a420 6 bytes {JMP QWORD [RIP+0x8875c10]}
.text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2144] C:\Windows\system32\kernel32.dll!CreateProcessW                                       0000000077841b50 6 bytes {JMP QWORD [RIP+0x881e4e0]}
.text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2144] C:\Windows\system32\kernel32.dll!CreateProcessA                                       00000000778b8810 6 bytes {JMP QWORD [RIP+0x87c7820]}
.text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2144] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                               000007fefe269055 3 bytes [B5, 6F, 12]
.text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2144] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                       000007fefe2753c0 5 bytes [FF, 25, 70, AC, 16]
.text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2144] C:\Windows\system32\GDI32.dll!DeleteDC                                                000007fefe2d22cc 6 bytes {JMP QWORD [RIP+0x18dd64]}
.text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2144] C:\Windows\system32\GDI32.dll!BitBlt                                                  000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x81db70]}
.text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2144] C:\Windows\system32\GDI32.dll!MaskBlt                                                 000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x83a450]}
.text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2144] C:\Windows\system32\GDI32.dll!CreateDCW                                               000007fefe2d8398 6 bytes {JMP QWORD [RIP+0x147c98]}
.text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2144] C:\Windows\system32\GDI32.dll!CreateDCA                                               000007fefe2d89c8 6 bytes {JMP QWORD [RIP+0x127668]}
.text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2144] C:\Windows\system32\GDI32.dll!GetPixel                                                000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x166cec]}
.text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2144] C:\Windows\system32\GDI32.dll!StretchBlt                                              000007fefe2db9e8 6 bytes {JMP QWORD [RIP+0x874648]}
.text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2144] C:\Windows\system32\GDI32.dll!PlgBlt                                                  000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x84ac20]}
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                           0000000077c9f9e0 3 bytes JMP 71af000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4                                                       0000000077c9f9e4 2 bytes JMP 71af000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                0000000077c9fcb0 3 bytes JMP 70fa000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4                                            0000000077c9fcb4 2 bytes JMP 70fa000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                        0000000077c9fd64 3 bytes JMP 70e5000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                    0000000077c9fd68 2 bytes JMP 70e5000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                     0000000077c9fdc8 3 bytes JMP 70eb000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4                                                 0000000077c9fdcc 2 bytes JMP 70eb000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                           0000000077c9fec0 3 bytes JMP 70e2000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4                                       0000000077c9fec4 2 bytes JMP 70e2000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                   0000000077c9ffa4 3 bytes JMP 70ee000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4                                               0000000077c9ffa8 2 bytes JMP 70ee000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                    0000000077ca0004 3 bytes JMP 7106000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4                                                0000000077ca0008 2 bytes JMP 7106000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                 0000000077ca0084 3 bytes JMP 7103000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4                                             0000000077ca0088 2 bytes JMP 7103000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                      0000000077ca00b4 3 bytes JMP 70e8000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                  0000000077ca00b8 2 bytes JMP 70e8000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                 0000000077ca03b8 3 bytes JMP 70d6000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4                                             0000000077ca03bc 2 bytes JMP 70d6000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                         0000000077ca0550 3 bytes JMP 7109000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4                                     0000000077ca0554 2 bytes JMP 7109000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                     0000000077ca0694 3 bytes JMP 70f7000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4                                                 0000000077ca0698 2 bytes JMP 70f7000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                        0000000077ca088c 3 bytes JMP 70df000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4                                    0000000077ca0890 2 bytes JMP 70df000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                  0000000077ca08a4 3 bytes JMP 70d9000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4                                              0000000077ca08a8 2 bytes JMP 70d9000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                      0000000077ca0df4 3 bytes JMP 70f4000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4                                                  0000000077ca0df8 2 bytes JMP 70f4000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                             0000000077ca0ed8 3 bytes JMP 70dc000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4                                         0000000077ca0edc 2 bytes JMP 70dc000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                            0000000077ca1be4 3 bytes JMP 70f1000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4                                        0000000077ca1be8 2 bytes JMP 70f1000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                  0000000077ca1cb4 3 bytes JMP 7100000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4                                              0000000077ca1cb8 2 bytes JMP 7100000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                              0000000077ca1d8c 3 bytes JMP 70fd000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4                                          0000000077ca1d90 2 bytes JMP 70fd000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                      0000000077cc1287 6 bytes JMP 71a8000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                 0000000075ce103d 6 bytes JMP 719c000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                 0000000075ce1072 6 bytes JMP 7199000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                           0000000075d0c965 6 bytes JMP 7190000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters                                 0000000075c5f776 6 bytes JMP 719f000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                         0000000075c62c91 4 bytes CALL 71ac0000
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!SetWindowLongW                                                   0000000075988332 6 bytes JMP 7163000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!PostThreadMessageW                                               0000000075988bff 6 bytes JMP 7157000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW                                            00000000759890d3 6 bytes JMP 7112000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!SendMessageW                                                     0000000075989679 6 bytes JMP 7151000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW                                              00000000759897d2 6 bytes JMP 714b000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                  000000007598ee09 6 bytes JMP 7169000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!RegisterHotKey                                                   000000007598efc9 3 bytes JMP 7118000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4                                               000000007598efcd 2 bytes JMP 7118000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!PostMessageW                                                     00000000759912a5 6 bytes JMP 715d000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!GetKeyState                                                      000000007599291f 6 bytes JMP 7130000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!SetParent                                                        0000000075992d64 3 bytes JMP 7127000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!SetParent + 4                                                    0000000075992d68 2 bytes JMP 7127000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!EnableWindow                                                     0000000075992da4 6 bytes JMP 710f000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!MoveWindow                                                       0000000075993698 3 bytes JMP 7124000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!MoveWindow + 4                                                   000000007599369c 2 bytes JMP 7124000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!PostMessageA                                                     0000000075993baa 6 bytes JMP 7160000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!PostThreadMessageA                                               0000000075993c61 6 bytes JMP 715a000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!SetWindowLongA                                                   0000000075996110 6 bytes JMP 7166000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!SendMessageA                                                     000000007599612e 6 bytes JMP 7154000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA                                            0000000075996c30 6 bytes JMP 7115000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                0000000075997603 6 bytes JMP 716c000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW                                               0000000075997668 6 bytes JMP 713f000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW                                             00000000759976e0 6 bytes JMP 7145000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA                                              000000007599781f 6 bytes JMP 714e000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                000000007599835c 6 bytes JMP 716f000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                                               000000007599c4b6 3 bytes JMP 7121000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4                                           000000007599c4ba 2 bytes JMP 7121000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA                                              00000000759ac112 6 bytes JMP 713c000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW                                              00000000759ad0f5 6 bytes JMP 7139000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                 00000000759aeb96 6 bytes JMP 712d000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!GetKeyboardState                                                 00000000759aec68 3 bytes JMP 7133000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4                                             00000000759aec6c 2 bytes JMP 7133000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!SendInput                                                        00000000759aff4a 3 bytes JMP 7136000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!SendInput + 4                                                    00000000759aff4e 2 bytes JMP 7136000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                 00000000759c9f1d 6 bytes JMP 711b000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!ExitWindowsEx                                                    00000000759d1497 6 bytes JMP 710c000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!mouse_event                                                      00000000759e027b 6 bytes JMP 7172000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!keybd_event                                                      00000000759e02bf 6 bytes JMP 7175000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA                                             00000000759e6cfc 6 bytes JMP 7148000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA                                               00000000759e6d5d 6 bytes JMP 7142000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!BlockInput                                                       00000000759e7dd7 3 bytes JMP 711e000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!BlockInput + 4                                                   00000000759e7ddb 2 bytes JMP 711e000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices                                          00000000759e88eb 3 bytes JMP 712a000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4                                      00000000759e88ef 2 bytes JMP 712a000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\GDI32.dll!DeleteDC                                                          00000000761d58b3 6 bytes JMP 7184000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\GDI32.dll!BitBlt                                                            00000000761d5ea6 6 bytes JMP 7181000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\GDI32.dll!CreateDCA                                                         00000000761d7bcc 6 bytes JMP 718d000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\GDI32.dll!StretchBlt                                                        00000000761db895 6 bytes JMP 7178000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\GDI32.dll!MaskBlt                                                           00000000761dc332 6 bytes JMP 717e000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\GDI32.dll!GetPixel                                                          00000000761dcbfb 6 bytes JMP 7187000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\GDI32.dll!CreateDCW                                                         00000000761de743 6 bytes JMP 718a000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\GDI32.dll!PlgBlt                                                            0000000076204646 6 bytes JMP 717b000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                           0000000075732538 6 bytes JMP 7196000a
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2228] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                        00000000757352e9 6 bytes JMP 7193000a
.text  C:\Windows\system32\wbem\wmiprvse.exe[2064] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                   000007fefe269055 3 bytes CALL c000000
.text  C:\Windows\system32\wbem\wmiprvse.exe[2064] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                           000007fefe2753c0 5 bytes [FF, 25, 70, AC, 16]
.text  C:\Windows\system32\wbem\wmiprvse.exe[2064] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA                                                                     000007feffb2a1a0 6 bytes JMP 0
.text  C:\Windows\system32\wbem\wmiprvse.exe[2064] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                                  000007feffb4fa50 6 bytes JMP 0
.text  C:\Windows\system32\wbem\wmiprvse.exe[2064] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                    000007fefe2d22cc 6 bytes {JMP QWORD [RIP+0x18dd64]}
.text  C:\Windows\system32\wbem\wmiprvse.exe[2064] C:\Windows\system32\GDI32.dll!BitBlt                                                                                      000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x31db70]}
.text  C:\Windows\system32\wbem\wmiprvse.exe[2064] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                     000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x33a450]}
.text  C:\Windows\system32\wbem\wmiprvse.exe[2064] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                   000007fefe2d8398 6 bytes {JMP QWORD [RIP+0x147c98]}
.text  C:\Windows\system32\wbem\wmiprvse.exe[2064] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                   000007fefe2d89c8 6 bytes JMP 0
.text  C:\Windows\system32\wbem\wmiprvse.exe[2064] C:\Windows\system32\GDI32.dll!GetPixel                                                                                    000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x166cec]}
.text  C:\Windows\system32\wbem\wmiprvse.exe[2064] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                  000007fefe2db9e8 6 bytes JMP 0
.text  C:\Windows\system32\wbem\wmiprvse.exe[2064] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                      000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x34ac20]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                      0000000077ac3b10 6 bytes {JMP QWORD [RIP+0x857c520]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                           0000000077af13a0 6 bytes {JMP QWORD [RIP+0x852ec90]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                0000000077af1570 6 bytes {JMP QWORD [RIP+0x8aeeac0]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                        0000000077af15e0 6 bytes {JMP QWORD [RIP+0x8bcea50]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                     0000000077af1620 6 bytes {JMP QWORD [RIP+0x8b8ea10]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                           0000000077af16c0 6 bytes {JMP QWORD [RIP+0x8bee970]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                   0000000077af1750 6 bytes {JMP QWORD [RIP+0x8b6e8e0]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                    0000000077af1790 6 bytes {JMP QWORD [RIP+0x8a6e8a0]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                 0000000077af17e0 6 bytes {JMP QWORD [RIP+0x8a8e850]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                      0000000077af1800 6 bytes {JMP QWORD [RIP+0x8bae830]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                 0000000077af19f0 6 bytes {JMP QWORD [RIP+0x8c6e640]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                         0000000077af1b00 6 bytes {JMP QWORD [RIP+0x8a4e530]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                     0000000077af1bd0 6 bytes {JMP QWORD [RIP+0x8b0e460]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                        0000000077af1d20 6 bytes {JMP QWORD [RIP+0x8c0e310]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                  0000000077af1d30 6 bytes {JMP QWORD [RIP+0x8c4e300]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                      0000000077af20a0 6 bytes {JMP QWORD [RIP+0x8b2df90]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                             0000000077af2130 6 bytes {JMP QWORD [RIP+0x8c2df00]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                            0000000077af29a0 6 bytes {JMP QWORD [RIP+0x8b4d690]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                  0000000077af2a20 6 bytes {JMP QWORD [RIP+0x8aad610]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2004] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                              0000000077af2aa0 6 bytes {JMP QWORD [RIP+0x8acd590]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2004] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                           000000007782a420 6 bytes {JMP QWORD [RIP+0x8875c10]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2004] C:\Windows\system32\kernel32.dll!CreateProcessW                                                 0000000077841b50 6 bytes {JMP QWORD [RIP+0x881e4e0]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2004] C:\Windows\system32\kernel32.dll!CreateProcessA                                                 00000000778b8810 6 bytes {JMP QWORD [RIP+0x87c7820]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2004] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                         000007fefe269055 3 bytes [B5, 6F, 12]
