| |
| |||||||
Log-Analyse und Auswertung: Windows 7 Bootmanager verändert, Prozessorkerne werden abgezweigt, Rootkit, Bootmanagertool?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.01.2014, 13:48
| #1 |
 |  Windows 7 Bootmanager verändert, Prozessorkerne werden abgezweigt, Rootkit, Bootmanagertool? Hallo Freunde, ich hatte gestern das Problem, das mein 4 Kern Prozessor nur mit 2 Kernen lief. Daraufhin habe ich einiges ausprobiert um den Fehler zu lokalisieren. Mein 1. Verdacht war, das ich ihn mir beim Übertakten zerschossen habe. Im abgesicherten Modus konnte ich alle 4 Kerne sehen, der Gerätemanager zeigt mir auch 4 reibungslos laufende Kerne an. Ich habe aber festgestellt, das in meiner Registry und an anderen stellen gravierende Änderungen vorgenommen worden sind. Ich habe mein ganzes Laihenwissen angewendet. Scans mit Rootkittools, Malwarebytes und allem anderen funktionieren nicht beziehungsweise zeigen keinerlei Resultate. FRST64 gibt mir auch kurz nach dem Start eine Fehlermeldung raus und wird beendet. Ich bin echt verzweifelt. Könnt ihr mir, mal wieder, helfen? LG B3AM3R |
|
11.01.2014, 15:11
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7 Bootmanager verändert, Prozessorkerne werden abgezweigt, Rootkit, Bootmanagertool? Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
11.01.2014, 17:23
| #3 |
| | Windows 7 Bootmanager verändert, Prozessorkerne werden abgezweigt, Rootkit, Bootmanagertool? Hallo Schrauber, es ist natürlich nicht mein Ziel, Dir die Arbeit zu erschweren. Entschuldige. Hier nochmal richtig:
__________________Code:
ATTFilter OTL Extras logfile created on: 11.01.2014 01:23:57 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Raubtier\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 6,26 Gb Available Physical Memory | 78,39% Memory free
15,96 Gb Paging File | 13,93 Gb Available in Paging File | 87,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,48 Gb Total Space | 91,49 Gb Free Space | 62,46% Space Free | Partition Type: NTFS
Drive D: | 488,28 Gb Total Space | 263,52 Gb Free Space | 53,97% Space Free | Partition Type: NTFS
Drive E: | 443,10 Gb Total Space | 289,63 Gb Free Space | 65,36% Space Free | Partition Type: NTFS
Drive G: | 341,80 Gb Total Space | 164,28 Gb Free Space | 48,06% Space Free | Partition Type: NTFS
Drive H: | 443,23 Gb Total Space | 43,33 Gb Free Space | 9,78% Space Free | Partition Type: NTFS
Computer Name: RAUBTIER-PC | User Name: Raubtier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-199586521-2663480010-3892174971-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12F00C8C-082D-4996-BEDA-EE8D7C235D86}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{17C35AFD-586C-4BF2-8047-982E66C9852B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1980AF02-AD78-434F-BB65-34561D807A4D}" = rport=139 | protocol=6 | dir=out | app=system |
"{2D7C8FDD-E4C4-4380-A4C1-B264035C8C92}" = lport=137 | protocol=17 | dir=in | app=system |
"{351E2128-21F1-4AC1-975A-DA509E97B44D}" = rport=137 | protocol=17 | dir=out | app=system |
"{369D9D66-5A6C-42ED-A871-375E52CB6727}" = rport=138 | protocol=17 | dir=out | app=system |
"{4E7C99EE-EB83-4C56-9C7C-A36BA1AB1B0B}" = lport=445 | protocol=6 | dir=in | app=system |
"{57A5D731-16EE-4114-AAEE-6B875BDA6CC8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8E436780-53D2-474E-854D-C8F87CAF46AB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9674B0AE-3E51-4372-A379-11235DFABF08}" = rport=445 | protocol=6 | dir=out | app=system |
"{B3A69312-6355-4001-8A48-0B6F798A806D}" = lport=138 | protocol=17 | dir=in | app=system |
"{E2601526-EC9E-4177-99C3-117165E314D8}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D1DA6CB-9AD8-4749-9204-6BBB181DCEFB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2910EAA1-A18D-4B08-B79A-08ADAC3CE47D}" = protocol=6 | dir=in | app=e:\origin games\battlefield 4\bf4_x86.exe |
"{46766C2C-DFCF-4E40-8A93-D59246795D1A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5986A102-4EED-4CFA-B986-B530686BA442}" = protocol=6 | dir=in | app=e:\steam games\steamapps\common\nmrih\sdk\bin\hammer.bat |
"{60A16F41-BE72-40E4-A155-9B9C0A6AAF23}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{66D82D21-D66F-4EEA-8BB8-A02A588A675B}" = protocol=17 | dir=in | app=e:\origin games\battlefield 4\bf4.exe |
"{6FCD2361-7279-4DC0-8B9D-707267CDDA5B}" = protocol=17 | dir=in | app=e:\steam games\steamapps\common\nmrih\sdk\hl2.exe |
"{799111C2-644B-464A-A5C1-1CF838B15CA7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7C959157-89EA-4A6A-A2E8-EE4AD45A6608}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{8CB75ECC-7D24-412A-8214-79965279A9E0}" = protocol=17 | dir=in | app=e:\steam games\steamapps\common\nmrih\sdk\bin\hammer.bat |
"{8E0A014F-C432-454B-9224-49EDAA83262C}" = protocol=6 | dir=in | app=e:\steam games\steamapps\common\nmrih\sdk\hl2.exe |
"{9742D0D5-7D07-44E9-B39E-168DB88FB1D3}" = protocol=6 | dir=in | app=c:\program files\messenger\yahoomessenger.exe |
"{99CE370D-851C-40D1-836E-20D3DB2248AE}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{99E9532F-4674-4557-B153-D7504B2DE547}" = protocol=17 | dir=in | app=e:\gamesgecrackt\nba2k14\nba2k14.exe |
"{A4485D88-0F2C-4675-9E21-734B59830199}" = protocol=17 | dir=in | app=c:\program files\messenger\yahoomessenger.exe |
"{A45C5040-EDF4-4047-9061-512D1C2873E4}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{BB349E5C-FFE1-4839-AA6F-141248DE7E88}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BFF589D3-BE8C-4682-BADF-237B0533C107}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C485850E-2440-4845-B791-E3B9B55DD664}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{CAB5DF8D-A095-437F-984E-45FD1B9AE4C2}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{CFE032A0-3609-4996-A2E0-E49027EB30C7}" = protocol=17 | dir=in | app=e:\origin games\battlefield 4\bf4_x86.exe |
"{E08D2824-E712-4F3A-B3EB-1520A9790BFC}" = protocol=6 | dir=in | app=e:\origin games\battlefield 4\bf4.exe |
"{E6F14EA7-7099-4C26-B588-489D23C93408}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EAC9D300-5DC3-45CC-A2C4-2D7C792072FF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F621EB0A-488C-4E57-BCB9-49D779F4E784}" = protocol=6 | dir=in | app=e:\gamesgecrackt\nba2k14\nba2k14.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{14297226-E0A0-3781-8911-E9D529552663}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{308051DA-0048-7A07-FE8B-9B6EC119A9E8}" = AMD Catalyst Install Manager
"{44AAA767-F540-F091-4571-ADCBC10B0C92}" = AMD Fuel
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{678A75C7-5953-B109-57EE-46C7BA4C29C1}" = AMD Drag and Drop Transcoding
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{AEF57B06-B494-8180-AFC7-05EFB1DB2B64}" = ccc-utility64
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{BD1BCEF8-5CD6-D8ED-7D36-31C2172076EA}" = AMD Media Foundation Decoders
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{ED273D26-E354-1A5B-A0D0-CB5258D43BD2}" = AMD Wireless Display v3.0
"{FCC4426F-0296-D30D-729C-E76C8E7252C7}" = AMD Accelerated Video Transcoding
"Microsoft Security Client" = Microsoft Security Essentials
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 5.00 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{046B79EE-7ED3-37A4-621A-FE297EF484C2}" = CCC Help Greek
"{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0
"{10CB5DDD-38E1-2EB2-F62C-C1948A99943E}" = AMD Catalyst Control Center
"{1194740D-0DB8-A508-31BA-E722597B4516}" = Catalyst Control Center Graphics Previews Common
"{1FB16E3B-3AFB-46CB-6E83-2F5A0CF4ED16}" = Catalyst Control Center Localization All
"{2E3A81FB-7952-F8CB-9AD5-50544E2F4838}" = CCC Help Czech
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{4172E797-CE12-AC47-05B7-0E48BDB33E75}" = CCC Help Russian
"{4428AEE6-FA5E-2913-8D12-B410E85E11AA}" = CCC Help Spanish
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}" = NBA 2K14
"{4FF1533E-FF2C-A04A-25DD-A8AEC6FA106B}" = CCC Help Chinese Standard
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.24
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{6071CB80-DABC-B10D-F244-7F410FB3B150}" = CCC Help Polish
"{6343B6BA-F97F-B336-9ED8-FFD43776E84D}" = CCC Help Finnish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8D3A11D0-D925-FA0F-43F3-242E49975CD2}" = CCC Help Danish
"{8EF39A9F-6A57-9706-86A5-9312D9ED8016}" = CCC Help Portuguese
"{92352C97-C657-DB89-5F3A-E8C3789D9C89}" = CCC Help Chinese Traditional
"{95545E55-3309-1929-FF41-2908A9706742}" = CCC Help Turkish
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{9CA5F712-9CAA-B3CB-02D3-7134DFC8801E}" = CCC Help French
"{A128A816-FD3F-990E-DD80-E1735BD718AE}" = CCC Help Italian
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABADE36E-EC37-413B-8179-B432AD3FACE7}" = Battlefield 4™
"{AFC9ECA9-6A4E-1370-98F3-002B63B5AF8E}" = CCC Help Thai
"{B88F2045-CF9A-996C-1670-6F7D65F1D18A}" = CCC Help Norwegian
"{BED96D0C-7743-3CE3-F7DF-A0A4475FBF2F}" = CCC Help Hungarian
"{CB79256B-C0E0-40C6-8EB7-BDD796203581}" = Catalyst Control Center - Branding
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E297492A-E114-CAE0-502E-5F36C386DD30}" = CCC Help Dutch
"{E6533A85-ED92-F897-2B68-58AC3BD87F94}" = CCC Help English
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{EBAC163A-588E-1E5A-3CE8-826E9A449244}" = CCC Help Korean
"{ED4108A9-60FD-4F18-AF42-122219977773}" = Razer Naga
"{ED65BD75-CEF3-C0C2-9E9C-FA567484FF60}" = CCC Help Japanese
"{EEB34D84-92A1-7BE3-6DB7-ABD1C4912D6B}" = Catalyst Control Center InstallProxy
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1289D68-1C48-930F-51CF-577BDB371252}" = CCC Help Swedish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3F340A5-64EC-AEEC-4BDF-DC537D390BF5}" = CCC Help German
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Battlelog Web Plugins" = Battlelog Web Plugins
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESN Sonar-0.70.4" = ESN Sonar
"Google Chrome" = Google Chrome
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"QmF0bWFuQXJraGFtT3JpZ2lucw==_is1" = Batman Arkham Origins
"Steam" = Steam
"Steam App 224260" = No More Room in Hell
"Usenet.nl_is1" = Usenet.nl
"VGhlQnVyZWF1WENPTURlY2xhc3NpZmllZA==_is1" = The Bureau: XCOM Declassified
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.1.2
"Yahoo! Messenger" = Yahoo! Messenger
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.01.2014 16:21:18 | Computer Name = Raubtier-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.01.2014 16:36:11 | Computer Name = Raubtier-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.01.2014 17:03:25 | Computer Name = Raubtier-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.01.2014 17:24:02 | Computer Name = Raubtier-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.01.2014 17:34:39 | Computer Name = Raubtier-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.01.2014 17:42:07 | Computer Name = Raubtier-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer"
nicht initialisiert werden. Details: Could not query the status of the EventSystem
service. System Error: Der Computer wird heruntergefahren. .
Error - 10.01.2014 17:46:54 | Computer Name = Raubtier-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.01.2014 17:52:32 | Computer Name = Raubtier-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.01.2014 19:51:06 | Computer Name = Raubtier-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.01.2014 20:03:53 | Computer Name = Raubtier-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 10.01.2014 19:58:39 | Computer Name = Raubtier-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Heimnetzgruppen-Anbieter" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 10.01.2014 19:58:52 | Computer Name = Raubtier-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "RPC-Endpunktzuordnung" Korrekturmaßnahmen (Neustart des Diensts)
durchzuführen, ist fehlgeschlagen. Fehler: %%1056
Error - 10.01.2014 19:59:39 | Computer Name = Raubtier-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
DHCP-Client erreicht.
Error - 10.01.2014 19:59:39 | Computer Name = Raubtier-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DHCP-Client" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 10.01.2014 19:59:39 | Computer Name = Raubtier-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Remoteprozeduraufruf (RPC)" ist vom Dienst "RPC-Endpunktzuordnung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1062
Error - 10.01.2014 19:59:39 | Computer Name = Raubtier-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Sicherheitscenter" ist vom Dienst "Windows-Verwaltungsinstrumentation"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.01.2014 20:02:11 | Computer Name = Raubtier-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?11.?01.?2014 um 00:57:29 unerwartet heruntergefahren.
Error - 10.01.2014 20:02:17 | Computer Name = Raubtier-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Net.Msmq Listener Adapter" ist von folgendem Dienst abhängig:
msmq. Dieser Dienst ist eventuell nicht installiert.