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2004] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                 000007fefe2753c0 5 bytes [FF, 25, 70, AC, 16]
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2004] C:\Windows\system32\GDI32.dll!DeleteDC                                                          000007fefe2d22cc 6 bytes {JMP QWORD [RIP+0x18dd64]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2004] C:\Windows\system32\GDI32.dll!BitBlt                                                            000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x81db70]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2004] C:\Windows\system32\GDI32.dll!MaskBlt                                                           000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x83a450]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2004] C:\Windows\system32\GDI32.dll!CreateDCW                                                         000007fefe2d8398 6 bytes {JMP QWORD [RIP+0x147c98]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2004] C:\Windows\system32\GDI32.dll!CreateDCA                                                         000007fefe2d89c8 6 bytes {JMP QWORD [RIP+0x127668]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2004] C:\Windows\system32\GDI32.dll!GetPixel                                                          000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x166cec]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2004] C:\Windows\system32\GDI32.dll!StretchBlt                                                        000007fefe2db9e8 6 bytes {JMP QWORD [RIP+0x874648]}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2004] C:\Windows\system32\GDI32.dll!PlgBlt                                                            000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x84ac20]}
.text  C:\Windows\system32\taskhost.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                     0000000077ac3b10 6 bytes {JMP QWORD [RIP+0x857c520]}
.text  C:\Windows\system32\taskhost.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                          0000000077af13a0 6 bytes {JMP QWORD [RIP+0x852ec90]}
.text  C:\Windows\system32\taskhost.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                               0000000077af1570 6 bytes {JMP QWORD [RIP+0x8aeeac0]}
.text  C:\Windows\system32\taskhost.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                       0000000077af15e0 6 bytes {JMP QWORD [RIP+0x8bcea50]}
.text  C:\Windows\system32\taskhost.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                    0000000077af1620 6 bytes {JMP QWORD [RIP+0x8b8ea10]}
.text  C:\Windows\system32\taskhost.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                          0000000077af16c0 6 bytes {JMP QWORD [RIP+0x8bee970]}
.text  C:\Windows\system32\taskhost.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                  0000000077af1750 6 bytes {JMP QWORD [RIP+0x8b6e8e0]}
.text  C:\Windows\system32\taskhost.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                   0000000077af1790 6 bytes {JMP QWORD [RIP+0x8a6e8a0]}
.text  C:\Windows\system32\taskhost.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                0000000077af17e0 6 bytes {JMP QWORD [RIP+0x8a8e850]}
.text  C:\Windows\system32\taskhost.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                     0000000077af1800 6 bytes {JMP QWORD [RIP+0x8bae830]}
.text  C:\Windows\system32\taskhost.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                0000000077af19f0 6 bytes {JMP QWORD [RIP+0x8c6e640]}
.text  C:\Windows\system32\taskhost.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                        0000000077af1b00 6 bytes {JMP QWORD [RIP+0x8a4e530]}
.text  C:\Windows\system32\taskhost.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                    0000000077af1bd0 6 bytes {JMP QWORD [RIP+0x8b0e460]}
.text  C:\Windows\system32\taskhost.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                       0000000077af1d20 6 bytes {JMP QWORD [RIP+0x8c0e310]}
.text  C:\Windows\system32\taskhost.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                 0000000077af1d30 6 bytes {JMP QWORD [RIP+0x8c4e300]}
.text  C:\Windows\system32\taskhost.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                     0000000077af20a0 6 bytes {JMP QWORD [RIP+0x8b2df90]}
.text  C:\Windows\system32\taskhost.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                            0000000077af2130 6 bytes {JMP QWORD [RIP+0x8c2df00]}
.text  C:\Windows\system32\taskhost.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                           0000000077af29a0 6 bytes {JMP QWORD [RIP+0x8b4d690]}
.text  C:\Windows\system32\taskhost.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                 0000000077af2a20 6 bytes {JMP QWORD [RIP+0x8aad610]}
.text  C:\Windows\system32\taskhost.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                             0000000077af2aa0 6 bytes {JMP QWORD [RIP+0x8acd590]}
.text  C:\Windows\system32\taskhost.exe[2072] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                          000000007782a420 6 bytes {JMP QWORD [RIP+0x8875c10]}
.text  C:\Windows\system32\taskhost.exe[2072] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                0000000077841b50 6 bytes {JMP QWORD [RIP+0x881e4e0]}
.text  C:\Windows\system32\taskhost.exe[2072] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                00000000778b8810 6 bytes {JMP QWORD [RIP+0x87c7820]}
.text  C:\Windows\system32\taskhost.exe[2072] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                        000007fefe269055 3 bytes [B5, 6F, 0D]
.text  C:\Windows\system32\taskhost.exe[2072] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                000007fefe2753c0 5 bytes [FF, 25, 70, AC, 11]
.text  C:\Windows\system32\taskhost.exe[2072] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                         000007fefe2d22cc 6 bytes JMP 0
.text  C:\Windows\system32\taskhost.exe[2072] C:\Windows\system32\GDI32.dll!BitBlt                                                                                           000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x15db70]}
.text  C:\Windows\system32\taskhost.exe[2072] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                          000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x17a450]}
.text  C:\Windows\system32\taskhost.exe[2072] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                        000007fefe2d8398 6 bytes {JMP QWORD [RIP+0xf7c98]}
.text  C:\Windows\system32\taskhost.exe[2072] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                        000007fefe2d89c8 6 bytes {JMP QWORD [RIP+0xd7668]}
.text  C:\Windows\system32\taskhost.exe[2072] C:\Windows\system32\GDI32.dll!GetPixel                                                                                         000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x116cec]}
.text  C:\Windows\system32\taskhost.exe[2072] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                       000007fefe2db9e8 6 bytes JMP 0
.text  C:\Windows\system32\taskhost.exe[2072] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                           000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x2fac20]}
.text  C:\Windows\system32\taskeng.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                      0000000077ac3b10 6 bytes {JMP QWORD [RIP+0x857c520]}
.text  C:\Windows\system32\taskeng.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                           0000000077af13a0 6 bytes {JMP QWORD [RIP+0x852ec90]}
.text  C:\Windows\system32\taskeng.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                0000000077af1570 6 bytes {JMP QWORD [RIP+0x8aeeac0]}
.text  C:\Windows\system32\taskeng.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                        0000000077af15e0 6 bytes {JMP QWORD [RIP+0x8bcea50]}
.text  C:\Windows\system32\taskeng.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                     0000000077af1620 6 bytes {JMP QWORD [RIP+0x8b8ea10]}
.text  C:\Windows\system32\taskeng.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                           0000000077af16c0 6 bytes {JMP QWORD [RIP+0x8bee970]}
.text  C:\Windows\system32\taskeng.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                   0000000077af1750 6 bytes {JMP QWORD [RIP+0x8b6e8e0]}
.text  C:\Windows\system32\taskeng.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                    0000000077af1790 6 bytes {JMP QWORD [RIP+0x8a6e8a0]}
.text  C:\Windows\system32\taskeng.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                 0000000077af17e0 6 bytes {JMP QWORD [RIP+0x8a8e850]}
.text  C:\Windows\system32\taskeng.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                      0000000077af1800 6 bytes {JMP QWORD [RIP+0x8bae830]}
.text  C:\Windows\system32\taskeng.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                 0000000077af19f0 6 bytes {JMP QWORD [RIP+0x8c6e640]}
.text  C:\Windows\system32\taskeng.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                         0000000077af1b00 6 bytes {JMP QWORD [RIP+0x8a4e530]}
.text  C:\Windows\system32\taskeng.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                     0000000077af1bd0 6 bytes {JMP QWORD [RIP+0x8b0e460]}
.text  C:\Windows\system32\taskeng.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                        0000000077af1d20 6 bytes {JMP QWORD [RIP+0x8c0e310]}
.text  C:\Windows\system32\taskeng.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                  0000000077af1d30 6 bytes {JMP QWORD [RIP+0x8c4e300]}
.text  C:\Windows\system32\taskeng.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                      0000000077af20a0 6 bytes {JMP QWORD [RIP+0x8b2df90]}
.text  C:\Windows\system32\taskeng.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                             0000000077af2130 6 bytes {JMP QWORD [RIP+0x8c2df00]}
.text  C:\Windows\system32\taskeng.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                            0000000077af29a0 6 bytes {JMP QWORD [RIP+0x8b4d690]}
.text  C:\Windows\system32\taskeng.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                  0000000077af2a20 6 bytes {JMP QWORD [RIP+0x8aad610]}
.text  C:\Windows\system32\taskeng.exe[2312] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                              0000000077af2aa0 6 bytes {JMP QWORD [RIP+0x8acd590]}
.text  C:\Windows\system32\taskeng.exe[2312] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                         000007fefe269055 3 bytes [B5, 6F, 0D]
.text  C:\Windows\system32\taskeng.exe[2312] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                 000007fefe2753c0 5 bytes JMP 0
.text  C:\Windows\system32\taskeng.exe[2312] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                          000007fefe2d22cc 6 bytes JMP 0
.text  C:\Windows\system32\taskeng.exe[2312] C:\Windows\system32\GDI32.dll!BitBlt                                                                                            000007fefe2d24c0 6 bytes JMP 15d490
.text  C:\Windows\system32\taskeng.exe[2312] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                           000007fefe2d5be0 6 bytes JMP 0
.text  C:\Windows\system32\taskeng.exe[2312] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                         000007fefe2d8398 6 bytes {JMP QWORD [RIP+0xf7c98]}
.text  C:\Windows\system32\taskeng.exe[2312] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                         000007fefe2d89c8 6 bytes {JMP QWORD [RIP+0xd7668]}
.text  C:\Windows\system32\taskeng.exe[2312] C:\Windows\system32\GDI32.dll!GetPixel                                                                                          000007fefe2d9344 6 bytes JMP 0
.text  C:\Windows\system32\taskeng.exe[2312] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                        000007fefe2db9e8 6 bytes JMP 0
.text  C:\Windows\system32\taskeng.exe[2312] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                            000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x2fac20]}
.text  C:\Windows\system32\conhost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                      0000000077ac3b10 6 bytes {JMP QWORD [RIP+0x857c520]}
.text  C:\Windows\system32\conhost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                           0000000077af13a0 6 bytes {JMP QWORD [RIP+0x852ec90]}
.text  C:\Windows\system32\conhost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                0000000077af1570 6 bytes {JMP QWORD [RIP+0x8aeeac0]}
.text  C:\Windows\system32\conhost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                        0000000077af15e0 6 bytes {JMP QWORD [RIP+0x8bcea50]}
.text  C:\Windows\system32\conhost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                     0000000077af1620 6 bytes {JMP QWORD [RIP+0x8b8ea10]}
.text  C:\Windows\system32\conhost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                           0000000077af16c0 6 bytes {JMP QWORD [RIP+0x8bee970]}
.text  C:\Windows\system32\conhost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                   0000000077af1750 6 bytes {JMP QWORD [RIP+0x8b6e8e0]}
.text  C:\Windows\system32\conhost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                    0000000077af1790 6 bytes {JMP QWORD [RIP+0x8a6e8a0]}
.text  C:\Windows\system32\conhost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                 0000000077af17e0 6 bytes {JMP QWORD [RIP+0x8a8e850]}
.text  C:\Windows\system32\conhost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                      0000000077af1800 6 bytes {JMP QWORD [RIP+0x8bae830]}
.text  C:\Windows\system32\conhost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                 0000000077af19f0 6 bytes {JMP QWORD [RIP+0x8c6e640]}
.text  C:\Windows\system32\conhost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                         0000000077af1b00 6 bytes {JMP QWORD [RIP+0x8a4e530]}
.text  C:\Windows\system32\conhost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                     0000000077af1bd0 6 bytes {JMP QWORD [RIP+0x8b0e460]}
.text  C:\Windows\system32\conhost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                        0000000077af1d20 6 bytes {JMP QWORD [RIP+0x8c0e310]}
.text  C:\Windows\system32\conhost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                  0000000077af1d30 6 bytes {JMP QWORD [RIP+0x8c4e300]}
.text  C:\Windows\system32\conhost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                      0000000077af20a0 6 bytes {JMP QWORD [RIP+0x8b2df90]}
.text  C:\Windows\system32\conhost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                             0000000077af2130 6 bytes {JMP QWORD [RIP+0x8c2df00]}
.text  C:\Windows\system32\conhost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                            0000000077af29a0 6 bytes {JMP QWORD [RIP+0x8b4d690]}
.text  C:\Windows\system32\conhost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                  0000000077af2a20 6 bytes {JMP QWORD [RIP+0x8aad610]}
.text  C:\Windows\system32\conhost.exe[3144] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                              0000000077af2aa0 6 bytes {JMP QWORD [RIP+0x8acd590]}
.text  C:\Windows\system32\conhost.exe[3144] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                           000000007782a420 6 bytes {JMP QWORD [RIP+0x8875c10]}
.text  C:\Windows\system32\conhost.exe[3144] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                 0000000077841b50 6 bytes {JMP QWORD [RIP+0x881e4e0]}
.text  C:\Windows\system32\conhost.exe[3144] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                 00000000778b8810 6 bytes {JMP QWORD [RIP+0x87c7820]}
.text  C:\Windows\system32\conhost.exe[3144] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                         000007fefe269055 3 bytes [B5, 6F, 0D]
.text  C:\Windows\system32\conhost.exe[3144] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                 000007fefe2753c0 5 bytes [FF, 25, 70, AC, 11]
.text  C:\Windows\system32\conhost.exe[3144] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                          000007fefe2d22cc 6 bytes {JMP QWORD [RIP+0x13dd64]}
.text  C:\Windows\system32\conhost.exe[3144] C:\Windows\system32\GDI32.dll!BitBlt                                                                                            000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x15db70]}
.text  C:\Windows\system32\conhost.exe[3144] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                           000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x17a450]}
.text  C:\Windows\system32\conhost.exe[3144] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                         000007fefe2d8398 6 bytes {JMP QWORD [RIP+0xf7c98]}
.text  C:\Windows\system32\conhost.exe[3144] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                         000007fefe2d89c8 6 bytes {JMP QWORD [RIP+0xd7668]}
.text  C:\Windows\system32\conhost.exe[3144] C:\Windows\system32\GDI32.dll!GetPixel                                                                                          000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x116cec]}
.text  C:\Windows\system32\conhost.exe[3144] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                        000007fefe2db9e8 6 bytes {JMP QWORD [RIP+0x324648]}
.text  C:\Windows\system32\conhost.exe[3144] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                            000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x2fac20]}
.text  C:\Windows\system32\Dwm.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                          0000000077ac3b10 6 bytes {JMP QWORD [RIP+0x857c520]}
.text  C:\Windows\system32\Dwm.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                               0000000077af13a0 6 bytes {JMP QWORD [RIP+0x852ec90]}
.text  C:\Windows\system32\Dwm.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                    0000000077af1570 6 bytes {JMP QWORD [RIP+0x8aeeac0]}
.text  C:\Windows\system32\Dwm.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                            0000000077af15e0 6 bytes {JMP QWORD [RIP+0x8bcea50]}
.text  C:\Windows\system32\Dwm.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                         0000000077af1620 6 bytes {JMP QWORD [RIP+0x8b8ea10]}
.text  C:\Windows\system32\Dwm.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                               0000000077af16c0 6 bytes {JMP QWORD [RIP+0x8bee970]}
.text  C:\Windows\system32\Dwm.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                       0000000077af1750 6 bytes {JMP QWORD [RIP+0x8b6e8e0]}
.text  C:\Windows\system32\Dwm.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                        0000000077af1790 6 bytes {JMP QWORD [RIP+0x8a6e8a0]}
.text  C:\Windows\system32\Dwm.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                     0000000077af17e0 6 bytes {JMP QWORD [RIP+0x8a8e850]}
.text  C:\Windows\system32\Dwm.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                          0000000077af1800 6 bytes {JMP QWORD [RIP+0x8bae830]}