Error - 10.01.2014 20:02:17 | Computer Name = Raubtier-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Net.Pipe Listener Adapter" ist von folgendem Dienst abhängig:
was. Dieser Dienst ist eventuell nicht installiert.
Error - 10.01.2014 20:02:17 | Computer Name = Raubtier-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Net.Tcp Listener Adapter" ist vom Dienst "Net.Tcp Port
Sharing Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
< End of report >
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2014 02
Ran by Raubtier (administrator) on RAUBTIER-PC on 11-01-2014 13:24:15
Running from C:\Users\Raubtier\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Razer USA Ltd) C:\Programme\Razer\Naga\RazerNagaSysTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Elaborate Bytes AG) C:\ProgrammeVirtualCloneDrive\VCDDaemon.exe
(Advanced Micro Devices Inc.) C:\Programme\AMD\ATI.ACE\Core-Static\MOM.exe
(Yahoo! Inc.) C:\Program Files\Messenger\Ymsgr_tray.exe
(ATI Technologies Inc.) C:\Programme\AMD\ATI.ACE\Core-Static\CCC.exe
Code:
ATTFilter OTL logfile created on: 11.01.2014 01:23:57 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Raubtier\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16428) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,26 Gb Available Physical Memory | 78,39% Memory free 15,96 Gb Paging File | 13,93 Gb Available in Paging File | 87,27% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 146,48 Gb Total Space | 91,49 Gb Free Space | 62,46% Space Free | Partition Type: NTFS Drive D: | 488,28 Gb Total Space | 263,52 Gb Free Space | 53,97% Space Free | Partition Type: NTFS Drive E: | 443,10 Gb Total Space | 289,63 Gb Free Space | 65,36% Space Free | Partition Type: NTFS Drive G: | 341,80 Gb Total Space | 164,28 Gb Free Space | 48,06% Space Free | Partition Type: NTFS Drive H: | 443,23 Gb Total Space | 43,33 Gb Free Space | 9,78% Space Free | Partition Type: NTFS Computer Name: RAUBTIER-PC | User Name: Raubtier | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Raubtier\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Users\Raubtier\Desktop\Process Explorer.exe (Sysinternals - www.sysinternals.com) PRC - C:\Programme\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AMD FUEL Service) -- C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (Disc Soft Ltd) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc) DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (RzSynapse) -- C:\Windows\SysNative\drivers\RzSynapse.sys (Razer USA Ltd) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation) DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (AODDriver4.2.0) -- C:\Programme\AMD\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-199586521-2663480010-3892174971-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ IE - HKU\S-1-5-21-199586521-2663480010-3892174971-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-199586521-2663480010-3892174971-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 57 29 FF 8B 04 CF 01 [binary data] IE - HKU\S-1-5-21-199586521-2663480010-3892174971-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-199586521-2663480010-3892174971-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-199586521-2663480010-3892174971-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.2: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Programme\VLC\npvlc.dll (VideoLAN) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: CHR - Extension: ProxTube = C:\Users\Raubtier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.7_0\ CHR - Extension: Google Docs = C:\Users\Raubtier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Raubtier\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Raubtier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Adblock Plus = C:\Users\Raubtier\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.2_0\ CHR - Extension: Google-Suche = C:\Users\Raubtier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: AdBlock = C:\Users\Raubtier\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\ CHR - Extension: Google Wallet = C:\Users\Raubtier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\ CHR - Extension: Google Mail = C:\Users\Raubtier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Razer Naga Driver] C:\Programme\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd) O4 - HKLM..\Run: [StartCCC] C:\Programme\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6284728D-E2A5-4CC3-B834-D361ECA5AAF5}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6284728D-E2A5-4CC3-B834-D361ECA5AAF5}: NameServer = 8.8.8.8,8.8.4.4 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{6bc5735a-707c-11e3-bfca-b0487a86f527}\Shell - "" = AutoRun O33 - MountPoints2\{6bc5735a-707c-11e3-bfca-b0487a86f527}\Shell\AutoRun\command - "" = K:\setup.exe O33 - MountPoints2\{775807df-7076-11e3-83df-b0487a86f527}\Shell - "" = AutoRun O33 - MountPoints2\{775807df-7076-11e3-83df-b0487a86f527}\Shell\AutoRun\command - "" = J:\setup.exe O33 - MountPoints2\{a13df7ad-7075-11e3-bae0-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{a13df7ad-7075-11e3-bae0-806e6f6e6963}\Shell\AutoRun\command - "" = I:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014.01.11 01:23:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Raubtier\Desktop\OTL.exe [2014.01.10 22:04:58 | 000,791,552 | ---- | C] (AMD) -- C:\Users\Raubtier\Desktop\amddriverdownloader.exe [2014.01.10 21:40:14 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\Desktop\cpu-z-168 [2014.01.07 20:43:47 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\Tracing [2014.01.07 12:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2014.01.07 12:55:37 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2014.01.07 12:55:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live [2014.01.07 12:51:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive [2014.01.07 12:50:57 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\AppData\Local\Windows Live [2014.01.07 12:50:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live [2014.01.07 12:50:35 | 001,245,168 | ---- | C] (Microsoft Corporation) -- C:\Users\Raubtier\Desktop\wlsetup-web.exe [2014.01.07 00:57:54 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\Documents\Usenet.nl [2014.01.07 00:57:53 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\AppData\Roaming\Usenet.nl [2014.01.07 00:57:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Usenet.nl [2014.01.07 00:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\Usenet.nl [2014.01.03 21:18:56 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\AppData\Roaming\Malwarebytes [2014.01.03 21:18:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2014.01.03 21:18:41 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2014.01.03 21:18:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2014.01.02 23:15:21 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\Documents\WB Games [2014.01.02 23:11:14 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\AppData\Roaming\2K Sports [2014.01.02 00:30:30 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\AppData\Local\Microsoft Games [2014.01.01 22:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories [2014.01.01 22:35:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Xbox 360 Accessories [2014.01.01 21:18:04 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\AppData\Roaming\Skype [2014.01.01 21:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2014.01.01 21:17:57 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2014.01.01 21:17:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2014.01.01 21:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2014.01.01 20:53:03 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\AppData\Local\ESN Sonar [2013.12.31 01:25:42 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\AppData\Roaming\vlc [2013.12.30 22:20:28 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.12.30 20:47:48 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\AppData\Roaming\TS3Client [2013.12.30 19:28:51 | 000,000,000 | ---D | C] -- C:\Program Files\HDDGURU LLF Tool [2013.12.30 12:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Data Lifeguard Diagnostic for Windows [2013.12.30 12:34:08 | 000,000,000 | ---D | C] -- C:\Program Files\Data Lifeguard Diagnostic for Windows [2013.12.30 06:36:02 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2013.12.30 06:36:01 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.12.30 06:36:01 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.12.30 06:36:01 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.12.30 06:36:01 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.12.30 06:36:01 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.12.30 06:36:01 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2013.12.30 06:36:01 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.12.30 06:36:00 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.12.30 06:36:00 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2013.12.30 06:36:00 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.12.30 06:36:00 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2013.12.30 06:36:00 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2013.12.30 06:35:58 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.12.30 06:35:58 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.12.30 06:35:56 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.12.30 06:28:12 | 000,088,832 | ---- | C] (Etron Technology Inc) -- C:\Windows\SysNative\drivers\EtronXHCI.sys [2013.12.30 06:28:12 | 000,065,152 | ---- | C] (Etron Technology Inc) -- C:\Windows\SysNative\drivers\EtronHub3.sys [2013.12.30 06:28:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Etron Technology [2013.12.30 06:20:31 | 000,000,000 | ---D | C] -- C:\Windows\Migration [2013.12.30 06:19:15 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE [2013.12.30 06:15:14 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.12.30 06:15:14 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.12.30 06:15:10 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll [2013.12.30 06:15:10 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.12.30 06:15:10 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.12.30 06:15:10 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.12.30 06:15:10 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.12.30 06:15:10 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.12.30 06:15:10 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.12.30 06:15:10 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.12.30 06:15:10 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.12.30 06:15:10 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.12.30 06:15:10 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.12.30 06:15:10 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll [2013.12.30 06:15:10 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.12.30 06:15:10 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.12.30 06:15:09 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.12.30 06:15:09 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll [2013.12.30 06:15:09 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.12.30 06:15:09 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.12.30 06:15:09 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.12.30 06:15:09 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.12.30 06:15:09 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.12.30 06:15:09 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.12.30 06:15:09 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.12.30 06:15:09 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.12.30 06:15:09 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.12.30 06:15:09 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.12.30 06:15:09 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll [2013.12.30 06:15:09 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.12.30 06:15:09 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2013.12.30 06:15:09 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.12.30 06:15:09 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.12.30 06:15:08 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.12.30 06:15:08 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.12.30 06:15:08 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.12.30 06:15:08 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.12.30 06:15:08 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.12.30 06:15:08 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.12.30 06:15:08 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.12.30 06:15:08 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.12.30 06:15:08 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.12.30 06:15:08 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.12.30 06:15:08 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.12.30 06:15:08 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.12.30 06:15:08 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.12.30 06:15:08 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.12.30 06:15:08 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.12.30 06:15:08 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll [2013.12.30 06:15:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.12.30 06:15:07 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.12.30 06:15:07 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.12.30 06:15:07 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.12.30 06:15:07 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.12.30 06:15:07 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.12.30 06:15:07 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.12.30 06:15:07 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.12.30 06:15:07 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.12.30 06:15:07 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.12.30 06:15:07 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll [2013.12.30 06:15:07 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.12.30 06:15:07 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.12.30 06:15:07 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.12.30 06:15:07 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.12.30 06:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.12.30 06:02:35 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [2013.12.30 05:56:43 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll [2013.12.30 05:56:38 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013.12.30 05:56:29 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys [2013.12.30 05:56:28 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys [2013.12.30 05:56:26 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2013.12.30 05:56:26 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.12.30 05:56:26 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2013.12.30 05:56:26 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2013.12.30 05:56:26 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll [2013.12.30 05:56:11 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe [2013.12.30 05:56:11 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe [2013.12.30 05:56:10 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll [2013.12.30 05:53:21 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx [2013.12.30 05:53:21 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx [2013.12.30 05:53:20 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll [2013.12.30 05:53:20 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll [2013.12.30 05:53:20 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe [2013.12.30 05:53:20 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe [2013.12.30 05:53:19 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll [2013.12.30 05:53:19 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll [2013.12.30 05:53:19 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL [2013.12.30 05:53:19 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL [2013.12.30 05:49:26 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2013.12.30 05:49:26 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2013.12.30 05:49:26 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2013.12.30 05:49:16 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2013.12.30 05:49:16 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2013.12.30 05:49:16 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2013.12.30 05:49:00 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2013.12.30 05:49:00 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2013.12.29 23:14:23 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\AppData\Local\Diagnostics [2013.12.29 23:11:52 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\AppData\Local\ElevatedDiagnostics [2013.12.29 22:42:51 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\AppData\Local\MigWiz [2013.12.29 22:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.12.29 22:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.12.29 22:25:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT [2013.12.29 22:05:42 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\AppData\Roaming\WinRAR [2013.12.29 21:28:00 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\AppData\Local\PunkBuster [2013.12.29 21:06:28 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\Documents\Battlefield 4 [2013.12.29 20:34:41 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\AppData\Local\Razer [2013.12.29 20:26:33 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\AppData\Local\Abelssoft [2013.12.29 20:26:30 | 000,000,000 | ---D | C] -- C:\Program Files\CheckDrive [2013.12.29 20:15:18 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\AppData\Local\ESN [2013.12.29 16:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam [2013.12.29 16:04:50 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2013.12.29 16:04:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins [2013.12.29 16:02:27 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll [2013.12.29 16:02:27 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll [2013.12.29 16:02:27 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll [2013.12.29 16:02:27 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll [2013.12.29 16:02:27 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll [2013.12.29 16:02:27 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll [2013.12.29 16:02:26 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll [2013.12.29 16:02:26 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll [2013.12.29 16:02:26 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll [2013.12.29 16:02:26 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll [2013.12.29 16:02:26 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll [2013.12.29 16:02:26 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll [2013.12.29 16:02:26 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll [2013.12.29 16:02:26 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll [2013.12.29 16:02:25 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll [2013.12.29 16:02:25 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll [2013.12.29 16:02:25 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll [2013.12.29 16:02:25 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll [2013.12.29 16:02:25 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll [2013.12.29 16:02:25 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll [2013.12.29 16:02:24 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll [2013.12.29 16:02:24 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll [2013.12.29 16:02:24 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll [2013.12.29 16:02:24 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll [2013.12.29 16:02:22 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll [2013.12.29 16:02:22 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll [2013.12.29 16:02:21 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll [2013.12.29 16:02:21 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll [2013.12.29 16:02:21 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll [2013.12.29 16:02:21 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll [2013.12.29 16:02:20 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll [2013.12.29 16:02:20 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll [2013.12.29 16:02:20 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll [2013.12.29 16:02:20 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll [2013.12.29 16:02:19 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll [2013.12.29 16:02:19 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll [2013.12.29 16:02:19 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll [2013.12.29 16:02:19 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll [2013.12.29 16:02:19 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll [2013.12.29 16:02:19 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll [2013.12.29 16:02:19 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll [2013.12.29 16:02:19 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll [2013.12.29 16:02:18 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll [2013.12.29 16:02:18 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll [2013.12.29 16:02:18 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll [2013.12.29 16:02:18 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll [2013.12.29 16:02:18 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll [2013.12.29 16:02:18 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll [2013.12.29 16:02:17 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll [2013.12.29 16:02:17 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll [2013.12.29 16:02:17 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll [2013.12.29 16:02:17 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll [2013.12.29 16:02:17 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll [2013.12.29 16:02:17 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll [2013.12.29 16:02:17 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll [2013.12.29 16:02:17 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll [2013.12.29 16:02:16 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll [2013.12.29 16:02:16 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll [2013.12.29 16:02:15 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll [2013.12.29 16:02:15 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll [2013.12.29 16:02:15 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll [2013.12.29 16:02:15 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll [2013.12.29 16:02:14 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll [2013.12.29 16:02:14 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll [2013.12.29 16:02:14 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll [2013.12.29 16:02:14 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll [2013.12.29 16:02:14 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll [2013.12.29 16:02:14 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll [2013.12.29 16:02:14 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll [2013.12.29 16:02:14 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll [2013.12.29 16:02:13 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll [2013.12.29 16:02:13 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll [2013.12.29 16:02:13 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll [2013.12.29 16:02:13 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll [2013.12.29 16:02:13 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll [2013.12.29 16:02:13 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll [2013.12.29 16:02:13 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll [2013.12.29 16:02:13 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll [2013.12.29 16:02:12 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll [2013.12.29 16:02:12 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll [2013.12.29 16:02:12 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll [2013.12.29 16:02:12 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll [2013.12.29 16:02:12 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll [2013.12.29 16:02:12 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll [2013.12.29 16:02:12 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll [2013.12.29 16:02:12 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll [2013.12.29 16:02:12 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll [2013.12.29 16:02:12 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll [2013.12.29 16:02:12 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll [2013.12.29 16:02:12 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll [2013.12.29 16:02:11 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll [2013.12.29 16:02:11 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll [2013.12.29 16:02:11 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll [2013.12.29 16:02:11 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll [2013.12.29 16:02:11 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll [2013.12.29 16:02:11 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll [2013.12.29 16:02:11 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll [2013.12.29 16:02:11 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll [2013.12.29 16:02:10 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll [2013.12.29 16:02:10 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll [2013.12.29 16:02:10 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll [2013.12.29 16:02:10 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll [2013.12.29 16:02:10 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll [2013.12.29 16:02:10 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll [2013.12.29 16:02:10 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll [2013.12.29 16:02:10 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll [2013.12.29 16:02:09 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll [2013.12.29 16:02:09 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll [2013.12.29 16:02:09 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll [2013.12.29 16:02:09 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll [2013.12.29 16:02:09 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll [2013.12.29 16:02:09 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll [2013.12.29 16:02:08 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll [2013.12.29 16:02:08 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll [2013.12.29 16:02:07 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll [2013.12.29 16:02:07 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll [2013.12.29 16:02:07 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll [2013.12.29 16:02:07 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll [2013.12.29 16:02:07 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll [2013.12.29 16:02:07 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll [2013.12.29 16:02:07 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll [2013.12.29 16:02:07 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll [2013.12.29 16:02:07 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll [2013.12.29 16:02:07 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll [2013.12.29 16:02:06 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll [2013.12.29 16:02:06 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll [2013.12.29 16:02:06 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll [2013.12.29 16:02:06 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll [2013.12.29 16:02:06 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll [2013.12.29 16:02:06 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll [2013.12.29 16:02:06 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll [2013.12.29 16:02:06 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll [2013.12.29 16:02:04 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll [2013.12.29 16:02:04 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll [2013.12.29 16:02:04 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll [2013.12.29 16:02:04 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll [2013.12.29 16:02:04 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll [2013.12.29 16:02:04 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll [2013.12.29 16:02:04 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll [2013.12.29 16:02:04 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll [2013.12.29 16:02:02 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll [2013.12.29 16:02:02 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll [2013.12.29 16:02:02 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll [2013.12.29 16:02:02 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll [2013.12.29 16:02:01 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll [2013.12.29 16:02:01 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll [2013.12.29 16:02:01 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll [2013.12.29 16:02:01 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll [2013.12.29 16:02:00 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll [2013.12.29 16:02:00 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll [2013.12.29 16:02:00 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll [2013.12.29 16:02:00 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll [2013.12.29 16:02:00 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll [2013.12.29 16:02:00 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll [2013.12.29 16:02:00 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll [2013.12.29 16:02:00 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll [2013.12.29 16:02:00 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll [2013.12.29 16:02:00 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll [2013.12.29 16:01:59 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll [2013.12.29 16:01:59 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll [2013.12.29 16:01:59 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll [2013.12.29 16:01:59 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll [2013.12.29 16:01:58 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll [2013.12.29 16:01:58 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll [2013.12.29 16:01:56 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll [2013.12.29 16:01:56 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll [2013.12.29 16:01:55 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll [2013.12.29 16:01:55 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll [2013.12.29 16:01:55 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll [2013.12.29 16:01:55 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll [2013.12.29 16:01:55 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll [2013.12.29 16:01:55 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll [2013.12.29 16:01:55 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll [2013.12.29 16:01:55 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll [2013.12.29 16:01:54 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll [2013.12.29 16:01:54 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll [2013.12.29 16:01:54 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll [2013.12.29 16:01:54 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll [2013.12.29 16:01:54 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll [2013.12.29 16:01:54 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll [2013.12.29 16:01:53 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll [2013.12.29 16:01:53 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll [2013.12.29 15:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2013.12.29 15:29:58 | 000,283,064 | ---- | C] (Disc Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2013.12.29 15:29:56 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\AppData\Roaming\DAEMON Tools Lite [2013.12.29 15:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2013.12.29 15:28:39 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2013.12.29 14:23:19 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\AppData\Local\Programs [2013.12.29 13:11:02 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\AppData\Roaming\Yahoo! [2013.12.29 13:10:40 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\AppData\Roaming\Macromedia [2013.12.29 13:09:49 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.12.29 13:09:49 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.12.29 13:09:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2013.12.29 13:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger [2013.12.29 13:09:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! [2013.12.29 13:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger [2013.12.29 13:07:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo! [2013.12.29 13:05:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.12.29 13:05:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer [2013.12.29 13:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer [2013.12.29 13:02:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer [2013.12.29 13:02:50 | 000,000,000 | ---D | C] -- C:\Program Files\Razer [2013.12.29 12:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2013.12.29 12:57:30 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client [2013.12.29 12:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.12.29 12:49:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.12.29 12:49:47 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\AppData\Local\Google [2013.12.29 12:49:33 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\AppData\Local\Deployment [2013.12.29 12:49:33 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\AppData\Local\Apps [2013.12.29 12:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013.12.29 12:30:42 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\AppData\Local\AMD [2013.12.29 12:30:18 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\AppData\Roaming\ATI [2013.12.29 12:30:18 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\AppData\Local\ATI [2013.12.29 12:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013.12.29 12:23:32 | 002,738,264 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Raubtier\Desktop\Process Explorer.exe [2013.12.29 12:22:44 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\AppData\Roaming\Origin [2013.12.29 12:22:43 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\AppData\Local\Origin [2013.12.29 12:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2013.12.29 12:21:54 | 000,000,000 | ---D | C] -- C:\Program Files\Steam [2013.12.29 12:21:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2013.12.29 12:21:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2013.12.29 12:21:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2013.12.29 12:20:50 | 000,000,000 | ---D | C] -- C:\Program Files\Origin [2013.12.29 12:19:38 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.12.29 12:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.12.29 12:18:52 | 000,000,000 | ---D | C] -- C:\ProgrammeVirtualCloneDrive [2013.12.29 12:18:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes [2013.12.29 12:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.12.29 12:18:22 | 000,000,000 | ---D | C] -- C:\Program Files\VLC [2013.12.29 12:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2013.12.29 12:13:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2013.12.29 12:13:41 | 000,056,448 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\usbfilter.sys [2013.12.29 12:13:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2013.12.29 12:12:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2013.12.29 12:12:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2013.12.29 12:08:20 | 000,646,248 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys [2013.12.29 12:08:20 | 000,107,552 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll [2013.12.29 12:07:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2013.12.29 12:07:38 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2013.12.29 12:07:30 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64H.dll [2013.12.29 12:07:30 | 003,746,408 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkHDM64.dll [2013.12.29 12:07:30 | 002,526,824 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RHDMEx64.dll [2013.12.29 12:07:30 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64H.dll [2013.12.29 12:07:30 | 000,372,056 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64H.dll [2013.12.29 12:07:30 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DHT64.dll [2013.12.29 12:07:30 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DAA64.dll [2013.12.29 12:07:30 | 000,237,968 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys [2013.12.29 12:07:30 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64H.dll [2013.12.29 12:07:30 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64H.dll [2013.12.29 12:07:30 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64H.dll [2013.12.29 12:07:30 | 000,097,624 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64H.dll [2013.12.29 12:07:30 | 000,092,264 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RHCoInst64.dll [2013.12.29 12:07:30 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64H.dll [2013.12.29 12:07:30 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64H.dll [2013.12.29 12:07:29 | 003,615,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll [2013.12.29 12:07:29 | 002,674,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll [2013.12.29 12:07:29 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2013.12.29 12:07:29 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2013.12.29 12:07:29 | 000,869,520 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll [2013.12.29 12:07:29 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2013.12.29 12:07:29 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2013.12.29 12:07:29 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2013.12.29 12:07:29 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2013.12.29 12:07:29 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2013.12.29 12:07:29 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2013.12.29 12:07:29 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2013.12.29 12:07:29 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll [2013.12.29 12:07:28 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2013.12.29 12:07:28 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2013.12.29 12:07:28 | 001,262,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll [2013.12.29 12:07:28 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2013.12.29 12:07:28 | 000,897,152 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBAPO64.dll [2013.12.29 12:07:28 | 000,753,280 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBAPO32.dll [2013.12.29 12:07:28 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2013.12.29 12:07:28 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2013.12.29 12:07:28 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2013.12.29 12:07:28 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2013.12.29 12:07:28 | 000,105,616 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll [2013.12.29 12:07:28 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2013.12.29 12:07:28 | 000,083,072 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBWrp64.dll [2013.12.29 12:07:28 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2013.12.29 12:07:28 | 000,065,112 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBppld64.dll [2013.12.29 12:07:28 | 000,060,504 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBPPCn64.dll [2013.12.29 12:07:27 | 000,202,336 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll [2013.12.29 12:07:27 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll [2013.12.29 12:07:27 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2013.12.29 12:07:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2013.12.29 12:07:24 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2013.12.29 12:07:23 | 001,706,640 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2013.12.29 12:07:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2013.12.29 12:07:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2013.12.29 12:07:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2013.12.29 12:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center [2013.12.29 12:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2013.12.29 12:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2013.12.29 12:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2013.12.29 12:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2013.12.29 12:02:34 | 000,000,000 | ---D | C] -- C:\Program Files\AMD [2013.12.29 11:58:57 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\AppData\Roaming\Adobe [2013.12.29 11:58:56 | 000,000,000 | R--D | C] -- C:\Users\Raubtier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.12.29 11:58:56 | 000,000,000 | R--D | C] -- C:\Users\Raubtier\Searches [2013.12.29 11:58:56 | 000,000,000 | R--D | C] -- C:\Users\Raubtier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.12.29 11:58:45 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\AppData\Roaming\Identities [2013.12.29 11:58:43 | 000,000,000 | R--D | C] -- C:\Users\Raubtier\Contacts [2013.12.29 11:58:41 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\AppData\Local\VirtualStore [2013.12.29 11:58:32 | 000,000,000 | -HSD | C] -- C:\Users\Raubtier\Vorlagen [2013.12.29 11:58:32 | 000,000,000 | -HSD | C] -- C:\Users\Raubtier\AppData\Local\Verlauf [2013.12.29 11:58:32 | 000,000,000 | -HSD | C] -- C:\Users\Raubtier\AppData\Local\Temporary Internet Files [2013.12.29 11:58:32 | 000,000,000 | -HSD | C] -- C:\Users\Raubtier\Startmenü [2013.12.29 11:58:32 | 000,000,000 | -HSD | C] -- C:\Users\Raubtier\SendTo [2013.12.29 11:58:32 | 000,000,000 | -HSD | C] -- C:\Users\Raubtier\Recent [2013.12.29 11:58:32 | 000,000,000 | -HSD | C] -- C:\Users\Raubtier\Netzwerkumgebung [2013.12.29 11:58:32 | 000,000,000 | -HSD | C] -- C:\Users\Raubtier\Lokale Einstellungen [2013.12.29 11:58:32 | 000,000,000 | -HSD | C] -- C:\Users\Raubtier\Documents\Eigene Videos [2013.12.29 11:58:32 | 000,000,000 | -HSD | C] -- C:\Users\Raubtier\Documents\Eigene Musik [2013.12.29 11:58:32 | 000,000,000 | -HSD | C] -- C:\Users\Raubtier\Eigene Dateien [2013.12.29 11:58:32 | 000,000,000 | -HSD | C] -- C:\Users\Raubtier\Documents\Eigene Bilder [2013.12.29 11:58:32 | 000,000,000 | -HSD | C] -- C:\Users\Raubtier\Druckumgebung [2013.12.29 11:58:32 | 000,000,000 | -HSD | C] -- C:\Users\Raubtier\Cookies [2013.12.29 11:58:32 | 000,000,000 | -HSD | C] -- C:\Users\Raubtier\AppData\Local\Anwendungsdaten [2013.12.29 11:58:32 | 000,000,000 | -HSD | C] -- C:\Users\Raubtier\Anwendungsdaten [2013.12.29 11:58:31 | 000,000,000 | --SD | C] -- C:\Users\Raubtier\AppData\Roaming\Microsoft [2013.12.29 11:58:31 | 000,000,000 | R--D | C] -- C:\Users\Raubtier\Videos [2013.12.29 11:58:31 | 000,000,000 | R--D | C] -- C:\Users\Raubtier\Saved Games [2013.12.29 11:58:31 | 000,000,000 | R--D | C] -- C:\Users\Raubtier\Pictures [2013.12.29 11:58:31 | 000,000,000 | R--D | C] -- C:\Users\Raubtier\Music [2013.12.29 11:58:31 | 000,000,000 | R--D | C] -- C:\Users\Raubtier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.12.29 11:58:31 | 000,000,000 | R--D | C] -- C:\Users\Raubtier\Links [2013.12.29 11:58:31 | 000,000,000 | R--D | C] -- C:\Users\Raubtier\Favorites [2013.12.29 11:58:31 | 000,000,000 | R--D | C] -- C:\Users\Raubtier\Downloads [2013.12.29 11:58:31 | 000,000,000 | R--D | C] -- C:\Users\Raubtier\Documents [2013.12.29 11:58:31 | 000,000,000 | R--D | C] -- C:\Users\Raubtier\Desktop [2013.12.29 11:58:31 | 000,000,000 | R--D | C] -- C:\Users\Raubtier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.12.29 11:58:31 | 000,000,000 | -H-D | C] -- C:\Users\Raubtier\AppData [2013.12.29 11:58:31 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\AppData\Local\Temp [2013.12.29 11:58:31 