.text  C:\Windows\system32\Dwm.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                     0000000077af19f0 6 bytes {JMP QWORD [RIP+0x8c6e640]}
.text  C:\Windows\system32\Dwm.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                             0000000077af1b00 6 bytes {JMP QWORD [RIP+0x8a4e530]}
.text  C:\Windows\system32\Dwm.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                         0000000077af1bd0 6 bytes {JMP QWORD [RIP+0x8b0e460]}
.text  C:\Windows\system32\Dwm.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                            0000000077af1d20 6 bytes {JMP QWORD [RIP+0x8c0e310]}
.text  C:\Windows\system32\Dwm.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                      0000000077af1d30 6 bytes {JMP QWORD [RIP+0x8c4e300]}
.text  C:\Windows\system32\Dwm.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                          0000000077af20a0 6 bytes {JMP QWORD [RIP+0x8b2df90]}
.text  C:\Windows\system32\Dwm.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                                 0000000077af2130 6 bytes {JMP QWORD [RIP+0x8c2df00]}
.text  C:\Windows\system32\Dwm.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                0000000077af29a0 6 bytes {JMP QWORD [RIP+0x8b4d690]}
.text  C:\Windows\system32\Dwm.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                      0000000077af2a20 6 bytes {JMP QWORD [RIP+0x8aad610]}
.text  C:\Windows\system32\Dwm.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                  0000000077af2aa0 6 bytes {JMP QWORD [RIP+0x8acd590]}
.text  C:\Windows\system32\Dwm.exe[3324] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                             000007fefe269055 3 bytes [B5, 6F, 0D]
.text  C:\Windows\system32\Dwm.exe[3324] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                     000007fefe2753c0 5 bytes JMP 0
.text  C:\Windows\system32\Dwm.exe[3324] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                              000007fefe2d22cc 6 bytes JMP 0

ivegotnoclue · 02.10.2013, 13:14

GMER - Teil 5

Code:

ATTFilter

.text  C:\Windows\system32\Dwm.exe[3324] C:\Windows\system32\GDI32.dll!BitBlt                                                                                                000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x15db70]}
.text  C:\Windows\system32\Dwm.exe[3324] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                               000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x17a450]}
.text  C:\Windows\system32\Dwm.exe[3324] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                             000007fefe2d8398 6 bytes JMP 0
.text  C:\Windows\system32\Dwm.exe[3324] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                             000007fefe2d89c8 6 bytes {JMP QWORD [RIP+0xd7668]}
.text  C:\Windows\system32\Dwm.exe[3324] C:\Windows\system32\GDI32.dll!GetPixel                                                                                              000007fefe2d9344 6 bytes JMP 0
.text  C:\Windows\system32\Dwm.exe[3324] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                            000007fefe2db9e8 6 bytes {JMP QWORD [RIP+0x324648]}
.text  C:\Windows\system32\Dwm.exe[3324] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                                000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x2fac20]}
.text  C:\Windows\Explorer.EXE[3348] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                              0000000077ac3b10 6 bytes {JMP QWORD [RIP+0x857c520]}
.text  C:\Windows\Explorer.EXE[3348] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                   0000000077af13a0 6 bytes {JMP QWORD [RIP+0x852ec90]}
.text  C:\Windows\Explorer.EXE[3348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                        0000000077af1570 6 bytes {JMP QWORD [RIP+0x8aeeac0]}
.text  C:\Windows\Explorer.EXE[3348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                                0000000077af15e0 6 bytes {JMP QWORD [RIP+0x8bcea50]}
.text  C:\Windows\Explorer.EXE[3348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                             0000000077af1620 6 bytes {JMP QWORD [RIP+0x8b8ea10]}
.text  C:\Windows\Explorer.EXE[3348] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                                   0000000077af16c0 6 bytes {JMP QWORD [RIP+0x8bee970]}
.text  C:\Windows\Explorer.EXE[3348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                           0000000077af1750 6 bytes {JMP QWORD [RIP+0x8b6e8e0]}
.text  C:\Windows\Explorer.EXE[3348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                            0000000077af1790 6 bytes JMP 0
.text  C:\Windows\Explorer.EXE[3348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                                         0000000077af17e0 6 bytes {JMP QWORD [RIP+0x8a8e850]}
.text  C:\Windows\Explorer.EXE[3348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                              0000000077af1800 6 bytes {JMP QWORD [RIP+0x8bae830]}
.text  C:\Windows\Explorer.EXE[3348] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                                         0000000077af19f0 6 bytes {JMP QWORD [RIP+0x8c6e640]}
.text  C:\Windows\Explorer.EXE[3348] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                                 0000000077af1b00 6 bytes {JMP QWORD [RIP+0x8a4e530]}
.text  C:\Windows\Explorer.EXE[3348] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                                             0000000077af1bd0 6 bytes {JMP QWORD [RIP+0x8b0e460]}
.text  C:\Windows\Explorer.EXE[3348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                                0000000077af1d20 6 bytes {JMP QWORD [RIP+0x8c0e310]}
.text  C:\Windows\Explorer.EXE[3348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                          0000000077af1d30 6 bytes {JMP QWORD [RIP+0x8c4e300]}
.text  C:\Windows\Explorer.EXE[3348] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                              0000000077af20a0 6 bytes {JMP QWORD [RIP+0x8b2df90]}
.text  C:\Windows\Explorer.EXE[3348] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                                     0000000077af2130 6 bytes {JMP QWORD [RIP+0x8c2df00]}
.text  C:\Windows\Explorer.EXE[3348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                    0000000077af29a0 6 bytes {JMP QWORD [RIP+0x8b4d690]}
.text  C:\Windows\Explorer.EXE[3348] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                                          0000000077af2a20 6 bytes {JMP QWORD [RIP+0x8aad610]}
.text  C:\Windows\Explorer.EXE[3348] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                      0000000077af2aa0 6 bytes {JMP QWORD [RIP+0x8acd590]}
.text  C:\Windows\Explorer.EXE[3348] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                   000000007782a420 6 bytes {JMP QWORD [RIP+0x8875c10]}
.text  C:\Windows\Explorer.EXE[3348] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                         0000000077841b50 6 bytes {JMP QWORD [RIP+0x881e4e0]}
.text  C:\Windows\Explorer.EXE[3348] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                         00000000778b8810 6 bytes {JMP QWORD [RIP+0x87c7820]}
.text  C:\Windows\Explorer.EXE[3348] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                 000007fefe269055 3 bytes CALL 0
.text  C:\Windows\Explorer.EXE[3348] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                         000007fefe2753c0 5 bytes [FF, 25, 70, AC, 11]
.text  C:\Windows\Explorer.EXE[3348] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                                  000007fefe2d22cc 6 bytes {JMP QWORD [RIP+0x13dd64]}
.text  C:\Windows\Explorer.EXE[3348] C:\Windows\system32\GDI32.dll!BitBlt                                                                                                    000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x15db70]}
.text  C:\Windows\Explorer.EXE[3348] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                                   000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x17a450]}
.text  C:\Windows\Explorer.EXE[3348] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                                 000007fefe2d8398 6 bytes {JMP QWORD [RIP+0xf7c98]}
.text  C:\Windows\Explorer.EXE[3348] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                                 000007fefe2d89c8 6 bytes {JMP QWORD [RIP+0xd7668]}
.text  C:\Windows\Explorer.EXE[3348] C:\Windows\system32\GDI32.dll!GetPixel                                                                                                  000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x116cec]}
.text  C:\Windows\Explorer.EXE[3348] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                                000007fefe2db9e8 6 bytes {JMP QWORD [RIP+0x824648]}
.text  C:\Windows\Explorer.EXE[3348] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                                    000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x7fac20]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                      0000000077ac3b10 6 bytes {JMP QWORD [RIP+0x857c520]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                           0000000077af13a0 6 bytes {JMP QWORD [RIP+0x852ec90]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                0000000077af1570 6 bytes {JMP QWORD [RIP+0x8aeeac0]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                        0000000077af15e0 6 bytes {JMP QWORD [RIP+0x8bcea50]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                     0000000077af1620 6 bytes {JMP QWORD [RIP+0x8b8ea10]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                           0000000077af16c0 6 bytes {JMP QWORD [RIP+0x8bee970]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                   0000000077af1750 6 bytes {JMP QWORD [RIP+0x8b6e8e0]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                    0000000077af1790 6 bytes {JMP QWORD [RIP+0x8a6e8a0]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                 0000000077af17e0 6 bytes {JMP QWORD [RIP+0x8a8e850]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                      0000000077af1800 6 bytes {JMP QWORD [RIP+0x8bae830]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                 0000000077af19f0 6 bytes {JMP QWORD [RIP+0x8c6e640]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                         0000000077af1b00 6 bytes {JMP QWORD [RIP+0x8a4e530]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                     0000000077af1bd0 6 bytes {JMP QWORD [RIP+0x8b0e460]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                        0000000077af1d20 6 bytes {JMP QWORD [RIP+0x8c0e310]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                  0000000077af1d30 6 bytes {JMP QWORD [RIP+0x8c4e300]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                      0000000077af20a0 6 bytes {JMP QWORD [RIP+0x8b2df90]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                             0000000077af2130 6 bytes {JMP QWORD [RIP+0x8c2df00]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                            0000000077af29a0 6 bytes {JMP QWORD [RIP+0x8b4d690]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                  0000000077af2a20 6 bytes {JMP QWORD [RIP+0x8aad610]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                              0000000077af2aa0 6 bytes {JMP QWORD [RIP+0x8acd590]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                           000000007782a420 6 bytes {JMP QWORD [RIP+0x8875c10]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                 0000000077841b50 6 bytes {JMP QWORD [RIP+0x881e4e0]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                 00000000778b8810 6 bytes {JMP QWORD [RIP+0x87c7820]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                         000007fefe269055 3 bytes [B5, 6F, 0D]
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                 000007fefe2753c0 5 bytes [FF, 25, 70, AC, 11]
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\Windows\system32\GDI32.dll!DeleteDC                                                                          000007fefe2d22cc 6 bytes {JMP QWORD [RIP+0x13dd64]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\Windows\system32\GDI32.dll!BitBlt                                                                            000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x15db70]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\Windows\system32\GDI32.dll!MaskBlt                                                                           000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x17a450]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\Windows\system32\GDI32.dll!CreateDCW                                                                         000007fefe2d8398 6 bytes {JMP QWORD [RIP+0xf7c98]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\Windows\system32\GDI32.dll!CreateDCA                                                                         000007fefe2d89c8 6 bytes {JMP QWORD [RIP+0xd7668]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\Windows\system32\GDI32.dll!GetPixel                                                                          000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x116cec]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\Windows\system32\GDI32.dll!StretchBlt                                                                        000007fefe2db9e8 6 bytes {JMP QWORD [RIP+0x1984648]}
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3476] C:\Windows\system32\GDI32.dll!PlgBlt                                                                            000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x191ac20]}
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                   0000000077c9f9e0 3 bytes JMP 71af000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4                                               0000000077c9f9e4 2 bytes JMP 71af000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                        0000000077c9fcb0 3 bytes JMP 70fa000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4                                    0000000077c9fcb4 2 bytes JMP 70fa000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                0000000077c9fd64 3 bytes JMP 70e5000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                            0000000077c9fd68 2 bytes JMP 70e5000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                             0000000077c9fdc8 3 bytes JMP 70eb000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4                                         0000000077c9fdcc 2 bytes JMP 70eb000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                   0000000077c9fec0 3 bytes JMP 70e2000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4                               0000000077c9fec4 2 bytes JMP 70e2000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                           0000000077c9ffa4 3 bytes JMP 70ee000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4                                       0000000077c9ffa8 2 bytes JMP 70ee000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                            0000000077ca0004 3 bytes JMP 7106000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4                                        0000000077ca0008 2 bytes JMP 7106000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                         0000000077ca0084 3 bytes JMP 7103000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4                                     0000000077ca0088 2 bytes JMP 7103000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                              0000000077ca00b4 3 bytes JMP 70e8000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                          0000000077ca00b8 2 bytes JMP 70e8000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                         0000000077ca03b8 3 bytes JMP 70d6000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4                                     0000000077ca03bc 2 bytes JMP 70d6000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                 0000000077ca0550 3 bytes JMP 7109000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4                             0000000077ca0554 2 bytes JMP 7109000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                             0000000077ca0694 3 bytes JMP 70f7000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4                                         0000000077ca0698 2 bytes JMP 70f7000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                0000000077ca088c 3 bytes JMP 70df000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4                            0000000077ca0890 2 bytes JMP 70df000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                          0000000077ca08a4 3 bytes JMP 70d9000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4                                      0000000077ca08a8 2 bytes JMP 70d9000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                              0000000077ca0df4 3 bytes JMP 70f4000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4                                          0000000077ca0df8 2 bytes JMP 70f4000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                     0000000077ca0ed8 3 bytes JMP 70dc000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4                                 0000000077ca0edc 2 bytes JMP 70dc000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                    0000000077ca1be4 3 bytes JMP 70f1000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4                                0000000077ca1be8 2 bytes JMP 70f1000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                          0000000077ca1cb4 3 bytes JMP 7100000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4                                      0000000077ca1cb8 2 bytes JMP 7100000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                      0000000077ca1d8c 3 bytes JMP 70fd000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4                                  0000000077ca1d90 2 bytes JMP 70fd000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                              0000000077cc1287 6 bytes JMP 71a8000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                         0000000075ce103d 6 bytes JMP 719c000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                         0000000075ce1072 6 bytes JMP 7199000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                   0000000075d0c965 6 bytes JMP 7190000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters                         0000000075c5f776 6 bytes JMP 719f000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                 0000000075c62c91 4 bytes CALL 71ac0000