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\AppData\Local\Microsoft [2013.12.29 11:58:31 | 000,000,000 | ---D | C] -- C:\Users\Raubtier\AppData\Roaming\Media Center Programs [2013.12.29 11:58:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.12.29 11:58:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.12.29 11:58:25 | 000,000,000 | -HSD | C] -- C:\Recovery [2013.12.29 11:58:25 | 000,000,000 | -HSD | C] -- C:\Programme [2013.12.29 11:58:25 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.12.29 11:58:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.12.29 11:58:25 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.12.29 11:58:25 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.12.29 11:58:25 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.12.29 11:58:25 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.12.29 11:58:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.12.29 11:58:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.12.29 11:48:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2013.12.29 11:47:30 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2013.12.29 11:43:36 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.12.29 11:41:25 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2013.12.29 11:40:41 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2013.12.29 11:39:47 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2013.12.29 11:39:32 | 000,000,000 | -HSD | C] -- C:\Boot [2013.12.29 11:17:37 | 008,287,008 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll [2013.12.29 11:17:37 | 000,143,304 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiuxp64.dll [2013.12.29 11:17:37 | 000,129,536 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst_13.251.dll [2013.12.29 11:17:37 | 000,126,336 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll [2013.12.29 11:17:37 | 000,110,080 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysNative\DelayAPO.dll [2013.12.29 11:17:37 | 000,099,840 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\OpenVideo64.dll [2013.12.29 11:17:37 | 000,094,208 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\AtihdW76.sys [2013.12.29 11:17:37 | 000,086,528 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\OVDecode64.dll [2013.12.29 11:17:37 | 000,083,968 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\OpenVideo.dll [2013.12.29 11:17:37 | 000,073,728 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\OVDecode.dll [2013.12.29 11:17:36 | 022,157,824 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll [2013.12.29 11:17:36 | 008,927,704 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll [2013.12.29 11:17:36 | 007,751,920 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd64.dll [2013.12.29 11:17:36 | 006,630,232 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdag.dll [2013.12.29 11:17:36 | 000,190,976 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll [2013.12.29 11:17:36 | 000,115,512 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll [2013.12.29 11:17:36 | 000,098,496 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll [2013.12.29 11:17:35 | 026,352,128 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll [2013.12.29 11:17:35 | 013,207,552 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys [2013.12.29 11:17:35 | 009,753,752 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atidxx64.dll [2013.12.29 11:17:35 | 008,406,024 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atidxx32.dll [2013.12.29 11:17:35 | 001,318,552 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\aticfx64.dll [2013.12.29 11:17:35 | 001,100,216 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\aticfx32.dll [2013.12.29 11:17:35 | 000,626,176 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys [2013.12.29 11:17:35 | 000,588,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe [2013.12.29 11:17:35 | 000,442,368 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atidemgy.dll [2013.12.29 11:17:35 | 000,332,800 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIODE.exe [2013.12.29 11:17:35 | 000,239,616 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe [2013.12.29 11:17:35 | 000,100,352 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll [2013.12.29 11:17:35 | 000,096,768 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll [2013.12.29 11:17:35 | 000,078,432 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll [2013.12.29 11:17:35 | 000,078,432 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll [2013.12.29 11:17:35 | 000,074,752 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll [2013.12.29 11:17:35 | 000,071,704 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll [2013.12.29 11:17:35 | 000,071,704 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll [2013.12.29 11:17:35 | 000,069,632 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll [2013.12.29 11:17:35 | 000,069,632 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll [2013.12.29 11:17:35 | 000,062,464 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll [2013.12.29 11:17:35 | 000,052,224 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll [2013.12.29 11:17:35 | 000,051,200 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIODCLI.exe [2013.12.29 11:17:35 | 000,031,232 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll [2013.12.29 11:17:34 | 015,716,352 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll [2013.12.29 11:17:34 | 014,302,208 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll [2013.12.29 11:17:34 | 001,144,320 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll [2013.12.29 11:17:34 | 000,825,344 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll [2013.12.29 11:17:34 | 000,368,640 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe [2013.12.29 11:17:34 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atibtmon.exe [2013.12.29 11:17:34 | 000,063,488 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2013.12.29 11:17:34 | 000,057,344 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2013.12.29 11:17:34 | 000,055,808 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll [2013.12.29 11:17:34 | 000,049,152 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll [2013.12.29 11:17:34 | 000,043,520 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll [2013.12.29 11:17:32 | 029,382,144 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\amdocl64.dll [2013.12.29 11:17:31 | 024,860,160 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\amdocl.dll ========== Files - Modified Within 30 Days ========== [2014.01.11 01:23:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Raubtier\Desktop\OTL.exe [2014.01.11 01:21:20 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014.01.11 01:09:26 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014.01.11 01:09:26 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014.01.11 01:06:29 | 001,618,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014.01.11 01:06:29 | 000,698,688 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2014.01.11 01:06:29 | 000,653,526 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014.01.11 01:06:29 | 000,148,828 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2014.01.11 01:06:29 | 000,121,398 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014.01.11 01:02:27 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014.01.11 01:02:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014.01.11 01:02:05 | 2132,877,311 | -HS- | M] () -- C:\hiberfil.sys [2014.01.11 00:58:39 | 000,007,603 | ---- | M] () -- C:\Users\Raubtier\AppData\Local\Resmon.ResmonCfg [2014.01.11 00:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014.01.10 22:04:59 | 000,791,552 | ---- | M] (AMD) -- C:\Users\Raubtier\Desktop\amddriverdownloader.exe [2014.01.10 21:38:42 | 001,994,222 | ---- | M] () -- C:\Users\Raubtier\Desktop\cpu-z-168.zip [2014.01.07 12:50:35 | 001,245,168 | ---- | M] (Microsoft Corporation) -- C:\Users\Raubtier\Desktop\wlsetup-web.exe [2014.01.07 00:57:49 | 000,001,682 | ---- | M] () -- C:\Users\Raubtier\Desktop\Usenet.nl.lnk [2014.01.07 00:57:16 | 007,457,256 | ---- | M] ( ) -- C:\Users\Raubtier\Desktop\UsenetNLSetup.exe [2014.01.03 21:18:44 | 000,000,914 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2014.01.02 23:11:00 | 000,001,520 | ---- | M] () -- C:\Users\Raubtier\Desktop\TheBureau.lnk [2014.01.02 23:10:26 | 000,001,045 | ---- | M] () -- C:\Users\Raubtier\Desktop\nba2k14.lnk [2014.01.02 23:09:35 | 000,001,669 | ---- | M] () -- C:\Users\Raubtier\Desktop\BatmanOrigins.lnk [2014.01.01 22:35:01 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf [2014.01.01 22:17:52 | 000,214,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2014.01.01 22:02:14 | 000,214,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2014.01.01 21:17:58 | 000,002,699 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2014.01.01 03:02:41 | 000,000,857 | ---- | M] () -- C:\Users\Raubtier\Desktop\Yahoo! Messenger.lnk [2013.12.30 19:29:01 | 000,000,001 | ---- | M] () -- C:\Users\Raubtier\AppData\Local\llftool.4.30.agreement [2013.12.30 06:21:50 | 001,591,896 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.12.30 06:15:14 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.12.30 06:15:14 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.12.30 06:15:10 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.12.30 06:15:10 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll [2013.12.30 06:15:10 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.12.30 06:15:10 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.12.30 06:15:10 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.12.30 06:15:10 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.12.30 06:15:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.12.30 06:15:10 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.12.30 06:15:10 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.12.30 06:15:10 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.12.30 06:15:10 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.12.30 06:15:10 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.12.30 06:15:10 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll [2013.12.30 06:15:10 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.12.30 06:15:10 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.12.30 06:15:10 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.12.30 06:15:09 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll [2013.12.30 06:15:09 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.12.30 06:15:09 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.12.30 06:15:09 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.12.30 06:15:09 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.12.30 06:15:09 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.12.30 06:15:09 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.12.30 06:15:09 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.12.30 06:15:09 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.12.30 06:15:09 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.12.30 06:15:09 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.12.30 06:15:09 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll [2013.12.30 06:15:09 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.12.30 06:15:09 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2013.12.30 06:15:09 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.12.30 06:15:09 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.12.30 06:15:08 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.12.30 06:15:08 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.12.30 06:15:08 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.12.30 06:15:08 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.12.30 06:15:08 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.12.30 06:15:08 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.12.30 06:15:08 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.12.30 06:15:08 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.12.30 06:15:08 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.12.30 06:15:08 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.12.30 06:15:08 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.12.30 06:15:08 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.12.30 06:15:08 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.12.30 06:15:08 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.12.30 06:15:08 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.12.30 06:15:08 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll [2013.12.30 06:15:08 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.12.30 06:15:08 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.12.30 06:15:07 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.12.30 06:15:07 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.12.30 06:15:07 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.12.30 06:15:07 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.12.30 06:15:07 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.12.30 06:15:07 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.12.30 06:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.12.30 06:15:07 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.12.30 06:15:07 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.12.30 06:15:07 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll [2013.12.30 06:15:07 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.12.30 06:15:07 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.12.30 06:15:07 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.12.30 06:15:07 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.12.30 06:08:27 | 000,294,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.12.29 16:04:04 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.12.29 15:29:58 | 000,283,064 | ---- | M] (Disc Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2013.12.29 13:09:49 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.12.29 13:09:49 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.12.29 13:03:06 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RzSynapse_01007.Wdf [2013.12.29 12:57:34 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2013.12.29 12:29:22 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2013.12.29 12:13:05 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.12.29 12:01:35 | 000,372,091 | RHS- | M] () -- C:\WOYBL [2013.12.29 11:45:44 | 000,161,548 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2013.12.29 11:45:44 | 000,161,548 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2013.12.29 11:39:34 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK ========== Files Created - No Company Name ========== [2014.01.10 21:38:39 | 001,994,222 | ---- | C] () -- C:\Users\Raubtier\Desktop\cpu-z-168.zip [2014.01.07 00:57:49 | 000,001,682 | ---- | C] () -- C:\Users\Raubtier\Desktop\Usenet.nl.lnk [2014.01.07 00:57:10 | 007,457,256 | ---- | C] ( ) -- C:\Users\Raubtier\Desktop\UsenetNLSetup.exe [2014.01.03 21:18:44 | 000,000,914 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2014.01.02 23:11:00 | 000,001,520 | ---- | C] () -- C:\Users\Raubtier\Desktop\TheBureau.lnk [2014.01.02 23:10:26 | 000,001,045 | ---- | C] () -- C:\Users\Raubtier\Desktop\nba2k14.lnk [2014.01.02 23:09:35 | 000,001,669 | ---- | C] () -- C:\Users\Raubtier\Desktop\BatmanOrigins.lnk [2014.01.01 22:35:01 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf [2014.01.01 21:17:58 | 000,002,699 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2014.01.01 03:02:41 | 000,000,857 | ---- | C] () -- C:\Users\Raubtier\Desktop\Yahoo! Messenger.lnk [2013.12.30 23:09:13 | 000,007,603 | ---- | C] () -- C:\Users\Raubtier\AppData\Local\Resmon.ResmonCfg [2013.12.30 19:29:01 | 000,000,001 | ---- | C] () -- C:\Users\Raubtier\AppData\Local\llftool.4.30.agreement [2013.12.30 06:15:10 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.12.30 06:15:08 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.12.29 16:04:07 | 000,214,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.12.29 16:04:07 | 000,214,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.12.29 16:04:04 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.12.29 13:09:50 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.12.29 13:03:06 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RzSynapse_01007.Wdf [2013.12.29 12:57:34 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2013.12.29 12:49:54 | 000,001,114 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.12.29 12:49:53 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.12.29 12:29:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013.12.29 12:13:05 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif [2013.12.29 12:13:01 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2013.12.29 12:08:20 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll [2013.12.29 12:07:28 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2013.12.29 12:01:34 | 000,372,091 | RHS- | C] () -- C:\WOYBL [2013.12.29 11:58:57 | 000,001,421 | ---- | C] () -- C:\Users\Raubtier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.12.29 11:50:47 | 001,591,896 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.12.29 11:45:03 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2013.12.29 11:44:49 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2013.12.29 11:40:42 | 2132,877,311 | -HS- | C] () -- C:\hiberfil.sys [2013.12.29 11:39:34 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK [2013.12.29 11:39:32 | 000,383,786 | RHS- | C] () -- C:\bootmgr [2013.12.29 11:17:37 | 003,461,040 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap [2013.12.29 11:17:37 | 000,234,036 | ---- | C] () -- C:\Windows\SysNative\ativvaxy_cik.dat [2013.12.29 11:17:37 | 000,233,776 | ---- | C] () -- C:\Windows\SysNative\ativvaxy_cik_nd.dat [2013.12.29 11:17:37 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2013.12.29 11:17:37 | 000,204,952 | ---- | C] () -- C:\Windows\SysNative\ativvsvl.dat [2013.12.29 11:17:37 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2013.12.29 11:17:37 | 000,157,144 | ---- | C] () -- C:\Windows\SysNative\ativvsva.dat [2013.12.29 11:17:37 | 000,083,552 | ---- | C] () -- C:\Windows\SysNative\ativce02.dat [2013.12.29 11:17:36 | 003,426,688 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap [2013.12.29 11:17:36 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2013.12.29 11:17:36 | 000,003,917 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat [2013.12.29 11:17:35 | 000,721,296 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat [2013.12.29 11:17:35 | 000,047,887 | ---- | C] () -- C:\Windows\atiogl.xml [2013.12.29 11:17:34 | 001,061,902 | ---- | C] () -- C:\Windows\SysNative\amdocl_ld64.exe [2013.12.29 11:17:34 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe [2013.12.29 11:17:34 | 000,550,456 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb [2013.12.29 11:17:34 | 000,550,456 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb [2013.12.29 11:17:33 | 001,187,342 | ---- | C] () -- C:\Windows\SysNative\amdocl_as64.exe [2013.12.29 11:17:33 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe [2013.12.06 16:44:26 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.10.10 02:11:05 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.10.10 02:11:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2014.01.02 23:11:14 | 000,000,000 | ---D | M] -- C:\Users\Raubtier\AppData\Roaming\2K Sports [2013.12.29 15:54:54 | 000,000,000 | ---D | M] -- C:\Users\Raubtier\AppData\Roaming\DAEMON Tools Lite [2013.12.29 12:36:19 | 000,000,000 | ---D | M] -- C:\Users\Raubtier\AppData\Roaming\Origin [2014.01.01 22:31:00 | 000,000,000 | ---D | M] -- C:\Users\Raubtier\AppData\Roaming\TS3Client [2014.01.10 01:01:08 | 000,000,000 | ---D | M] -- C:\Users\Raubtier\AppData\Roaming\Usenet.nl ========== Purity Check ========== < End of report > |
|
11.01.2014, 17:26
| #4 |
| | Windows 7 Bootmanager verändert, Prozessorkerne werden abgezweigt, Rootkit, Bootmanagertool?Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2014-01-11 13:32:17
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EARS-67Y5B1 rev.80.00A80 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Raubtier\AppData\Local\Temp\fxddikog.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 000000014a540460
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 000000014a540450
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 000000014a540370
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 000000014a540470
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 000000014a5403e0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 000000014a540320
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 000000014a5403b0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 000000014a540390
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 000000014a5402e0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 000000014a5402d0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 000000014a540310
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 000000014a5403c0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 000000014a5403f0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 000000014a540230
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 000000014a540480
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 000000014a5403a0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 000000014a5402f0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 000000014a540350
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 000000014a540290
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 000000014a5402b0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 000000014a5403d0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 000000014a540330
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 000000014a540410
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 000000014a540240
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 000000014a5401e0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 000000014a540250
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 000000014a540490
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 000000014a5404a0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 000000014a540300
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 000000014a540360
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 000000014a5402a0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 000000014a5402c0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 000000014a540380
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 000000014a540340
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 000000014a540440
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 000000014a540260
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 000000014a540270
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 000000014a540400
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 000000014a5401f0
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 000000014a540210
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 000000014a540200
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 000000014a540420
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 000000014a540430
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 000000014a540220
.text C:\Windows\system32\csrss.exe[556] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 000000014a540280
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220
.text C:\Windows\system32\wininit.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280
.text C:\Windows\system32\wininit.exe[628] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62]
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 000000014a540460
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 000000014a540450
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 000000014a540370
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 000000014a540470
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 000000014a5403e0
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 000000014a540320
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 000000014a5403b0
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 000000014a540390
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 000000014a5402e0
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 000000014a5402d0
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 000000014a540310
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 000000014a5403c0
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 000000014a5403f0
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 000000014a540230
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 000000014a540480
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 000000014a5403a0
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 000000014a5402f0
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 000000014a540350
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 000000014a540290
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 000000014a5402b0
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 000000014a5403d0
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 000000014a540330
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 000000014a540410
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 000000014a540240
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 000000014a5401e0
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 000000014a540250
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 000000014a540490
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 000000014a5404a0
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 000000014a540300
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 000000014a540360
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 000000014a5402a0
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 000000014a5402c0
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 000000014a540380
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 000000014a540340
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 000000014a540440
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 000000014a540260
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 000000014a540270
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 000000014a540400
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 000000014a5401f0
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 000000014a540210
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 000000014a540200
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 000000014a540420
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 000000014a540430
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 000000014a540220
.text C:\Windows\system32\csrss.exe[648] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 000000014a540280
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220
.text C:\Windows\system32\services.exe[684] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280
.text C:\Windows\system32\services.exe[684] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62]
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220
.text C:\Windows\system32\lsass.exe[700] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000100070480
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\lsm.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000100070280
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280
.text C:\Windows\system32\winlogon.exe[772] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220
.text C:\Windows\system32\svchost.exe[868] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280
.text C:\Windows\system32\svchost.exe[868] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220
.text C:\Windows\system32\svchost.exe[968] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[124] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62]
.text C:\Windows\system32\atiesrxx.exe[388] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220
.text C:\Windows\System32\svchost.exe[376] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280
.text C:\Windows\System32\svchost.exe[376] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000100070460
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000100070450
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000100070370
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000100070470
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 00000001000703e0
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000100070320
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 00000001000703b0
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000100070390
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 00000001000702e0
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 00000001000702d0
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000100070310
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 00000001000703c0
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 00000001000703f0
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000100070230
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000100070480
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 00000001000703a0
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 00000001000702f0
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000100070350
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000100070290
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 00000001000702b0
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 00000001000703d0
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000100070330
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000100070410
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000100070240
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 00000001000701e0
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000100070250
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000100070490
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 00000001000704a0
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000100070300
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000100070360
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 00000001000702a0
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 00000001000702c0
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000100070380
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000100070340
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000100070440
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000100070260
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000100070270
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000100070400
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 00000001000701f0
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000100070210
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000100070200
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000100070420
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000100070430
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000100070220
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000100070280
.text C:\Windows\System32\svchost.exe[1072] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0
.text
|
|
11.01.2014, 17:29
| #5 |
| | Windows 7 Bootmanager verändert, Prozessorkerne werden abgezweigt, Rootkit, Bootmanagertool?Code:
ATTFilter C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280
.text C:\Windows\system32\svchost.exe[1148] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62]
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000100040460
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000100040450
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000100040370
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000100040470
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 00000001000403e0
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000100040320
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 00000001000403b0
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000100040390
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 00000001000402e0
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 00000001000402d0
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000100040310
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 00000001000403c0
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 00000001000403f0
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000100040230
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000100040480
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 00000001000403a0
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 00000001000402f0
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000100040350
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000100040290
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 00000001000402b0
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 00000001000403d0
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000100040330
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000100040410
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000100040240
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 00000001000401e0
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000100040250
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000100040490
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 00000001000404a0
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000100040300
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000100040360
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 00000001000402a0
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 00000001000402c0
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000100040380
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000100040340
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000100040440
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000100040260
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000100040270
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000100040400
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 00000001000401f0
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000100040210
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000100040200
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000100040420
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000100040430
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000100040220
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000100040280
.text C:\Windows\system32\AUDIODG.EXE[1208] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62]
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220
.text C:\Windows\system32\atieclxx.exe[1332] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280
.text C:\Windows\system32\svchost.exe[1388] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280
.text C:\Windows\System32\spoolsv.exe[1744] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280
.text C:\Windows\system32\svchost.exe[1776] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62]
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280
.text C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe[1872] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075dca2ba 1 byte [62]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 00000000747d1a22 2 bytes [7D, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 00000000747d1ad0 2 bytes [7D, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 00000000747d1b08 2 bytes [7D, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 00000000747d1bba 2 bytes [7D, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 00000000747d1bda 2 bytes [7D, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 18 0000000074aa1402 1 byte [74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 18 0000000074aa141a 1 byte [74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 18 0000000074aa1432 1 byte [74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 43 0000000074aa144b 1 byte [74]
.text ... * 9
.text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 18 0000000074aa14de 1 byte [74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 18 0000000074aa14f6 1 byte [74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 18 0000000074aa150e 1 byte [74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 18 0000000074aa1526 1 byte [74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 18 0000000074aa153e 1 byte [74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 18 0000000074aa1556 1 byte [74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 18 0000000074aa156e 1 byte [74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 18 0000000074aa1586 1 byte [74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 18 0000000074aa159e 1 byte [74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 18 0000000074aa15b6 1 byte [74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 18 0000000074aa15ce 1 byte [74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 21 0000000074aa16b3 1 byte [74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 32 0000000074aa16be 1 byte [74]
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220
.text C:\Windows\system32\taskhost.exe[2288] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220
.text C:\Windows\system32\Dwm.exe[2404] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220
.text C:\Windows\Explorer.EXE[2476] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280
.text C:\Windows\Explorer.EXE[2476] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2748] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62]
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280
.text C:\Program Files\Microsoft Security Client\msseces.exe[3032] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62]
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[2988] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62]
.text C:\Programme\Razer\Naga\RazerNagaSysTray.exe[3116] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075dca2ba 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3124] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075dca2ba 1 byte [62]
.text C:\ProgrammeVirtualCloneDrive\VCDDaemon.exe[3144] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075dca2ba 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000076da1360 5 bytes JMP 0000000076f00460
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000076da13b0 5 bytes JMP 0000000076f00450
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076da1510 5 bytes JMP 0000000076f00370
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000076da1560 5 bytes JMP 0000000076f00470
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da1570 5 bytes JMP 0000000076f003e0
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da1620 5 bytes JMP 0000000076f00320
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076da1650 5 bytes JMP 0000000076f003b0
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076da1670 5 bytes JMP 0000000076f00390
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000076da16b0 5 bytes JMP 0000000076f002e0
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da1730 5 bytes JMP 0000000076f002d0
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da1750 5 bytes JMP 0000000076f00310
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da1790 5 bytes JMP 0000000076f003c0
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da17e0 5 bytes JMP 0000000076f003f0
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000076da1940 5 bytes JMP 0000000076f00230
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da1b00 5 bytes JMP 0000000076f00480
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000076da1b30 5 bytes JMP 0000000076f003a0
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da1c10 5 bytes JMP 0000000076f002f0
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000076da1c20 5 bytes JMP 0000000076f00350
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da1c80 5 bytes JMP 0000000076f00290
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1d10 5 bytes JMP 0000000076f002b0
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1d30 5 bytes JMP 0000000076f003d0
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000076da1d40 5 bytes JMP 0000000076f00330
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000076da1db0 5 bytes JMP 0000000076f00410
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000076da1de0 5 bytes JMP 0000000076f00240
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da20a0 5 bytes JMP 0000000076f001e0
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000076da2160 5 bytes JMP 0000000076f00250
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000076da2190 5 bytes JMP 0000000076f00490
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000076da21a0 5 bytes JMP 0000000076f004a0
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000076da21d0 5 bytes JMP 0000000076f00300
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000076da21e0 5 bytes JMP 0000000076f00360
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000076da2240 5 bytes JMP 0000000076f002a0
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000076da2290 5 bytes JMP 0000000076f002c0
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000076da22c0 5 bytes JMP 0000000076f00380
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000076da22d0 5 bytes JMP 0000000076f00340
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000076da25c0 5 bytes JMP 0000000076f00440
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000076da27c0 5 bytes JMP 0000000076f00260
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000076da27d0 5 bytes JMP 0000000076f00270
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076da27e0 5 bytes JMP 0000000076f00400
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da29a0 5 bytes JMP 0000000076f001f0
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000076da29b0 5 bytes JMP 0000000076f00210
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da2a20 5 bytes JMP 0000000076f00200
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076da2a80 5 bytes JMP 0000000076f00420
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076da2a90 5 bytes JMP 0000000076f00430
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da2aa0 5 bytes JMP 0000000076f00220
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076da2b80 5 bytes JMP 0000000076f00280
.text C:\Windows\system32\SearchIndexer.exe[3244] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076b8eecd 1 byte [62]
.text C:\Users\Raubtier\Desktop\gmer_2.1.19163.exe[2536] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075dca2ba 1 byte [62]
---- EOF - GMER 2.1 ----
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:21 on 11/01/2014 (Raubtier)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
-=E.O.F=-
LG |
|
12.01.2014, 08:39
| #6 | |
| /// the machine /// TB-Ausbilder | Windows 7 Bootmanager verändert, Prozessorkerne werden abgezweigt, Rootkit, Bootmanagertool?Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Windows 7 Bootmanager verändert, Prozessorkerne werden abgezweigt, Rootkit, Bootmanagertool? |
|
12.01.2014, 13:58
| #7 |
| | Windows 7 Bootmanager verändert, Prozessorkerne werden abgezweigt, Rootkit, Bootmanagertool? Hallo Schrauber, erstmal Danke für Deine Antwort. Ich konnte es mir ja nicht nehmen lassen, die halbe Nacht an meinem Rechner rumzuspielen. Habe Scans probiert, habe die Registry und auch mein System mal durchforstet. Ich habe mein System, also c: Ende Dezember mit win 7 neu aufgesetzt, also können dort ja auch nur Dateien mit einem Datum von frühestens 29.12.`13 glaube ich sein. Da sind aber auch ältere und merkwürdige Einträge. Als ob ich auf einem emulierten System arbeite und parrallel versteckt noch ein zweites läuft. Ich bin da nicht so versiert und das sind nur wage Vermutungen, aber ich bin doch nicht doof, irgendwas ist da doch. Hier jetzt die combofix für Dich: Code:
ATTFilter ComboFix 14-01-08.03 - Raubtier 12.01.2014 13:36:19.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.8173.6028 [GMT 1:00]
ausgeführt von:: c:\users\Raubtier\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-12-12 bis 2014-01-12 ))))))))))))))))))))))))))))))
.