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\GDI32.dll!DeleteDC                                                  00000000761d58b3 6 bytes JMP 7184000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\GDI32.dll!BitBlt                                                    00000000761d5ea6 6 bytes JMP 7181000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\GDI32.dll!CreateDCA                                                 00000000761d7bcc 6 bytes JMP 718d000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\GDI32.dll!StretchBlt                                                00000000761db895 6 bytes JMP 7178000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\GDI32.dll!MaskBlt                                                   00000000761dc332 6 bytes JMP 717e000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\GDI32.dll!GetPixel                                                  00000000761dcbfb 6 bytes JMP 7187000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\GDI32.dll!CreateDCW                                                 00000000761de743 6 bytes JMP 718a000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\GDI32.dll!PlgBlt                                                    0000000076204646 6 bytes JMP 717b000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!SetWindowLongW                                           0000000075988332 6 bytes JMP 7163000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!PostThreadMessageW                                       0000000075988bff 6 bytes JMP 7157000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW                                    00000000759890d3 6 bytes JMP 7112000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!SendMessageW                                             0000000075989679 6 bytes JMP 7151000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW                                      00000000759897d2 6 bytes JMP 714b000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                          000000007598ee09 6 bytes JMP 7169000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!RegisterHotKey                                           000000007598efc9 3 bytes JMP 7118000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4                                       000000007598efcd 2 bytes JMP 7118000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!PostMessageW                                             00000000759912a5 6 bytes JMP 715d000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!GetKeyState                                              000000007599291f 6 bytes JMP 7130000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!SetParent                                                0000000075992d64 3 bytes JMP 7127000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!SetParent + 4                                            0000000075992d68 2 bytes JMP 7127000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!EnableWindow                                             0000000075992da4 6 bytes JMP 710f000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!MoveWindow                                               0000000075993698 3 bytes JMP 7124000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!MoveWindow + 4                                           000000007599369c 2 bytes JMP 7124000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!PostMessageA                                             0000000075993baa 6 bytes JMP 7160000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!PostThreadMessageA                                       0000000075993c61 6 bytes JMP 715a000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!SetWindowLongA                                           0000000075996110 6 bytes JMP 7166000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!SendMessageA                                             000000007599612e 6 bytes JMP 7154000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA                                    0000000075996c30 6 bytes JMP 7115000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                        0000000075997603 6 bytes JMP 716c000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW                                       0000000075997668 6 bytes JMP 713f000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW                                     00000000759976e0 6 bytes JMP 7145000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA                                      000000007599781f 6 bytes JMP 714e000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                        000000007599835c 6 bytes JMP 716f000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                                       000000007599c4b6 3 bytes JMP 7121000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4                                   000000007599c4ba 2 bytes JMP 7121000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA                                      00000000759ac112 6 bytes JMP 713c000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW                                      00000000759ad0f5 6 bytes JMP 7139000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                         00000000759aeb96 6 bytes JMP 712d000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!GetKeyboardState                                         00000000759aec68 3 bytes JMP 7133000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4                                     00000000759aec6c 2 bytes JMP 7133000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!SendInput                                                00000000759aff4a 3 bytes JMP 7136000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!SendInput + 4                                            00000000759aff4e 2 bytes JMP 7136000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!GetClipboardData                                         00000000759c9f1d 6 bytes JMP 711b000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!ExitWindowsEx                                            00000000759d1497 6 bytes JMP 710c000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!mouse_event                                              00000000759e027b 6 bytes JMP 7172000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!keybd_event                                              00000000759e02bf 6 bytes JMP 7175000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA                                     00000000759e6cfc 6 bytes JMP 7148000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA                                       00000000759e6d5d 6 bytes JMP 7142000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!BlockInput                                               00000000759e7dd7 3 bytes JMP 711e000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!BlockInput + 4                                           00000000759e7ddb 2 bytes JMP 711e000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices                                  00000000759e88eb 3 bytes JMP 712a000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4                              00000000759e88ef 2 bytes JMP 712a000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                   0000000075732538 6 bytes JMP 7196000a
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3492] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                00000000757352e9 6 bytes JMP 7193000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                              0000000077c9f9e0 3 bytes JMP 71af000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4                                                                          0000000077c9f9e4 2 bytes JMP 71af000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                   0000000077c9fcb0 3 bytes JMP 70fa000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4                                                               0000000077c9fcb4 2 bytes JMP 70fa000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                           0000000077c9fd64 3 bytes JMP 70e5000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                                       0000000077c9fd68 2 bytes JMP 70e5000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                        0000000077c9fdc8 3 bytes JMP 70eb000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4                                                                    0000000077c9fdcc 2 bytes JMP 70eb000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                                              0000000077c9fec0 3 bytes JMP 70e2000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4                                                          0000000077c9fec4 2 bytes JMP 70e2000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                      0000000077c9ffa4 3 bytes JMP 70ee000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4                                                                  0000000077c9ffa8 2 bytes JMP 70ee000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                       0000000077ca0004 3 bytes JMP 7106000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4                                                                   0000000077ca0008 2 bytes JMP 7106000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                    0000000077ca0084 3 bytes JMP 7103000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4                                                                0000000077ca0088 2 bytes JMP 7103000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                         0000000077ca00b4 3 bytes JMP 70e8000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                                     0000000077ca00b8 2 bytes JMP 70e8000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                                    0000000077ca03b8 3 bytes JMP 70d6000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4                                                                0000000077ca03bc 2 bytes JMP 70d6000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                                            0000000077ca0550 3 bytes JMP 7109000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4                                                        0000000077ca0554 2 bytes JMP 7109000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                                        0000000077ca0694 3 bytes JMP 70f7000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4                                                                    0000000077ca0698 2 bytes JMP 70f7000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                           0000000077ca088c 3 bytes JMP 70df000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4                                                       0000000077ca0890 2 bytes JMP 70df000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                     0000000077ca08a4 3 bytes JMP 70d9000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4                                                                 0000000077ca08a8 2 bytes JMP 70d9000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                         0000000077ca0df4 3 bytes JMP 70f4000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4                                                                     0000000077ca0df8 2 bytes JMP 70f4000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                                                0000000077ca0ed8 3 bytes JMP 70dc000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4                                                            0000000077ca0edc 2 bytes JMP 70dc000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                               0000000077ca1be4 3 bytes JMP 70f1000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4                                                           0000000077ca1be8 2 bytes JMP 70f1000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                                     0000000077ca1cb4 3 bytes JMP 7100000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4                                                                 0000000077ca1cb8 2 bytes JMP 7100000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                 0000000077ca1d8c 3 bytes JMP 70fd000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4                                                             0000000077ca1d90 2 bytes JMP 70fd000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                         0000000077cc1287 6 bytes JMP 71a8000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                    0000000075ce103d 6 bytes JMP 719c000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                    0000000075ce1072 6 bytes JMP 7199000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                              0000000075d0c965 6 bytes JMP 7190000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters                                                    0000000075c5f776 6 bytes JMP 719f000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                            0000000075c62c91 4 bytes CALL 71ac0000
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!SetWindowLongW                                                                      0000000075988332 6 bytes JMP 7163000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!PostThreadMessageW                                                                  0000000075988bff 6 bytes JMP 7157000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW                                                               00000000759890d3 6 bytes JMP 7112000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!SendMessageW                                                                        0000000075989679 6 bytes JMP 7151000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW                                                                 00000000759897d2 6 bytes JMP 714b000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                     000000007598ee09 6 bytes JMP 7169000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!RegisterHotKey                                                                      000000007598efc9 3 bytes JMP 7118000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4                                                                  000000007598efcd 2 bytes JMP 7118000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                        00000000759912a5 6 bytes JMP 715d000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!GetKeyState                                                                         000000007599291f 6 bytes JMP 7130000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!SetParent                                                                           0000000075992d64 3 bytes JMP 7127000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!SetParent + 4                                                                       0000000075992d68 2 bytes JMP 7127000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!EnableWindow                                                                        0000000075992da4 6 bytes JMP 710f000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!MoveWindow                                                                          0000000075993698 3 bytes JMP 7124000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!MoveWindow + 4                                                                      000000007599369c 2 bytes JMP 7124000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                        0000000075993baa 6 bytes JMP 7160000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!PostThreadMessageA                                                                  0000000075993c61 6 bytes JMP 715a000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!SetWindowLongA                                                                      0000000075996110 6 bytes JMP 7166000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!SendMessageA                                                                        000000007599612e 6 bytes JMP 7154000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA                                                               0000000075996c30 6 bytes JMP 7115000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                   0000000075997603 6 bytes JMP 716c000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW                                                                  0000000075997668 6 bytes JMP 713f000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW                                                                00000000759976e0 6 bytes JMP 7145000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA                                                                 000000007599781f 6 bytes JMP 714e000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                   000000007599835c 6 bytes JMP 716f000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                                                                  000000007599c4b6 3 bytes JMP 7121000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4                                                              000000007599c4ba 2 bytes JMP 7121000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA                                                                 00000000759ac112 6 bytes JMP 713c000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW                                                                 00000000759ad0f5 6 bytes JMP 7139000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                                    00000000759aeb96 6 bytes JMP 712d000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!GetKeyboardState                                                                    00000000759aec68 3 bytes JMP 7133000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4                                                                00000000759aec6c 2 bytes JMP 7133000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!SendInput                                                                           00000000759aff4a 3 bytes JMP 7136000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!SendInput + 4                                                                       00000000759aff4e 2 bytes JMP 7136000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                                    00000000759c9f1d 6 bytes JMP 711b000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!ExitWindowsEx                                                                       00000000759d1497 6 bytes JMP 710c000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!mouse_event                                                                         00000000759e027b 6 bytes JMP 7172000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!keybd_event                                                                         00000000759e02bf 6 bytes JMP 7175000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA                                                                00000000759e6cfc 6 bytes JMP 7148000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA                                                                  00000000759e6d5d 6 bytes JMP 7142000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!BlockInput                                                                          00000000759e7dd7 3 bytes JMP 711e000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!BlockInput + 4                                                                      00000000759e7ddb 2 bytes JMP 711e000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices                                                             00000000759e88eb 3 bytes JMP 712a000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4                                                         00000000759e88ef 2 bytes JMP 712a000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\GDI32.dll!DeleteDC                                                                             00000000761d58b3 6 bytes JMP 7184000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\GDI32.dll!BitBlt                                                                               00000000761d5ea6 6 bytes JMP 7181000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\GDI32.dll!CreateDCA                                                                            00000000761d7bcc 6 bytes JMP 718d000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\GDI32.dll!StretchBlt                                                                           00000000761db895 6 bytes JMP 7178000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\GDI32.dll!MaskBlt                                                                              00000000761dc332 6 bytes JMP 717e000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\GDI32.dll!GetPixel                                                                             00000000761dcbfb 6 bytes JMP 7187000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\GDI32.dll!CreateDCW                                                                            00000000761de743 6 bytes JMP 718a000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\GDI32.dll!PlgBlt                                                                               0000000076204646 6 bytes JMP 717b000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                              0000000075732538 6 bytes JMP 7196000a