.
2014-01-12 12:40 . 2014-01-12 12:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-11 23:13 . 2014-01-11 23:13 82744 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-01-11 23:13 . 2014-01-11 23:13 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-11 23:13 . 2014-01-11 23:13 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-11 23:13 . 2014-01-11 23:13 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-11 23:13 . 2014-01-11 23:13 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-11 23:13 . 2014-01-11 23:13 422216 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-11 23:13 . 2014-01-11 23:13 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-01-11 23:13 . 2014-01-11 23:13 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-11 23:13 . 2014-01-11 23:13 43152 ----a-w- c:\windows\avastSS.scr
2014-01-11 22:44 . 2014-01-11 22:44 -------- d-----w- C:\Temp
2014-01-11 17:01 . 2009-06-18 11:54 6144 ------w- c:\windows\system32\535E.tmp
2014-01-11 12:22 . 2014-01-11 12:22 -------- d-----w- C:\FRST
2014-01-11 11:47 . 2014-01-11 11:47 -------- d-----w- c:\program files (x86)\Sophos
2014-01-11 01:07 . 2014-01-11 01:07 -------- d-----w- c:\program files\AVAST Software
2014-01-11 01:07 . 2014-01-11 01:07 -------- d-----w- c:\programdata\AVAST Software
2014-01-10 21:13 . 2013-12-03 18:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A33A6787-DD79-4F95-875E-3F3EBB942972}\mpengine.dll
2014-01-10 21:01 . 2013-12-03 18:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-07 11:56 . 2014-01-07 11:56 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2014-01-07 11:55 . 2014-01-07 11:55 -------- d-----w- c:\windows\PCHEALTH
2014-01-07 11:55 . 2014-01-10 21:00 -------- d-----w- c:\program files (x86)\Windows Live
2014-01-07 11:51 . 2014-01-07 11:51 -------- d-----w- c:\programdata\Microsoft SkyDrive
2014-01-07 11:50 . 2014-01-07 11:50 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2014-01-06 23:57 . 2014-01-06 23:57 -------- d-----w- c:\program files\Usenet.nl
2014-01-03 20:18 . 2014-01-03 20:18 -------- d-----w- c:\programdata\Malwarebytes
2014-01-03 20:18 . 2014-01-11 20:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-01-03 20:18 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-01 21:35 . 2014-01-01 21:35 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2014-01-01 20:17 . 2014-01-01 20:17 -------- d-----r- c:\program files (x86)\Skype
2014-01-01 20:17 . 2014-01-01 20:17 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-01-01 20:17 . 2014-01-01 20:18 -------- d-----w- c:\programdata\Skype
2013-12-30 18:28 . 2014-01-07 11:49 -------- d-----w- c:\program files\HDDGURU LLF Tool
2013-12-30 11:34 . 2013-12-30 11:35 -------- d-----w- c:\program files\Data Lifeguard Diagnostic for Windows
2013-12-30 05:35 . 2013-11-26 09:41 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-12-30 05:28 . 2012-08-07 07:09 88832 ----a-w- c:\windows\system32\drivers\EtronXHCI.sys
2013-12-30 05:28 . 2012-08-07 07:09 65152 ----a-w- c:\windows\system32\drivers\EtronHub3.sys
2013-12-30 05:28 . 2013-12-30 05:28 -------- d-----w- c:\program files (x86)\Etron Technology
2013-12-30 05:20 . 2013-12-30 05:20 -------- d-----w- c:\windows\Migration
2013-12-30 05:19 . 2013-10-14 17:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-12-30 05:02 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2013-12-30 04:53 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx
2013-12-30 04:53 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
2013-12-30 04:53 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll
2013-12-30 04:53 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
2013-12-30 04:53 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe
2013-12-30 04:53 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe
2013-12-30 04:53 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe
2013-12-30 04:53 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe
2013-12-30 04:53 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-12-30 04:53 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-12-30 04:53 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-12-30 04:53 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-12-30 04:53 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-12-30 04:49 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2013-12-30 04:49 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2013-12-30 04:49 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2013-12-30 04:49 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2013-12-30 04:49 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2013-12-30 04:49 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2013-12-30 04:49 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2013-12-30 04:49 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2013-12-30 04:49 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2013-12-29 21:28 . 2013-12-30 05:40 -------- d-----w- c:\program files\Microsoft Silverlight
2013-12-29 21:28 . 2013-12-30 05:40 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-12-29 21:25 . 2013-12-30 04:56 -------- d-----w- c:\windows\system32\MRT
2013-12-29 19:26 . 2014-01-07 11:48 -------- d-----w- c:\program files\CheckDrive
2013-12-29 15:14 . 2013-12-29 15:14 -------- d-----w- c:\programdata\Steam
2013-12-29 15:04 . 2013-12-29 15:04 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2013-12-29 15:04 . 2014-01-01 11:27 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2013-12-29 15:04 . 2014-01-01 21:17 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-12-29 15:04 . 2014-01-01 21:02 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-12-29 15:04 . 2013-12-29 15:04 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-12-29 14:29 . 2013-12-29 14:29 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-12-29 14:29 . 2013-12-29 14:29 -------- d-----w- c:\program files\DAEMON Tools Lite
2013-12-29 14:28 . 2013-12-29 14:54 -------- d-----w- c:\programdata\DAEMON Tools Lite
2013-12-29 12:09 . 2013-12-29 12:09 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-29 12:09 . 2013-12-29 12:09 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-29 12:09 . 2013-12-29 12:09 -------- d-----w- c:\windows\SysWow64\Macromed
2013-12-29 12:09 . 2013-12-29 12:09 -------- d-----w- c:\programdata\Yahoo!
2013-12-29 12:09 . 2013-12-29 12:09 -------- d-----w- c:\program files\Messenger
2013-12-29 12:07 . 2013-12-29 12:09 -------- d-----w- c:\program files (x86)\Yahoo!
2013-12-29 12:05 . 2013-12-30 04:35 -------- d-----w- c:\programdata\Razer
2013-12-29 12:02 . 2013-12-29 12:05 -------- d-----w- c:\program files (x86)\Razer
2013-12-29 12:02 . 2013-12-29 12:02 -------- d-----w- c:\program files\Razer
2013-12-29 11:57 . 2013-12-29 11:57 -------- d-----w- c:\program files\TeamSpeak 3 Client
2013-12-29 11:49 . 2013-12-29 11:51 -------- d-----w- c:\program files (x86)\Google
2013-12-29 11:30 . 2013-12-29 11:30 -------- d-----w- c:\programdata\ATI
2013-12-29 11:29 . 2013-12-29 11:29 0 ----a-w- c:\windows\ativpsrm.bin
2013-12-29 11:21 . 2014-01-10 21:00 -------- d-----w- c:\program files (x86)\Common Files\Steam
2013-12-29 11:21 . 2014-01-10 21:00 -------- d-----w- c:\program files\Steam
2013-12-29 11:21 . 2013-12-30 20:30 -------- d-----w- c:\programdata\Origin
2013-12-29 11:21 . 2013-12-29 20:06 -------- d-----w- c:\programdata\Electronic Arts
2013-12-29 11:20 . 2014-01-06 17:59 -------- d-----w- c:\program files\Origin
2013-12-29 11:18 . 2013-12-29 11:18 -------- d-----w- c:\program files\VLC
2013-12-29 11:17 . 2013-12-29 11:19 -------- d-----w- c:\program files\WinRAR
2013-12-29 11:14 . 2013-12-29 11:14 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA292B97-484F-4413-933C-B43DD988705D}\gapaengine.dll
2013-12-29 11:13 . 2013-12-29 11:13 -------- d-----w- c:\program files (x86)\AMD APP
2013-12-29 11:13 . 2012-03-30 14:49 56448 ----a-w- c:\windows\system32\drivers\usbfilter.sys
2013-12-29 11:13 . 2013-12-29 11:13 -------- dc----w- c:\windows\system32\DRVSTORE
2013-12-29 11:12 . 2013-12-29 11:12 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-12-29 11:12 . 2013-12-29 11:13 -------- d-----w- c:\program files\Microsoft Security Client
2013-12-29 11:08 . 2011-09-29 09:30 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2013-12-29 11:08 . 2011-09-29 09:30 646248 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2013-12-29 11:08 . 2011-09-29 09:30 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2013-12-29 11:05 . 2013-12-29 11:05 -------- d-----w- c:\program files\Common Files\ATI Technologies
2013-12-29 11:03 . 2013-12-29 15:04 -------- d-----w- c:\programdata\Package Cache
2013-12-29 11:03 . 2013-12-29 11:03 -------- d-----w- c:\program files\ATI
2013-12-29 11:02 . 2013-12-29 11:06 -------- d-----w- c:\program files\AMD
2013-12-29 10:48 . 2013-12-29 10:48 -------- d-----w- c:\program files (x86)\Microsoft.NET
2013-12-29 10:47 . 2014-01-10 21:00 -------- d-sh--w- c:\windows\Installer
2013-12-29 10:39 . 2014-01-11 18:25 -------- d-----w- c:\windows\Panther
2013-12-29 10:39 . 2014-01-11 22:44 -------- d-----w- C:\Boot
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-06 15:49 . 2013-12-06 15:49 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2013-12-06 15:44 . 2013-12-06 15:44 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2013-11-19 10:21 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\programme\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]
"Razer Naga Driver"="c:\programme\Razer\Naga\RazerNagaSysTray.exe" [2011-11-16 953232]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-11 3764024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\programme\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\programme\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys;c:\windows\SYSNATIVE\DRIVERS\RzSynapse.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-29 11:51 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-01-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-29 12:09]
.
2014-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-29 11:49]
.
2014-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-29 11:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-11 23:13 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-01-12 13:43:12
ComboFix-quarantined-files.txt 2014-01-12 12:43
.
Vor Suchlauf: 9 Verzeichnis(se), 99.185.618.944 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 99.062.714.368 Bytes frei
.
- - End Of File - - 742D59DC396B8A00B23587C0FEAD0AB6
A36C5E4F47E84449FF07ED3517B43A31
B3AM3R |
|
13.01.2014, 10:13
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7 Bootmanager verändert, Prozessorkerne werden abgezweigt, Rootkit, Bootmanagertool? Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.01.2014, 06:07
| #9 |
| | Windows 7 Bootmanager verändert, Prozessorkerne werden abgezweigt, Rootkit, Bootmanagertool? Moin, moin, Schrauber, hier mal die logs: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.12.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Raubtier :: RAUBTIER-PC [Administrator] Schutz: Aktiviert 13.01.2014 17:44:44 mbam-log-2014-01-13 (17-44-44).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|H:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P Deaktivierte Suchlaufeinstellungen: Durchsuchte Objekte: 374013 Laufzeit: 36 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v3.017 - Bericht erstellt am 14/01/2014 um 05:18:36
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Raubtier - RAUBTIER-PC
# Gestartet von : C:\Users\Raubtier\Desktop\adwcleaner.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Google Chrome v31.0.1650.63
[ Datei : C:\Users\Raubtier\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [665 octets] - [14/01/2014 05:18:36]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [724 octets] ##########
Code:
ATTFilter # AdwCleaner v3.017 - Bericht erstellt am 14/01/2014 um 05:22:18
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Raubtier - RAUBTIER-PC
# Gestartet von : C:\Users\Raubtier\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Google Chrome v31.0.1650.63
[ Datei : C:\Users\Raubtier\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [803 octets] - [14/01/2014 05:18:36]
AdwCleaner[S0].txt - [725 octets] - [14/01/2014 05:22:18]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [784 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Ultimate x64
Ran by Raubtier on 14.01.2014 at 5:28:04,12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.01.2014 at 5:33:46,76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vielen Dank an Dich und einen schönen Tach jewünscht. LG B3AM3R |
|
14.01.2014, 15:24
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7 Bootmanager verändert, Prozessorkerne werden abgezweigt, Rootkit, Bootmanagertool? dann warte ich mal auf die Bilder 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.01.2014, 17:16
| #11 |
| | Windows 7 Bootmanager verändert, Prozessorkerne werden abgezweigt, Rootkit, Bootmanagertool? Hallo Schrauber, hier die Bilder von denen ich geschrieben habe. Warum steht bei manchen Microsoft Corporation und bei manchen nicht? Und wie geht das, das ich am 29.12.´13 mein System neu gemacht habe und ich n Update von 2010 habe. Ich hatte auch viele ältere Registry-Einträge von 2010 und 2011, sogar 2006 gefunden gehabt. CCleaner hat aber ziemlich viele davon entfernt gehabt. Auch komisch: Das Update vom 21.11.2010 erscheint nicht in meinem Updateverlauf, jedoch in der Liste der installierten Updates. Ich hoffe ich habe das mit den Bildern richtig gemacht. Lieben Gruß B3AM3R     Geändert von B3AM3R (14.01.2014 um 17:24 Uhr) |
|
14.01.2014, 21:31
| #12 |
| | Windows 7 Bootmanager verändert, Prozessorkerne werden abgezweigt, Rootkit, Bootmanagertool? Die frst Log hab ich total vergessen. Hier noch nachträglich. Sry.  FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-01-2014 02
Ran by Raubtier (administrator) on RAUBTIER-PC on 14-01-2014 21:25:55
Running from C:\Users\Raubtier\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official downoad link fo FRST:
Farbar Recovery Scan Tool Download Link Download Now 32-Bit Version
Farbar Recovery Scan Tool Download Link Download Now 32-Bit Version
Any other download link is unpermitted or outdated.