.text  C:\ProgramData\DatacardService\DCSHelper.exe[3712] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                           00000000757352e9 6 bytes JMP 7193000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtClose                            0000000077c9f9e0 3 bytes JMP 71af000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4                        0000000077c9f9e4 2 bytes JMP 71af000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                 0000000077c9fcb0 3 bytes JMP 70fa000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4             0000000077c9fcb4 2 bytes JMP 70fa000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                         0000000077c9fd64 3 bytes JMP 70e5000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                     0000000077c9fd68 2 bytes JMP 70e5000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                      0000000077c9fdc8 3 bytes JMP 70eb000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4                  0000000077c9fdcc 2 bytes JMP 70eb000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken            0000000077c9fec0 3 bytes JMP 70e2000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4        0000000077c9fec4 2 bytes JMP 70e2000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                    0000000077c9ffa4 3 bytes JMP 70ee000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4                0000000077c9ffa8 2 bytes JMP 70ee000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                     0000000077ca0004 3 bytes JMP 7106000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4                 0000000077ca0008 2 bytes JMP 7106000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                  0000000077ca0084 3 bytes JMP 7103000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4              0000000077ca0088 2 bytes JMP 7103000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                       0000000077ca00b4 3 bytes JMP 70e8000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                   0000000077ca00b8 2 bytes JMP 70e8000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                  0000000077ca03b8 3 bytes JMP 70d6000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4              0000000077ca03bc 2 bytes JMP 70d6000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort          0000000077ca0550 3 bytes JMP 7109000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4      0000000077ca0554 2 bytes JMP 7109000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                      0000000077ca0694 3 bytes JMP 70f7000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4                  0000000077ca0698 2 bytes JMP 70f7000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject         0000000077ca088c 3 bytes JMP 70df000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4     0000000077ca0890 2 bytes JMP 70df000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                   0000000077ca08a4 3 bytes JMP 70d9000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4               0000000077ca08a8 2 bytes JMP 70d9000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                       0000000077ca0df4 3 bytes JMP 70f4000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4                   0000000077ca0df8 2 bytes JMP 70f4000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject              0000000077ca0ed8 3 bytes JMP 70dc000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4          0000000077ca0edc 2 bytes JMP 70dc000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation             0000000077ca1be4 3 bytes JMP 70f1000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4         0000000077ca1be8 2 bytes JMP 70f1000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                   0000000077ca1cb4 3 bytes JMP 7100000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4               0000000077ca1cb8 2 bytes JMP 7100000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl               0000000077ca1d8c 3 bytes JMP 70fd000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4           0000000077ca1d90 2 bytes JMP 70fd000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                       0000000077cc1287 6 bytes JMP 71a8000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\kernel32.dll!CreateProcessW                  0000000075ce103d 6 bytes JMP 719c000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\kernel32.dll!CreateProcessA                  0000000075ce1072 6 bytes JMP 7199000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW            0000000075d0c965 6 bytes JMP 7190000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters  0000000075c5f776 6 bytes JMP 719f000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493          0000000075c62c91 4 bytes CALL 71ac0000
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\GDI32.dll!DeleteDC                           00000000761d58b3 6 bytes JMP 7184000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\GDI32.dll!BitBlt                             00000000761d5ea6 6 bytes JMP 7181000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\GDI32.dll!CreateDCA                          00000000761d7bcc 6 bytes JMP 718d000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\GDI32.dll!StretchBlt                         00000000761db895 6 bytes JMP 7178000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\GDI32.dll!MaskBlt                            00000000761dc332 6 bytes JMP 717e000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\GDI32.dll!GetPixel                           00000000761dcbfb 6 bytes JMP 7187000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\GDI32.dll!CreateDCW                          00000000761de743 6 bytes JMP 718a000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\GDI32.dll!PlgBlt                             0000000076204646 6 bytes JMP 717b000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!SetWindowLongW                    0000000075988332 6 bytes JMP 7163000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!PostThreadMessageW                0000000075988bff 6 bytes JMP 7157000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW             00000000759890d3 6 bytes JMP 7112000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!SendMessageW                      0000000075989679 6 bytes JMP 7151000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW               00000000759897d2 6 bytes JMP 714b000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!SetWinEventHook                   000000007598ee09 6 bytes JMP 7169000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!RegisterHotKey                    000000007598efc9 3 bytes JMP 7118000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4                000000007598efcd 2 bytes JMP 7118000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!PostMessageW                      00000000759912a5 6 bytes JMP 715d000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!GetKeyState                       000000007599291f 6 bytes JMP 7130000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!SetParent                         0000000075992d64 3 bytes JMP 7127000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!SetParent + 4                     0000000075992d68 2 bytes JMP 7127000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!EnableWindow                      0000000075992da4 6 bytes JMP 710f000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!MoveWindow                        0000000075993698 3 bytes JMP 7124000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!MoveWindow + 4                    000000007599369c 2 bytes JMP 7124000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!PostMessageA                      0000000075993baa 6 bytes JMP 7160000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!PostThreadMessageA                0000000075993c61 6 bytes JMP 715a000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!SetWindowLongA                    0000000075996110 6 bytes JMP 7166000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!SendMessageA                      000000007599612e 6 bytes JMP 7154000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA             0000000075996c30 6 bytes JMP 7115000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                 0000000075997603 6 bytes JMP 716c000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW                0000000075997668 6 bytes JMP 713f000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW              00000000759976e0 6 bytes JMP 7145000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA               000000007599781f 6 bytes JMP 714e000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                 000000007599835c 6 bytes JMP 716f000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                000000007599c4b6 3 bytes JMP 7121000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4            000000007599c4ba 2 bytes JMP 7121000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA               00000000759ac112 6 bytes JMP 713c000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW               00000000759ad0f5 6 bytes JMP 7139000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                  00000000759aeb96 6 bytes JMP 712d000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!GetKeyboardState                  00000000759aec68 3 bytes JMP 7133000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4              00000000759aec6c 2 bytes JMP 7133000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!SendInput                         00000000759aff4a 3 bytes JMP 7136000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!SendInput + 4                     00000000759aff4e 2 bytes JMP 7136000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!GetClipboardData                  00000000759c9f1d 6 bytes JMP 711b000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!ExitWindowsEx                     00000000759d1497 6 bytes JMP 710c000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!mouse_event                       00000000759e027b 6 bytes JMP 7172000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!keybd_event                       00000000759e02bf 6 bytes JMP 7175000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA              00000000759e6cfc 6 bytes JMP 7148000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA                00000000759e6d5d 6 bytes JMP 7142000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!BlockInput                        00000000759e7dd7 3 bytes JMP 711e000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!BlockInput + 4                    00000000759e7ddb 2 bytes JMP 711e000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices           00000000759e88eb 3 bytes JMP 712a000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4       00000000759e88ef 2 bytes JMP 712a000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA            0000000075732538 6 bytes JMP 7196000a
.text  C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[4036] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW         00000000757352e9 6 bytes JMP 7193000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                          0000000077c9f9e0 3 bytes JMP 71af000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4                                                      0000000077c9f9e4 2 bytes JMP 71af000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                               0000000077c9fcb0 3 bytes JMP 70fa000a

ivegotnoclue · 02.10.2013, 13:15

GMER - Teil 6

Code:

ATTFilter

.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4                                           0000000077c9fcb4 2 bytes JMP 70fa000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                       0000000077c9fd64 3 bytes JMP 70e5000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                   0000000077c9fd68 2 bytes JMP 70e5000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                    0000000077c9fdc8 3 bytes JMP 70eb000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4                                                0000000077c9fdcc 2 bytes JMP 70eb000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                          0000000077c9fec0 3 bytes JMP 70e2000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4                                      0000000077c9fec4 2 bytes JMP 70e2000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                  0000000077c9ffa4 3 bytes JMP 70ee000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4                                              0000000077c9ffa8 2 bytes JMP 70ee000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                   0000000077ca0004 3 bytes JMP 7106000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4                                               0000000077ca0008 2 bytes JMP 7106000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                0000000077ca0084 3 bytes JMP 7103000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4                                            0000000077ca0088 2 bytes JMP 7103000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                     0000000077ca00b4 3 bytes JMP 70e8000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                 0000000077ca00b8 2 bytes JMP 70e8000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                0000000077ca03b8 3 bytes JMP 70d6000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4                                            0000000077ca03bc 2 bytes JMP 70d6000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                        0000000077ca0550 3 bytes JMP 7109000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4                                    0000000077ca0554 2 bytes JMP 7109000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                    0000000077ca0694 3 bytes JMP 70f7000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4                                                0000000077ca0698 2 bytes JMP 70f7000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                       0000000077ca088c 3 bytes JMP 70df000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4                                   0000000077ca0890 2 bytes JMP 70df000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                 0000000077ca08a4 3 bytes JMP 70d9000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4                                             0000000077ca08a8 2 bytes JMP 70d9000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                     0000000077ca0df4 3 bytes JMP 70f4000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4                                                 0000000077ca0df8 2 bytes JMP 70f4000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                            0000000077ca0ed8 3 bytes JMP 70dc000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4                                        0000000077ca0edc 2 bytes JMP 70dc000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                           0000000077ca1be4 3 bytes JMP 70f1000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4                                       0000000077ca1be8 2 bytes JMP 70f1000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                 0000000077ca1cb4 3 bytes JMP 7100000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4                                             0000000077ca1cb8 2 bytes JMP 7100000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                             0000000077ca1d8c 3 bytes JMP 70fd000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4                                         0000000077ca1d90 2 bytes JMP 70fd000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                     0000000077cc1287 6 bytes JMP 71a8000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                0000000075ce103d 6 bytes JMP 719c000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                0000000075ce1072 6 bytes JMP 7199000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                          0000000075d0c965 6 bytes JMP 7190000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters                                0000000075c5f776 6 bytes JMP 719f000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                        0000000075c62c91 4 bytes CALL 71ac0000
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                          0000000075732538 6 bytes JMP 7196000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                       00000000757352e9 6 bytes JMP 7193000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\GDI32.dll!DeleteDC                                                         00000000761d58b3 6 bytes JMP 7184000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\GDI32.dll!BitBlt                                                           00000000761d5ea6 6 bytes JMP 7181000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\GDI32.dll!CreateDCA                                                        00000000761d7bcc 6 bytes JMP 718d000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\GDI32.dll!StretchBlt                                                       00000000761db895 6 bytes JMP 7178000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\GDI32.dll!MaskBlt                                                          00000000761dc332 6 bytes JMP 717e000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\GDI32.dll!GetPixel                                                         00000000761dcbfb 6 bytes JMP 7187000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\GDI32.dll!CreateDCW                                                        00000000761de743 6 bytes JMP 718a000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\GDI32.dll!PlgBlt                                                           0000000076204646 6 bytes JMP 717b000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!SetWindowLongW                                                  0000000075988332 6 bytes JMP 7163000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!PostThreadMessageW                                              0000000075988bff 6 bytes JMP 7157000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW                                           00000000759890d3 6 bytes JMP 7112000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!SendMessageW                                                    0000000075989679 6 bytes JMP 7151000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW                                             00000000759897d2 6 bytes JMP 714b000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                 000000007598ee09 6 bytes JMP 7169000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!RegisterHotKey                                                  000000007598efc9 3 bytes JMP 7118000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4                                              000000007598efcd 2 bytes JMP 7118000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!PostMessageW                                                    00000000759912a5 6 bytes JMP 715d000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!GetKeyState                                                     000000007599291f 6 bytes JMP 7130000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!SetParent                                                       0000000075992d64 3 bytes JMP 7127000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!SetParent + 4                                                   0000000075992d68 2 bytes JMP 7127000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!EnableWindow                                                    0000000075992da4 6 bytes JMP 710f000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!MoveWindow                                                      0000000075993698 3 bytes JMP 7124000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!MoveWindow + 4                                                  000000007599369c 2 bytes JMP 7124000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!PostMessageA                                                    0000000075993baa 6 bytes JMP 7160000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!PostThreadMessageA                                              0000000075993c61 6 bytes JMP 715a000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!SetWindowLongA                                                  0000000075996110 6 bytes JMP 7166000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!SendMessageA                                                    000000007599612e 6 bytes JMP 7154000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA                                           0000000075996c30 6 bytes JMP 7115000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                               0000000075997603 6 bytes JMP 716c000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW                                              0000000075997668 6 bytes JMP 713f000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW                                            00000000759976e0 6 bytes JMP 7145000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA                                             000000007599781f 6 bytes JMP 714e000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                               000000007599835c 6 bytes JMP 716f000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                                              000000007599c4b6 3 bytes JMP 7121000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4                                          000000007599c4ba 2 bytes JMP 7121000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA                                             00000000759ac112 6 bytes JMP 713c000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW                                             00000000759ad0f5 6 bytes JMP 7139000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                00000000759aeb96 6 bytes JMP 712d000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!GetKeyboardState                                                00000000759aec68 3 bytes JMP 7133000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4                                            00000000759aec6c 2 bytes JMP 7133000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!SendInput                                                       00000000759aff4a 3 bytes JMP 7136000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!SendInput + 4                                                   00000000759aff4e 2 bytes JMP 7136000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                00000000759c9f1d 6 bytes JMP 711b000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!ExitWindowsEx                                                   00000000759d1497 6 bytes JMP 710c000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!mouse_event                                                     00000000759e027b 6 bytes JMP 7172000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!keybd_event                                                     00000000759e02bf 6 bytes JMP 7175000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA                                            00000000759e6cfc 6 bytes JMP 7148000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA                                              00000000759e6d5d 6 bytes JMP 7142000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!BlockInput                                                      00000000759e7dd7 3 bytes JMP 711e000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!BlockInput + 4                                                  00000000759e7ddb 2 bytes JMP 711e000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices                                         00000000759e88eb 3 bytes JMP 712a000a
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3100] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4                                     00000000759e88ef 2 bytes JMP 712a000a
.text  C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                0000000077ac3b10 6 bytes {JMP QWORD [RIP+0x857c520]}
.text  C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                     0000000077af13a0 6 bytes {JMP QWORD [RIP+0x852ec90]}
.text  C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                          0000000077af1570 6 bytes {JMP QWORD [RIP+0x8aeeac0]}
.text  C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                                  0000000077af15e0 6 bytes {JMP QWORD [RIP+0x8bcea50]}
.text  C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                               0000000077af1620 6 bytes {JMP QWORD [RIP+0x8b8ea10]}
.text  C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                                     0000000077af16c0 6 bytes {JMP QWORD [RIP+0x8bee970]}
.text  C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                             0000000077af1750 6 bytes {JMP QWORD [RIP+0x8b6e8e0]}
.text  C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                              0000000077af1790 6 bytes {JMP QWORD [RIP+0x8a6e8a0]}
.text  C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                                           0000000077af17e0 6 bytes {JMP QWORD [RIP+0x8a8e850]}
.text  C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                0000000077af1800 6 bytes {JMP QWORD [RIP+0x8bae830]}
.text  C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                                           0000000077af19f0 6 bytes {JMP QWORD [RIP+0x8c6e640]}
.text  C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                                   0000000077af1b00 6 bytes {JMP QWORD [RIP+0x8a4e530]}
.text  C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                                               0000000077af1bd0 6 bytes {JMP QWORD [RIP+0x8b0e460]}
.text  C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                                  0000000077af1d20 6 bytes {JMP QWORD [RIP+0x8c0e310]}
.text  C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                            0000000077af1d30 6 bytes {JMP QWORD [RIP+0x8c4e300]}
.text  C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                0000000077af20a0 6 bytes {JMP QWORD [RIP+0x8b2df90]}
.text  C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                                       0000000077af2130 6 bytes {JMP QWORD [RIP+0x8c2df00]}
.text  C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                      0000000077af29a0 6 bytes {JMP QWORD [RIP+0x8b4d690]}
.text  C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                                            0000000077af2a20 6 bytes {JMP QWORD [RIP+0x8aad610]}
.text  C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                        0000000077af2aa0 6 bytes {JMP QWORD [RIP+0x8acd590]}
.text  C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                     000000007782a420 6 bytes {JMP QWORD [RIP+0x8875c10]}
.text  C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                           0000000077841b50 6 bytes {JMP QWORD [RIP+0x881e4e0]}
.text  C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                           00000000778b8810 6 bytes {JMP QWORD [RIP+0x87c7820]}
.text  C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                   000007fefe269055 3 bytes [B5, 6F, 0D]
.text  C:\Windows\system32\SearchIndexer.exe[3820] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                           000007fefe2753c0 5 bytes [FF, 25, 70, AC, 11]
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                               0000000077ac3b10 6 bytes {JMP QWORD [RIP+0x857c520]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                    0000000077af13a0 6 bytes {JMP QWORD [RIP+0x852ec90]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                         0000000077af1570 6 bytes {JMP QWORD [RIP+0x8aeeac0]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                                 0000000077af15e0 6 bytes {JMP QWORD [RIP+0x8bcea50]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                              0000000077af1620 6 bytes {JMP QWORD [RIP+0x8b8ea10]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                                    0000000077af16c0 6 bytes {JMP QWORD [RIP+0x8bee970]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                            0000000077af1750 6 bytes {JMP QWORD [RIP+0x8b6e8e0]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                             0000000077af1790 6 bytes {JMP QWORD [RIP+0x8a6e8a0]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                          0000000077af17e0 6 bytes {JMP QWORD [RIP+0x8a8e850]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                               0000000077af1800 6 bytes {JMP QWORD [RIP+0x8bae830]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                          0000000077af19f0 6 bytes {JMP QWORD [RIP+0x8c6e640]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                                  0000000077af1b00 6 bytes {JMP QWORD [RIP+0x8a4e530]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                              0000000077af1bd0 6 bytes {JMP QWORD [RIP+0x8b0e460]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                                 0000000077af1d20 6 bytes {JMP QWORD [RIP+0x8c0e310]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                           0000000077af1d30 6 bytes {JMP QWORD [RIP+0x8c4e300]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                               0000000077af20a0 6 bytes {JMP QWORD [RIP+0x8b2df90]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                      0000000077af2130 6 bytes {JMP QWORD [RIP+0x8c2df00]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                     0000000077af29a0 6 bytes {JMP QWORD [RIP+0x8b4d690]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                           0000000077af2a20 6 bytes {JMP QWORD [RIP+0x8aad610]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                       0000000077af2aa0 6 bytes {JMP QWORD [RIP+0x8acd590]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                    000000007782a420 6 bytes {JMP QWORD [RIP+0x8875c10]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\Windows\system32\kernel32.dll!CreateProcessW                                                          0000000077841b50 6 bytes {JMP QWORD [RIP+0x881e4e0]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\Windows\system32\kernel32.dll!CreateProcessA                                                          00000000778b8810 6 bytes {JMP QWORD [RIP+0x87c7820]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                  000007fefe269055 3 bytes [B5, 6F, 0D]
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                          000007fefe2753c0 5 bytes [FF, 25, 70, AC, 11]
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\Windows\system32\GDI32.dll!DeleteDC                                                                   000007fefe2d22cc 6 bytes {JMP QWORD [RIP+0x13dd64]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\Windows\system32\GDI32.dll!BitBlt                                                                     000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x15db70]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\Windows\system32\GDI32.dll!MaskBlt                                                                    000007fefe2d5be0 6 bytes JMP 0
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\Windows\system32\GDI32.dll!CreateDCW                                                                  000007fefe2d8398 6 bytes {JMP QWORD [RIP+0xf7c98]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\Windows\system32\GDI32.dll!CreateDCA                                                                  000007fefe2d89c8 6 bytes {JMP QWORD [RIP+0xd7668]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\Windows\system32\GDI32.dll!GetPixel                                                                   000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x116cec]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\Windows\system32\GDI32.dll!StretchBlt                                                                 000007fefe2db9e8 6 bytes {JMP QWORD [RIP+0x324648]}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3956] C:\Windows\system32\GDI32.dll!PlgBlt                                                                     000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x2fac20]}
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                          0000000077c9f9e0 3 bytes JMP 71af000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4                                                                                      0000000077c9f9e4 2 bytes JMP 71af000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                               0000000077c9fcb0 3 bytes JMP 70fa000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4                                                                           0000000077c9fcb4 2 bytes JMP 70fa000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                                       0000000077c9fd64 3 bytes JMP 70e5000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                                                   0000000077c9fd68 2 bytes JMP 70e5000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                    0000000077c9fdc8 3 bytes JMP 70eb000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4                                                                                0000000077c9fdcc 2 bytes JMP 70eb000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                                                          0000000077c9fec0 3 bytes JMP 70e2000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4                                                                      0000000077c9fec4 2 bytes JMP 70e2000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                  0000000077c9ffa4 3 bytes JMP 70ee000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4                                                                              0000000077c9ffa8 2 bytes JMP 70ee000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                   0000000077ca0004 3 bytes JMP 7106000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4                                                                               0000000077ca0008 2 bytes JMP 7106000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                                0000000077ca0084 3 bytes JMP 7103000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4                                                                            0000000077ca0088 2 bytes JMP 7103000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                     0000000077ca00b4 3 bytes JMP 70e8000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                                                 0000000077ca00b8 2 bytes JMP 70e8000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                                                0000000077ca03b8 3 bytes JMP 70d6000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4                                                                            0000000077ca03bc 2 bytes JMP 70d6000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                                                        0000000077ca0550 3 bytes JMP 7109000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4                                                                    0000000077ca0554 2 bytes JMP 7109000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                                                    0000000077ca0694 3 bytes JMP 70f7000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4                                                                                0000000077ca0698 2 bytes JMP 70f7000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                       0000000077ca088c 3 bytes JMP 70df000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4                                                                   0000000077ca0890 2 bytes JMP 70df000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                 0000000077ca08a4 3 bytes JMP 70d9000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4                                                                             0000000077ca08a8 2 bytes JMP 70d9000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                     0000000077ca0df4 3 bytes JMP 70f4000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4                                                                                 0000000077ca0df8 2 bytes JMP 70f4000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                                                            0000000077ca0ed8 3 bytes JMP 70dc000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4                                                                        0000000077ca0edc 2 bytes JMP 70dc000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                           0000000077ca1be4 3 bytes JMP 70f1000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4                                                                       0000000077ca1be8 2 bytes JMP 70f1000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                                                 0000000077ca1cb4 3 bytes JMP 7100000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4                                                                             0000000077ca1cb8 2 bytes JMP 7100000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                             0000000077ca1d8c 3 bytes JMP 70fd000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4                                                                         0000000077ca1d90 2 bytes JMP 70fd000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                                     0000000077cc1287 6 bytes JMP 71a8000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                0000000075ce103d 6 bytes JMP 719c000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                0000000075ce1072 6 bytes JMP 7199000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                          0000000075d0c965 6 bytes JMP 7190000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters                                                                0000000075c5f776 6 bytes JMP 719f000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                                        0000000075c62c91 4 bytes CALL 71ac0000