The tutorial for FRST can be find here: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Razer USA Ltd) C:\Programme\Razer\Naga\RazerNagaSysTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Programme\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Programme\AMD\ATI.ACE\Core-Static\CCC.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [StartCCC] - C:\Programme\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Razer Naga Driver] - C:\Programme\Razer\Naga\RazerNagaSysTray.exe [953232 2011-11-16] (Razer USA Ltd)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-12] (AVAST Software)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE05729FF8B04CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: "hxxp://www.google.de/"
CHR Extension: (ProxTube) - C:\Users\Raubtier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.7_0 [2014-01-03]
CHR Extension: (Google Drive) - C:\Users\Raubtier\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 [2013-12-29]
CHR Extension: (YouTube) - C:\Users\Raubtier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-12-29]
CHR Extension: (Adblock Plus) - C:\Users\Raubtier\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.2_0 [2013-12-29]
CHR Extension: (Google Search) - C:\Users\Raubtier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-12-29]
CHR Extension: (AdBlock) - C:\Users\Raubtier\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0 [2013-12-29]
CHR Extension: () - C:\Users\Raubtier\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2011.70_0 [2014-01-11]
CHR Extension: (Google Wallet) - C:\Users\Raubtier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2013-12-29]
CHR Extension: (Gmail) - C:\Users\Raubtier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 [2013-12-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-11]
==================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-12] (AVAST Software)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-29] ()
==================== Drivers (Whitelisted) ====================
R2 AODDriver4.2.0; C:\Programme\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-01-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-12] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-12] ()
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-12-29] (Disc Soft Ltd)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [126464 2011-11-15] (Razer USA Ltd)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-14 21:21 - 2014-01-14 21:21 - 02076160 _____ (Farbar) C:\Users\Raubtier\Desktop\FRST64.exe
2014-01-14 05:33 - 2014-01-14 05:33 - 00000624 _____ C:\Users\Raubtier\Desktop\JRT.txt
2014-01-14 05:28 - 2014-01-14 05:28 - 00000000 ____D C:\Windows\ERUNT
2014-01-14 05:27 - 2014-01-14 05:27 - 01037068 _____ (Thisisu) C:\Users\Raubtier\Desktop\JRT (1).exe
2014-01-14 05:17 - 2014-01-14 05:22 - 00000000 ____D C:\AdwCleaner
2014-01-14 05:15 - 2014-01-14 05:15 - 01037068 _____ (Thisisu) C:\Users\Raubtier\Desktop\JRT.exe
2014-01-14 05:14 - 2014-01-14 05:14 - 01236282 _____ C:\Users\Raubtier\Desktop\adwcleaner.exe
2014-01-13 17:38 - 2014-01-14 17:56 - 00000000 ____D C:\Users\Raubtier\Desktop\Updates
2014-01-12 20:26 - 2011-11-24 08:17 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\powrprof.dll
2014-01-12 20:26 - 2011-11-24 07:22 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powrprof.dll
2014-01-12 20:25 - 2014-01-12 20:25 - 00000000 ____D C:\Patch2
2014-01-12 20:25 - 2014-01-12 20:25 - 00000000 ____D C:\patch1
2014-01-12 20:24 - 2014-01-12 20:24 - 04693832 _____ C:\Users\Raubtier\Desktop\441065_intl_x64_zip.exe
2014-01-12 20:23 - 2014-01-12 20:24 - 00316912 _____ C:\Users\Raubtier\Desktop\441280_intl_x64_zip.exe
2014-01-12 17:03 - 2014-01-12 17:04 - 00000000 ____D C:\Users\Raubtier\Desktop\Prime95
2014-01-12 17:03 - 2014-01-12 17:03 - 04277073 _____ C:\Users\Raubtier\Desktop\p95v279.win32.zip
2014-01-12 14:25 - 2014-01-12 14:31 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-12 14:25 - 2014-01-12 14:25 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-12 14:24 - 2014-01-12 14:25 - 00000000 ____D C:\Users\Raubtier\Desktop\mbar
2014-01-12 14:24 - 2014-01-12 14:24 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Raubtier\Desktop\mbar-1.07.0.1008.exe
2014-01-12 14:17 - 2014-01-12 14:17 - 00000914 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-12 14:17 - 2014-01-12 14:17 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-12 14:17 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-12 14:13 - 2014-01-12 14:13 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Raubtier\Desktop\mbam-setup-1.75.0.1300.exe
2014-01-12 13:43 - 2014-01-12 13:43 - 00021244 _____ C:\ComboFix.txt
2014-01-12 13:35 - 2014-01-12 13:43 - 00000000 ____D C:\Qoobox
2014-01-12 13:35 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-12 13:35 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-12 13:35 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-12 13:35 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-12 13:35 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-12 13:35 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-12 13:35 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-12 13:35 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-12 13:34 - 2014-01-12 13:41 - 00000000 ____D C:\Windows\erdnt
2014-01-12 13:32 - 2014-01-12 13:32 - 05162489 ____R (Swearware) C:\Users\Raubtier\Desktop\ComboFix.exe
2014-01-12 00:13 - 2014-01-14 00:36 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-12 00:13 - 2014-01-12 14:16 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-12 00:13 - 2014-01-12 00:13 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-12 00:13 - 2014-01-12 00:13 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-12 00:13 - 2014-01-12 00:13 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-12 00:13 - 2014-01-12 00:13 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-12 00:13 - 2014-01-12 00:13 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-01-12 00:13 - 2014-01-12 00:13 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-12 00:13 - 2014-01-12 00:13 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-12 00:13 - 2014-01-12 00:13 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-12 00:13 - 2014-01-12 00:13 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-11 21:28 - 2014-01-11 21:28 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-01-11 18:34 - 2014-01-11 21:27 - 00000000 ____D C:\Users\Raubtier\Desktop\rootkit detektiv
2014-01-11 18:34 - 2014-01-11 17:56 - 01720705 _____ C:\Users\Raubtier\Desktop\McafeeRootkitDetective11.zip
2014-01-11 18:01 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\Windows\system32\535E.tmp
2014-01-11 17:59 - 2014-01-11 17:59 - 00000000 ____D C:\Users\Raubtier\Desktop\RootkitRevealer171
2014-01-11 14:00 - 2014-01-11 19:25 - 00000000 ____D C:\Windows\Minidump
2014-01-11 13:32 - 2014-01-11 13:32 - 00225630 _____ C:\Users\Raubtier\Desktop\Gmer.txt
2014-01-11 13:24 - 2014-01-14 21:26 - 00006989 _____ C:\Users\Raubtier\Desktop\FRST.txt
2014-01-11 13:22 - 2014-01-11 13:22 - 00000000 ____D C:\FRST
2014-01-11 13:21 - 2014-01-11 13:21 - 00000148 _____ C:\Users\Raubtier\defogger_reenable
2014-01-11 12:47 - 2014-01-11 12:47 - 00000000 ____D C:\Program Files (x86)\Sophos
2014-01-11 02:08 - 2014-01-11 02:08 - 00000000 ____D C:\Users\Raubtier\AppData\Roaming\AVAST Software
2014-01-11 02:07 - 2014-01-11 02:07 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-11 02:07 - 2014-01-11 02:07 - 00000000 ____D C:\Program Files\AVAST Software
2014-01-11 02:05 - 2014-01-11 02:06 - 91412976 _____ (AVAST Software) C:\Users\Raubtier\Desktop\avast_free_antivirus_setup.exe
2014-01-11 01:41 - 2014-01-11 01:41 - 04745728 _____ (AVAST Software) C:\Users\Raubtier\Desktop\aswMBR.exe
2014-01-11 01:28 - 2014-01-11 19:37 - 00050568 _____ C:\Users\Raubtier\Desktop\Extras.Txt
2014-01-11 01:27 - 2014-01-11 19:37 - 00217022 _____ C:\Users\Raubtier\Desktop\OTL.Txt
2014-01-11 01:23 - 2014-01-11 01:23 - 00602112 _____ (OldTimer Tools) C:\Users\Raubtier\Desktop\OTL.exe
2014-01-10 22:04 - 2014-01-10 22:04 - 00791552 _____ (AMD) C:\Users\Raubtier\Desktop\amddriverdownloader.exe
2014-01-10 21:40 - 2014-01-10 22:00 - 00000000 ____D C:\Users\Raubtier\Desktop\cpu-z-168
2014-01-10 21:38 - 2014-01-10 21:38 - 01994222 _____ C:\Users\Raubtier\Desktop\cpu-z-168.zip
2014-01-10 21:16 - 2014-01-10 21:16 - 00000010 _____ C:\csb.log
2014-01-07 20:43 - 2014-01-08 20:14 - 00000000 ____D C:\Users\Raubtier\Tracing
2014-01-07 12:56 - 2014-01-07 12:56 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-01-07 12:55 - 2014-01-10 22:00 - 00000000 ____D C:\Program Files (x86)\Windows Live
2014-01-07 12:55 - 2014-01-07 12:55 - 00000000 ____D C:\Windows\PCHEALTH
2014-01-07 12:51 - 2014-01-07 12:51 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2014-01-07 12:50 - 2014-01-08 00:21 - 00000000 ____D C:\Users\Raubtier\AppData\Local\Windows Live
2014-01-07 12:50 - 2014-01-07 12:50 - 01245168 _____ (Microsoft Corporation) C:\Users\Raubtier\Desktop\wlsetup-web.exe
2014-01-07 00:57 - 2014-01-10 01:01 - 00000000 ____D C:\Users\Raubtier\AppData\Roaming\Usenet.nl
2014-01-07 00:57 - 2014-01-10 00:55 - 00000000 ____D C:\Users\Raubtier\Documents\Usenet.nl
2014-01-07 00:57 - 2014-01-07 00:57 - 07457256 _____ ( ) C:\Users\Raubtier\Desktop\UsenetNLSetup.exe
2014-01-07 00:57 - 2014-01-07 00:57 - 00001682 _____ C:\Users\Raubtier\Desktop\Usenet.nl.lnk
2014-01-07 00:57 - 2014-01-07 00:57 - 00000000 ____D C:\Program Files\Usenet.nl
2014-01-03 21:18 - 2014-01-03 21:18 - 00000000 ____D C:\Users\Raubtier\AppData\Roaming\Malwarebytes
2014-01-03 21:18 - 2014-01-03 21:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-02 23:15 - 2014-01-02 23:15 - 00000000 ____D C:\Users\Raubtier\Documents\WB Games
2014-01-02 23:11 - 2014-01-02 23:11 - 00001520 _____ C:\Users\Raubtier\Desktop\TheBureau.lnk
2014-01-02 23:11 - 2014-01-02 23:11 - 00000000 ____D C:\Users\Raubtier\AppData\Roaming\2K Sports
2014-01-02 23:10 - 2014-01-02 23:10 - 00001045 _____ C:\Users\Raubtier\Desktop\nba2k14.lnk
2014-01-02 23:09 - 2014-01-02 23:09 - 00001669 _____ C:\Users\Raubtier\Desktop\BatmanOrigins.lnk
2014-01-02 00:30 - 2014-01-07 00:39 - 00000000 ____D C:\Users\Raubtier\AppData\Local\Microsoft Games
2014-01-01 22:35 - 2014-01-01 22:35 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2014-01-01 22:35 - 2014-01-01 22:35 - 00000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories
2014-01-01 21:18 - 2014-01-10 22:00 - 00000000 ____D C:\Users\Raubtier\AppData\Roaming\Skype
2014-01-01 21:17 - 2014-01-01 21:18 - 00000000 ____D C:\ProgramData\Skype
2014-01-01 21:17 - 2014-01-01 21:17 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2014-01-01 21:17 - 2014-01-01 21:17 - 00000000 ___RD C:\Program Files (x86)\Skype
2014-01-01 20:53 - 2014-01-01 22:52 - 00000000 ____D C:\Users\Raubtier\AppData\Local\ESN Sonar
2014-01-01 03:02 - 2014-01-01 03:02 - 00000857 _____ C:\Users\Raubtier\Desktop\Yahoo! Messenger.lnk
2013-12-31 01:25 - 2014-01-07 01:48 - 00000000 ____D C:\Users\Raubtier\AppData\Roaming\vlc
2013-12-31 01:07 - 2013-12-31 01:07 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-12-30 23:09 - 2014-01-14 21:19 - 00007607 _____ C:\Users\Raubtier\AppData\Local\Resmon.ResmonCfg
2013-12-30 22:20 - 2014-01-11 21:27 - 00000000 ____D C:\Windows\pss
2013-12-30 20:47 - 2014-01-14 21:19 - 00000000 ____D C:\Users\Raubtier\AppData\Roaming\TS3Client
2013-12-30 19:29 - 2013-12-30 19:29 - 00000001 _____ C:\Users\Raubtier\AppData\Local\llftool.4.30.agreement
2013-12-30 19:28 - 2014-01-07 12:49 - 00000000 ____D C:\Program Files\HDDGURU LLF Tool
2013-12-30 12:34 - 2013-12-30 12:35 - 00000000 ____D C:\Program Files\Data Lifeguard Diagnostic for Windows
2013-12-30 11:02 - 2014-01-07 12:48 - 00000000 ____D C:\Windows\System32\Tasks\Abelssoft
2013-12-30 06:36 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-30 06:36 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-30 06:36 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-30 06:36 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-30 06:36 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-30 06:36 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-30 06:36 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-30 06:36 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-30 06:36 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-30 06:36 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-30 06:36 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-30 06:36 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-30 06:36 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-30 06:36 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-30 06:36 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-30 06:36 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-30 06:36 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-30 06:36 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-30 06:35 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-30 06:35 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-30 06:35 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-30 06:35 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-30 06:35 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-30 06:35 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-30 06:35 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-30 06:35 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-30 06:35 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-30 06:35 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-30 06:35 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-30 06:35 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-30 06:35 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-30 06:28 - 2013-12-30 06:28 - 00000000 ____D C:\Program Files (x86)\Etron Technology
2013-12-30 06:28 - 2012-08-07 08:09 - 00088832 _____ (Etron Technology Inc) C:\Windows\system32\Drivers\EtronXHCI.sys
2013-12-30 06:28 - 2012-08-07 08:09 - 00065152 _____ (Etron Technology Inc) C:\Windows\system32\Drivers\EtronHub3.sys
2013-12-30 06:19 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-30 06:15 - 2013-12-30 06:15 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-30 06:15 - 2013-12-30 06:15 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-30 06:15 - 2013-12-30 06:15 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-30 06:15 - 2013-12-30 06:15 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-30 06:15 - 2013-12-30 06:15 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-30 06:15 - 2013-12-30 06:15 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-30 06:15 - 2013-12-30 06:15 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-30 06:15 - 2013-12-30 06:15 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-30 06:15 - 2013-12-30 06:15 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-30 06:15 - 2013-12-30 06:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-30 06:15 - 2013-12-30 06:15 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-30 06:15 - 2013-12-30 06:15 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-30 06:15 - 2013-12-30 06:15 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-30 06:15 - 2013-12-30 06:15 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-30 06:15 - 2013-12-30 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-30 06:15 - 2013-12-30 06:15 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-30 06:15 - 2013-12-30 06:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-30 06:15 - 2013-12-30 06:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-30 06:15 - 2013-12-30 06:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-30 06:15 - 2013-12-30 06:15 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-30 06:02 - 2010-02-23 09:16 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2013-12-30 05:57 - 2013-12-30 06:19 - 00015952 _____ C:\Windows\IE11_main.log