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!SetWindowLongW                                                                                  0000000075988332 6 bytes JMP 7163000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!PostThreadMessageW                                                                              0000000075988bff 6 bytes JMP 7157000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW                                                                           00000000759890d3 6 bytes JMP 7112000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!SendMessageW                                                                                    0000000075989679 6 bytes JMP 7151000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW                                                                             00000000759897d2 6 bytes JMP 714b000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                                                 000000007598ee09 6 bytes JMP 7169000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!RegisterHotKey                                                                                  000000007598efc9 3 bytes JMP 7118000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4                                                                              000000007598efcd 2 bytes JMP 7118000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                                    00000000759912a5 6 bytes JMP 715d000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!GetKeyState                                                                                     000000007599291f 6 bytes JMP 7130000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!SetParent                                                                                       0000000075992d64 3 bytes JMP 7127000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!SetParent + 4                                                                                   0000000075992d68 2 bytes JMP 7127000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!EnableWindow                                                                                    0000000075992da4 6 bytes JMP 710f000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!MoveWindow                                                                                      0000000075993698 3 bytes JMP 7124000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!MoveWindow + 4                                                                                  000000007599369c 2 bytes JMP 7124000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                                    0000000075993baa 6 bytes JMP 7160000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!PostThreadMessageA                                                                              0000000075993c61 6 bytes JMP 715a000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!SetWindowLongA                                                                                  0000000075996110 6 bytes JMP 7166000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!SendMessageA                                                                                    000000007599612e 6 bytes JMP 7154000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA                                                                           0000000075996c30 6 bytes JMP 7115000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                               0000000075997603 6 bytes JMP 716c000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW                                                                              0000000075997668 6 bytes JMP 713f000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW                                                                            00000000759976e0 6 bytes JMP 7145000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA                                                                             000000007599781f 6 bytes JMP 714e000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                                               000000007599835c 6 bytes JMP 716f000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                                                                              000000007599c4b6 3 bytes JMP 7121000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4                                                                          000000007599c4ba 2 bytes JMP 7121000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA                                                                             00000000759ac112 6 bytes JMP 713c000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW                                                                             00000000759ad0f5 6 bytes JMP 7139000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                                                00000000759aeb96 6 bytes JMP 712d000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!GetKeyboardState                                                                                00000000759aec68 3 bytes JMP 7133000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4                                                                            00000000759aec6c 2 bytes JMP 7133000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!SendInput                                                                                       00000000759aff4a 3 bytes JMP 7136000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!SendInput + 4                                                                                   00000000759aff4e 2 bytes JMP 7136000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                                                00000000759c9f1d 6 bytes JMP 711b000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!ExitWindowsEx                                                                                   00000000759d1497 6 bytes JMP 710c000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!mouse_event                                                                                     00000000759e027b 6 bytes JMP 7172000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!keybd_event                                                                                     00000000759e02bf 6 bytes JMP 7175000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA                                                                            00000000759e6cfc 6 bytes JMP 7148000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA                                                                              00000000759e6d5d 6 bytes JMP 7142000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!BlockInput                                                                                      00000000759e7dd7 3 bytes JMP 711e000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!BlockInput + 4                                                                                  00000000759e7ddb 2 bytes JMP 711e000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices                                                                         00000000759e88eb 3 bytes JMP 712a000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4                                                                     00000000759e88ef 2 bytes JMP 712a000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\GDI32.dll!DeleteDC                                                                                         00000000761d58b3 6 bytes JMP 7184000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\GDI32.dll!BitBlt                                                                                           00000000761d5ea6 6 bytes JMP 7181000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\GDI32.dll!CreateDCA                                                                                        00000000761d7bcc 6 bytes JMP 718d000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\GDI32.dll!StretchBlt                                                                                       00000000761db895 6 bytes JMP 7178000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\GDI32.dll!MaskBlt                                                                                          00000000761dc332 6 bytes JMP 717e000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\GDI32.dll!GetPixel                                                                                         00000000761dcbfb 6 bytes JMP 7187000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\GDI32.dll!CreateDCW                                                                                        00000000761de743 6 bytes JMP 718a000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\GDI32.dll!PlgBlt                                                                                           0000000076204646 6 bytes JMP 717b000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                                          0000000075732538 6 bytes JMP 7196000a
.text  C:\Users\#0\Desktop\zcf3iz5b.exe[1972] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                                       00000000757352e9 6 bytes JMP 7193000a
.text  C:\Windows\system32\svchost.exe[2464] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                         000007fefe269055 3 bytes [B5, 6F, 0D]
.text  C:\Windows\system32\svchost.exe[2464] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                 000007fefe2753c0 5 bytes [FF, 25, 70, AC, 11]
.text  C:\Windows\system32\svchost.exe[2464] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                          000007fefe2d22cc 6 bytes {JMP QWORD [RIP+0x13dd64]}
.text  C:\Windows\system32\svchost.exe[2464] C:\Windows\system32\GDI32.dll!BitBlt                                                                                            000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x15db70]}
.text  C:\Windows\system32\svchost.exe[2464] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                           000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x17a450]}
.text  C:\Windows\system32\svchost.exe[2464] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                         000007fefe2d8398 6 bytes {JMP QWORD [RIP+0xf7c98]}
.text  C:\Windows\system32\svchost.exe[2464] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                         000007fefe2d89c8 6 bytes {JMP QWORD [RIP+0xd7668]}
.text  C:\Windows\system32\svchost.exe[2464] C:\Windows\system32\GDI32.dll!GetPixel                                                                                          000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x116cec]}
.text  C:\Windows\system32\svchost.exe[2464] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                        000007fefe2db9e8 6 bytes JMP 0
.text  C:\Windows\system32\svchost.exe[2464] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                            000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x2fac20]}
.text  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll                                                         0000000077ac3b10 6 bytes {JMP QWORD [RIP+0x857c520]}
.text  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                              0000000077af13a0 6 bytes {JMP QWORD [RIP+0x852ec90]}
.text  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                   0000000077af1570 6 bytes {JMP QWORD [RIP+0x8aeeac0]}
.text  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile                                                           0000000077af15e0 6 bytes {JMP QWORD [RIP+0x8bcea50]}
.text  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                        0000000077af1620 6 bytes {JMP QWORD [RIP+0x8b8ea10]}
.text  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken                                              0000000077af16c0 6 bytes {JMP QWORD [RIP+0x8bee970]}
.text  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                      0000000077af1750 6 bytes {JMP QWORD [RIP+0x8b6e8e0]}
.text  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                       0000000077af1790 6 bytes {JMP QWORD [RIP+0x8a6e8a0]}
.text  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                    0000000077af17e0 6 bytes {JMP QWORD [RIP+0x8a8e850]}
.text  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                         0000000077af1800 6 bytes {JMP QWORD [RIP+0x8bae830]}
.text  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort                                                    0000000077af19f0 6 bytes {JMP QWORD [RIP+0x8c6e640]}
.text  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                            0000000077af1b00 6 bytes {JMP QWORD [RIP+0x8a4e530]}
.text  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort                                                        0000000077af1bd0 6 bytes {JMP QWORD [RIP+0x8b0e460]}
.text  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject                                           0000000077af1d20 6 bytes {JMP QWORD [RIP+0x8c0e310]}
.text  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                     0000000077af1d30 6 bytes {JMP QWORD [RIP+0x8c4e300]}
.text  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                         0000000077af20a0 6 bytes {JMP QWORD [RIP+0x8b2df90]}
.text  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject                                                0000000077af2130 6 bytes {JMP QWORD [RIP+0x8c2df00]}
.text  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                               0000000077af29a0 6 bytes {JMP QWORD [RIP+0x8b4d690]}
.text  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                     0000000077af2a20 6 bytes {JMP QWORD [RIP+0x8aad610]}
.text  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                 0000000077af2aa0 6 bytes {JMP QWORD [RIP+0x8acd590]}
.text  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3092] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                              000000007782a420 6 bytes {JMP QWORD [RIP+0x8875c10]}
.text  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3092] C:\Windows\system32\kernel32.dll!CreateProcessW                                                    0000000077841b50 6 bytes {JMP QWORD [RIP+0x881e4e0]}
.text  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3092] C:\Windows\system32\kernel32.dll!CreateProcessA                                                    00000000778b8810 6 bytes {JMP QWORD [RIP+0x87c7820]}
.text  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3092] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                            000007fefe269055 3 bytes [B5, 6F, 0D]
.text  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3092] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                    000007fefe2753c0 5 bytes [FF, 25, 70, AC, 11]
.text  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3092] C:\Windows\system32\GDI32.dll!DeleteDC                                                             000007fefe2d22cc 6 bytes {JMP QWORD [RIP+0x13dd64]}
.text  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3092] C:\Windows\system32\GDI32.dll!BitBlt                                                               000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x15db70]}
.text  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3092] C:\Windows\system32\GDI32.dll!MaskBlt                                                              000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x17a450]}
.text  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3092] C:\Windows\system32\GDI32.dll!CreateDCW                                                            000007fefe2d8398 6 bytes {JMP QWORD [RIP+0xf7c98]}
.text  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3092] C:\Windows\system32\GDI32.dll!CreateDCA                                                            000007fefe2d89c8 6 bytes {JMP QWORD [RIP+0xd7668]}
.text  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3092] C:\Windows\system32\GDI32.dll!GetPixel                                                             000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x116cec]}
.text  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3092] C:\Windows\system32\GDI32.dll!StretchBlt                                                           000007fefe2db9e8 6 bytes {JMP QWORD [RIP+0x324648]}
.text  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3092] C:\Windows\system32\GDI32.dll!PlgBlt                                                               000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x2fac20]}
.text  C:\Windows\system32\sppsvc.exe[4024] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                          000007fefe269055 3 bytes [B5, 6F, 0D]
.text  C:\Windows\system32\sppsvc.exe[4024] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                  000007fefe2753c0 5 bytes [FF, 25, 70, AC, 11]
.text  C:\Windows\system32\sppsvc.exe[4024] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                           000007fefe2d22cc 6 bytes {JMP QWORD [RIP+0x13dd64]}
.text  C:\Windows\system32\sppsvc.exe[4024] C:\Windows\system32\GDI32.dll!BitBlt                                                                                             000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x15db70]}
.text  C:\Windows\system32\sppsvc.exe[4024] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                            000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x17a450]}
.text  C:\Windows\system32\sppsvc.exe[4024] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                          000007fefe2d8398 6 bytes {JMP QWORD [RIP+0xf7c98]}
.text  C:\Windows\system32\sppsvc.exe[4024] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                          000007fefe2d89c8 6 bytes {JMP QWORD [RIP+0xd7668]}
.text  C:\Windows\system32\sppsvc.exe[4024] C:\Windows\system32\GDI32.dll!GetPixel                                                                                           000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x116cec]}
.text  C:\Windows\system32\sppsvc.exe[4024] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                         000007fefe2db9e8 6 bytes JMP 0
.text  C:\Windows\system32\sppsvc.exe[4024] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                             000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x2fac20]}
.text  C:\Windows\System32\svchost.exe[2540] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                           000000007782a420 6 bytes {JMP QWORD [RIP+0x8875c10]}
.text  C:\Windows\System32\svchost.exe[2540] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                 0000000077841b50 6 bytes {JMP QWORD [RIP+0x881e4e0]}
.text  C:\Windows\System32\svchost.exe[2540] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                 00000000778b8810 6 bytes {JMP QWORD [RIP+0x87c7820]}
.text  C:\Windows\System32\svchost.exe[2540] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                         000007fefe269055 3 bytes [B5, 6F, 0D]
.text  C:\Windows\System32\svchost.exe[2540] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                 000007fefe2753c0 5 bytes [FF, 25, 70, AC, 11]
.text  C:\Windows\System32\svchost.exe[2540] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                          000007fefe2d22cc 6 bytes JMP 0
.text  C:\Windows\System32\svchost.exe[2540] C:\Windows\system32\GDI32.dll!BitBlt                                                                                            000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x15db70]}
.text  C:\Windows\System32\svchost.exe[2540] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                           000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x17a450]}
.text  C:\Windows\System32\svchost.exe[2540] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                         000007fefe2d8398 6 bytes {JMP QWORD [RIP+0xf7c98]}
.text  C:\Windows\System32\svchost.exe[2540] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                         000007fefe2d89c8 6 bytes {JMP QWORD [RIP+0xd7668]}
.text  C:\Windows\System32\svchost.exe[2540] C:\Windows\system32\GDI32.dll!GetPixel                                                                                          000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x116cec]}
.text  C:\Windows\System32\svchost.exe[2540] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                        000007fefe2db9e8 6 bytes {JMP QWORD [RIP+0x324648]}
.text  C:\Windows\System32\svchost.exe[2540] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                            000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x2fac20]}
.text  C:\Windows\System32\svchost.exe[2540] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA                                                                           000007feffb2a1a0 6 bytes {JMP QWORD [RIP+0xf5e90]}
.text  C:\Windows\System32\svchost.exe[2540] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                                        000007feffb4fa50 6 bytes JMP 0
.text  C:\Windows\system32\WUDFHost.exe[5100] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                        000007fefe269055 3 bytes [B5, 6F, 0D]
.text  C:\Windows\system32\WUDFHost.exe[5100] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                                000007fefe2753c0 5 bytes [FF, 25, 70, AC, 11]
.text  C:\Windows\system32\WUDFHost.exe[5100] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                         000007fefe2d22cc 6 bytes {JMP QWORD [RIP+0x13dd64]}
.text  C:\Windows\system32\WUDFHost.exe[5100] C:\Windows\system32\GDI32.dll!BitBlt                                                                                           000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x15db70]}
.text  C:\Windows\system32\WUDFHost.exe[5100] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                          000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x17a450]}
.text  C:\Windows\system32\WUDFHost.exe[5100] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                        000007fefe2d8398 6 bytes {JMP QWORD [RIP+0xf7c98]}
.text  C:\Windows\system32\WUDFHost.exe[5100] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                        000007fefe2d89c8 6 bytes {JMP QWORD [RIP+0xd7668]}
.text  C:\Windows\system32\WUDFHost.exe[5100] C:\Windows\system32\GDI32.dll!GetPixel                                                                                         000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x116cec]}
.text  C:\Windows\system32\WUDFHost.exe[5100] C:\Windows\system32\GDI32.dll!StretchBlt                                                                                       000007fefe2db9e8 6 bytes {JMP QWORD [RIP+0x824648]}
.text  C:\Windows\system32\WUDFHost.exe[5100] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                           000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x7fac20]}
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                        0000000077c9f9e0 3 bytes JMP 71af000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4                                                                    0000000077c9f9e4 2 bytes JMP 71af000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                             0000000077c9fcb0 3 bytes JMP 70fa000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4                                                         0000000077c9fcb4 2 bytes JMP 70fa000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                                     0000000077c9fd64 3 bytes JMP 70e5000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4                                                                 0000000077c9fd68 2 bytes JMP 70e5000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                  0000000077c9fdc8 3 bytes JMP 70eb000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4                                                              0000000077c9fdcc 2 bytes JMP 70eb000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken                                                        0000000077c9fec0 3 bytes JMP 70e2000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4                                                    0000000077c9fec4 2 bytes JMP 70e2000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                0000000077c9ffa4 3 bytes JMP 70ee000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4                                                            0000000077c9ffa8 2 bytes JMP 70ee000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                 0000000077ca0004 3 bytes JMP 7106000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4                                                             0000000077ca0008 2 bytes JMP 7106000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                              0000000077ca0084 3 bytes JMP 7103000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4                                                          0000000077ca0088 2 bytes JMP 7103000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                   0000000077ca00b4 3 bytes JMP 70e8000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4                                                               0000000077ca00b8 2 bytes JMP 70e8000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort                                                              0000000077ca03b8 3 bytes JMP 70d6000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4                                                          0000000077ca03bc 2 bytes JMP 70d6000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort                                                      0000000077ca0550 3 bytes JMP 7109000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4                                                  0000000077ca0554 2 bytes JMP 7109000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort                                                                  0000000077ca0694 3 bytes JMP 70f7000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4                                                              0000000077ca0698 2 bytes JMP 70f7000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                     0000000077ca088c 3 bytes JMP 70df000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4                                                 0000000077ca0890 2 bytes JMP 70df000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                               0000000077ca08a4 3 bytes JMP 70d9000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4                                                           0000000077ca08a8 2 bytes JMP 70d9000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                   0000000077ca0df4 3 bytes JMP 70f4000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4                                                               0000000077ca0df8 2 bytes JMP 70f4000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject                                                          0000000077ca0ed8 3 bytes JMP 70dc000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4                                                      0000000077ca0edc 2 bytes JMP 70dc000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                         0000000077ca1be4 3 bytes JMP 70f1000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4                                                     0000000077ca1be8 2 bytes JMP 70f1000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem                                                               0000000077ca1cb4 3 bytes JMP 7100000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4                                                           0000000077ca1cb8 2 bytes JMP 7100000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                           0000000077ca1d8c 3 bytes JMP 70fd000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4                                                       0000000077ca1d90 2 bytes JMP 70fd000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                   0000000077cc1287 6 bytes JMP 71a8000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                              0000000075ce103d 6 bytes JMP 719c000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                              0000000075ce1072 6 bytes JMP 7199000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                        0000000075d0c965 6 bytes JMP 7190000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters                                              0000000075c5f776 6 bytes JMP 719f000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                      0000000075c62c91 4 bytes CALL 71ac0000
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!SetWindowLongW                                                                0000000075988332 6 bytes JMP 7163000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!PostThreadMessageW                                                            0000000075988bff 6 bytes JMP 7157000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW                                                         00000000759890d3 6 bytes JMP 7112000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!SendMessageW                                                                  0000000075989679 6 bytes JMP 7151000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW                                                           00000000759897d2 6 bytes JMP 714b000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!SetWinEventHook                                                               000000007598ee09 6 bytes JMP 7169000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!RegisterHotKey                                                                000000007598efc9 3 bytes JMP 7118000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4                                                            000000007598efcd 2 bytes JMP 7118000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!PostMessageW                                                                  00000000759912a5 6 bytes JMP 715d000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!GetKeyState                                                                   000000007599291f 6 bytes JMP 7130000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!SetParent                                                                     0000000075992d64 3 bytes JMP 7127000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!SetParent + 4                                                                 0000000075992d68 2 bytes JMP 7127000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!EnableWindow                                                                  0000000075992da4 6 bytes JMP 710f000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!MoveWindow                                                                    0000000075993698 3 bytes JMP 7124000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!MoveWindow + 4                                                                000000007599369c 2 bytes JMP 7124000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!PostMessageA                                                                  0000000075993baa 6 bytes JMP 7160000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!PostThreadMessageA                                                            0000000075993c61 6 bytes JMP 715a000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!SetWindowLongA                                                                0000000075996110 6 bytes JMP 7166000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!SendMessageA                                                                  000000007599612e 6 bytes JMP 7154000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA                                                         0000000075996c30 6 bytes JMP 7115000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                             0000000075997603 6 bytes JMP 716c000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW                                                            0000000075997668 6 bytes JMP 713f000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW                                                          00000000759976e0 6 bytes JMP 7145000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA                                                           000000007599781f 6 bytes JMP 714e000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA                                                             000000007599835c 6 bytes JMP 716f000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!SetClipboardViewer                                                            000000007599c4b6 3 bytes JMP 7121000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4                                                        000000007599c4ba 2 bytes JMP 7121000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA                                                           00000000759ac112 6 bytes JMP 713c000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW                                                           00000000759ad0f5 6 bytes JMP 7139000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                              00000000759aeb96 6 bytes JMP 712d000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!GetKeyboardState                                                              00000000759aec68 3 bytes JMP 7133000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4                                                          00000000759aec6c 2 bytes JMP 7133000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!SendInput                                                                     00000000759aff4a 3 bytes JMP 7136000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!SendInput + 4                                                                 00000000759aff4e 2 bytes JMP 7136000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!GetClipboardData                                                              00000000759c9f1d 6 bytes JMP 711b000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!ExitWindowsEx                                                                 00000000759d1497 6 bytes JMP 710c000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!mouse_event                                                                   00000000759e027b 6 bytes JMP 7172000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!keybd_event                                                                   00000000759e02bf 6 bytes JMP 7175000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA                                                          00000000759e6cfc 6 bytes JMP 7148000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA                                                            00000000759e6d5d 6 bytes JMP 7142000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!BlockInput                                                                    00000000759e7dd7 3 bytes JMP 711e000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!BlockInput + 4                                                                00000000759e7ddb 2 bytes JMP 711e000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices                                                       00000000759e88eb 3 bytes JMP 712a000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4                                                   00000000759e88ef 2 bytes JMP 712a000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\GDI32.dll!DeleteDC                                                                       00000000761d58b3 6 bytes JMP 7184000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\GDI32.dll!BitBlt                                                                         00000000761d5ea6 6 bytes JMP 7181000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\GDI32.dll!CreateDCA                                                                      00000000761d7bcc 6 bytes JMP 718d000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\GDI32.dll!StretchBlt                                                                     00000000761db895 6 bytes JMP 7178000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\GDI32.dll!MaskBlt                                                                        00000000761dc332 6 bytes JMP 717e000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\GDI32.dll!GetPixel                                                                       00000000761dcbfb 6 bytes JMP 7187000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\GDI32.dll!CreateDCW                                                                      00000000761de743 6 bytes JMP 718a000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\GDI32.dll!PlgBlt                                                                         0000000076204646 6 bytes JMP 717b000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                                        0000000075732538 6 bytes JMP 7196000a
.text  C:\Users\#0\AppData\Roaming\Mobile Partner\ouc.exe[4432] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                     00000000757352e9 6 bytes JMP 7193000a
.text  C:\Windows\servicing\TrustedInstaller.exe[3116] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                               000007fefe269055 3 bytes [B5, 6F, 0D]
.text  C:\Windows\servicing\TrustedInstaller.exe[3116] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                       000007fefe2753c0 5 bytes [FF, 25, 70, AC, 11]
.text  C:\Windows\servicing\TrustedInstaller.exe[3116] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                000007fefe2d22cc 6 bytes {JMP QWORD [RIP+0x13dd64]}
.text  C:\Windows\servicing\TrustedInstaller.exe[3116] C:\Windows\system32\GDI32.dll!BitBlt                                                                                  000007fefe2d24c0 6 bytes {JMP QWORD [RIP+0x15db70]}
.text  C:\Windows\servicing\TrustedInstaller.exe[3116] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                 000007fefe2d5be0 6 bytes {JMP QWORD [RIP+0x17a450]}
.text  C:\Windows\servicing\TrustedInstaller.exe[3116] C:\Windows\system32\GDI32.dll!CreateDCW                                                                               000007fefe2d8398 6 bytes {JMP QWORD [RIP+0xf7c98]}
.text  C:\Windows\servicing\TrustedInstaller.exe[3116] C:\Windows\system32\GDI32.dll!CreateDCA                                                                               000007fefe2d89c8 6 bytes {JMP QWORD [RIP+0xd7668]}
.text  C:\Windows\servicing\TrustedInstaller.exe[3116] C:\Windows\system32\GDI32.dll!GetPixel                                                                                000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x116cec]}
.text  C:\Windows\servicing\TrustedInstaller.exe[3116] C:\Windows\system32\GDI32.dll!StretchBlt                                                                              000007fefe2db9e8 6 bytes {JMP QWORD [RIP+0x324648]}
.text  C:\Windows\servicing\TrustedInstaller.exe[3116] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                  000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x2fac20]}
.text  \\?\C:\Windows\system32\wbem\WMIADAP.EXE[4460] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                000007fefe269055 3 bytes CALL 61004300
.text  \\?\C:\Windows\system32\wbem\WMIADAP.EXE[4460] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters                                                        000007fefe2753c0 5 bytes [FF, 25, 70, AC, 16]
.text  \\?\C:\Windows\system32\wbem\WMIADAP.EXE[4460] C:\Windows\system32\GDI32.dll!DeleteDC                                                                                 000007fefe2d22cc 6 bytes {JMP QWORD [RIP+0x18dd64]}
.text  \\?\C:\Windows\system32\wbem\WMIADAP.EXE[4460] C:\Windows\system32\GDI32.dll!BitBlt                                                                                   000007fefe2d24c0 6 bytes JMP 0
.text  \\?\C:\Windows\system32\wbem\WMIADAP.EXE[4460] C:\Windows\system32\GDI32.dll!MaskBlt                                                                                  000007fefe2d5be0 6 bytes JMP 0
.text  \\?\C:\Windows\system32\wbem\WMIADAP.EXE[4460] C:\Windows\system32\GDI32.dll!CreateDCW                                                                                000007fefe2d8398 6 bytes {JMP QWORD [RIP+0x147c98]}
.text  \\?\C:\Windows\system32\wbem\WMIADAP.EXE[4460] C:\Windows\system32\GDI32.dll!CreateDCA                                                                                000007fefe2d89c8 6 bytes JMP 720065
.text  \\?\C:\Windows\system32\wbem\WMIADAP.EXE[4460] C:\Windows\system32\GDI32.dll!GetPixel                                                                                 000007fefe2d9344 6 bytes {JMP QWORD [RIP+0x166cec]}
.text  \\?\C:\Windows\system32\wbem\WMIADAP.EXE[4460] C:\Windows\system32\GDI32.dll!StretchBlt                                                                               000007fefe2db9e8 6 bytes {JMP QWORD [RIP+0x374648]}
.text  \\?\C:\Windows\system32\wbem\WMIADAP.EXE[4460] C:\Windows\system32\GDI32.dll!PlgBlt                                                                                   000007fefe2e5410 6 bytes {JMP QWORD [RIP+0x34ac20]}

---- EOF - GMER 2.1 ----

Win 7; anti virus programme schalten sich ab; internet verbindung spinnt

Log-Analyse und Auswertung: Win 7; anti virus programme schalten sich ab; internet verbindung spinnt