2013-12-30 05:56 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-30 05:56 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-30 05:56 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-30 05:56 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-30 05:56 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-30 05:56 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-12-30 05:56 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-12-30 05:56 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-30 05:56 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-30 05:56 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-12-30 05:56 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-12-30 05:56 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-12-30 05:56 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-12-30 05:56 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-12-30 05:56 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-12-30 05:56 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-12-30 05:56 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-12-30 05:56 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-12-30 05:56 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-12-30 05:56 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-12-30 05:56 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-12-30 05:56 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-12-30 05:56 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-12-30 05:56 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-12-30 05:56 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-12-30 05:56 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-12-30 05:56 - 2011-04-09 07:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2013-12-30 05:56 - 2011-04-09 06:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2013-12-30 05:54 - 2013-12-01 14:42 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-30 05:53 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-30 05:53 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-30 05:53 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-12-30 05:53 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-12-30 05:53 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-12-30 05:53 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-30 05:53 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-12-30 05:53 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-30 05:53 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-12-30 05:53 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-30 05:53 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-30 05:53 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-30 05:53 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-30 05:49 - 2012-06-02 23:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-12-30 05:49 - 2012-06-02 23:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-12-30 05:49 - 2012-06-02 23:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-12-30 05:49 - 2012-06-02 23:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-12-30 05:49 - 2012-06-02 23:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-12-30 05:49 - 2012-06-02 23:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-12-30 05:49 - 2012-06-02 23:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-12-30 05:49 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-12-30 05:49 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-12-29 23:36 - 2013-12-29 23:37 - 00000000 ____D C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige
2013-12-29 22:42 - 2014-01-11 19:25 - 00000000 ___DC C:\Users\Raubtier\AppData\Local\MigWiz
2013-12-29 22:28 - 2013-12-30 06:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-29 22:28 - 2013-12-30 06:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-12-29 22:25 - 2013-12-30 05:56 - 00000000 ____D C:\Windows\system32\MRT
2013-12-29 22:05 - 2013-12-29 22:05 - 00000000 ____D C:\Users\Raubtier\AppData\Roaming\WinRAR
2013-12-29 21:28 - 2013-12-29 21:28 - 00000000 ____D C:\Users\Raubtier\AppData\Local\PunkBuster
2013-12-29 21:06 - 2013-12-29 21:06 - 00000000 ____D C:\Users\Raubtier\Documents\Battlefield 4
2013-12-29 20:34 - 2013-12-29 20:34 - 00000000 ____D C:\Users\Raubtier\AppData\Local\Razer
2013-12-29 20:26 - 2014-01-07 12:48 - 00000000 ____D C:\Program Files\CheckDrive
2013-12-29 20:26 - 2013-12-30 11:02 - 00000000 ____D C:\Users\Raubtier\AppData\Local\Abelssoft
2013-12-29 20:15 - 2013-12-29 20:15 - 00000000 ____D C:\Users\Raubtier\AppData\Local\ESN
2013-12-29 16:14 - 2013-12-29 16:14 - 00000000 ____D C:\ProgramData\Steam
2013-12-29 16:04 - 2014-01-01 22:17 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-12-29 16:04 - 2014-01-01 22:02 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-12-29 16:04 - 2014-01-01 12:27 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-12-29 16:04 - 2013-12-29 16:04 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-12-29 16:02 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-12-29 16:02 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-12-29 16:02 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-12-29 16:02 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2013-12-29 16:02 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-12-29 16:02 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-12-29 16:02 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2013-12-29 16:02 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2013-12-29 16:02 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-12-29 16:02 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2013-12-29 16:02 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2013-12-29 16:02 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-12-29 16:02 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2013-12-29 16:02 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-12-29 16:02 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-12-29 16:02 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-12-29 16:02 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2013-12-29 16:02 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-12-29 16:02 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-12-29 16:02 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2013-12-29 16:02 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2013-12-29 16:02 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-12-29 16:02 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2013-12-29 16:02 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-12-29 16:02 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2013-12-29 16:02 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2013-12-29 16:02 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2013-12-29 16:02 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2013-12-29 16:02 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2013-12-29 16:02 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2013-12-29 16:02 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2013-12-29 16:02 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2013-12-29 16:02 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2013-12-29 16:02 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2013-12-29 16:02 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-12-29 16:02 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-12-29 16:02 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2013-12-29 16:02 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2013-12-29 16:02 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2013-12-29 16:02 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2013-12-29 16:02 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2013-12-29 16:02 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2013-12-29 16:02 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2013-12-29 16:02 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2013-12-29 16:02 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2013-12-29 16:02 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2013-12-29 16:02 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2013-12-29 16:02 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2013-12-29 16:02 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2013-12-29 16:02 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2013-12-29 16:02 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2013-12-29 16:02 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2013-12-29 16:02 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2013-12-29 16:02 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2013-12-29 16:02 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2013-12-29 16:02 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2013-12-29 16:02 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2013-12-29 16:02 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-12-29 16:02 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2013-12-29 16:02 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-12-29 16:02 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2013-12-29 16:02 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2013-12-29 16:02 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2013-12-29 16:02 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2013-12-29 16:02 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2013-12-29 16:02 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2013-12-29 16:02 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2013-12-29 16:02 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2013-12-29 16:02 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2013-12-29 16:02 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-12-29 16:02 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2013-12-29 16:02 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-12-29 16:02 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-12-29 16:02 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2013-12-29 16:02 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-12-29 16:02 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2013-12-29 16:02 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-12-29 16:02 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2013-12-29 16:02 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2013-12-29 16:02 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2013-12-29 16:02 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2013-12-29 16:02 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2013-12-29 16:02 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2013-12-29 16:02 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2013-12-29 16:02 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2013-12-29 16:02 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2013-12-29 16:02 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2013-12-29 16:02 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2013-12-29 16:02 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2013-12-29 16:02 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2013-12-29 16:02 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2013-12-29 16:02 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2013-12-29 16:02 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2013-12-29 16:02 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2013-12-29 16:02 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2013-12-29 16:02 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2013-12-29 16:02 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2013-12-29 16:02 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2013-12-29 16:02 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2013-12-29 16:02 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2013-12-29 16:02 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2013-12-29 16:02 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2013-12-29 16:02 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2013-12-29 16:02 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2013-12-29 16:02 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2013-12-29 16:02 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2013-12-29 16:02 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2013-12-29 16:02 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2013-12-29 16:02 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2013-12-29 16:02 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2013-12-29 16:02 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2013-12-29 16:02 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2013-12-29 16:02 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2013-12-29 16:02 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2013-12-29 16:02 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2013-12-29 16:02 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2013-12-29 16:02 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2013-12-29 16:02 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2013-12-29 16:02 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2013-12-29 16:02 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2013-12-29 16:02 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2013-12-29 16:02 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2013-12-29 16:02 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2013-12-29 16:02 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2013-12-29 16:02 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2013-12-29 16:02 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2013-12-29 16:02 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2013-12-29 16:02 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2013-12-29 16:02 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2013-12-29 16:02 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2013-12-29 16:02 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2013-12-29 16:02 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2013-12-29 16:02 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2013-12-29 16:02 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2013-12-29 16:02 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2013-12-29 16:02 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2013-12-29 16:02 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2013-12-29 16:02 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2013-12-29 16:02 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2013-12-29 16:02 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2013-12-29 16:02 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2013-12-29 16:02 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2013-12-29 16:02 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2013-12-29 16:02 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2013-12-29 16:02 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2013-12-29 16:02 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2013-12-29 16:02 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2013-12-29 16:02 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2013-12-29 16:02 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2013-12-29 16:02 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2013-12-29 16:02 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2013-12-29 16:02 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2013-12-29 16:02 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2013-12-29 16:02 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2013-12-29 16:02 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2013-12-29 16:02 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2013-12-29 16:02 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2013-12-29 16:02 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2013-12-29 16:01 - 2014-01-02 23:02 - 00074987 _____ C:\Windows\DirectX.log
2013-12-29 16:01 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2013-12-29 16:01 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2013-12-29 16:01 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2013-12-29 16:01 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2013-12-29 16:01 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2013-12-29 16:01 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2013-12-29 16:01 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2013-12-29 16:01 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2013-12-29 16:01 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2013-12-29 16:01 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2013-12-29 16:01 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2013-12-29 16:01 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2013-12-29 16:01 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2013-12-29 16:01 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2013-12-29 16:01 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2013-12-29 16:01 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2013-12-29 16:01 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2013-12-29 16:01 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2013-12-29 16:01 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2013-12-29 16:01 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2013-12-29 16:01 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2013-12-29 16:01 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2013-12-29 16:01 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2013-12-29 16:01 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2013-12-29 15:29 - 2014-01-11 21:27 - 00000000 ____D C:\Users\Raubtier\AppData\Roaming\DAEMON Tools Lite
2013-12-29 15:29 - 2013-12-29 15:29 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-12-29 15:29 - 2013-12-29 15:29 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2013-12-29 15:28 - 2013-12-29 15:54 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-12-29 13:11 - 2013-12-29 13:11 - 00000000 ____D C:\Users\Raubtier\AppData\Roaming\Yahoo!
2013-12-29 13:10 - 2013-12-29 13:10 - 00000000 ____D C:\Users\Raubtier\AppData\Roaming\Macromedia
2013-12-29 13:09 - 2014-01-14 20:52 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-29 13:09 - 2013-12-29 13:09 - 00419488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-29 13:09 - 2013-12-29 13:09 - 00070304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-29 13:09 - 2013-12-29 13:09 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-29 13:09 - 2013-12-29 13:09 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-12-29 13:09 - 2013-12-29 13:09 - 00000000 ____D C:\ProgramData\Yahoo!
2013-12-29 13:09 - 2013-12-29 13:09 - 00000000 ____D C:\Program Files\Messenger
2013-12-29 13:07 - 2013-12-29 13:09 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-12-29 13:07 - 2013-12-29 13:07 - 00444024 _____ (Yahoo! Inc.) C:\Users\Raubtier\Downloads\msgr11de.exe
2013-12-29 13:05 - 2013-12-30 05:35 - 00000000 ____D C:\ProgramData\Razer
2013-12-29 13:04 - 2013-12-29 13:05 - 13163200 _____ (Razer Inc.) C:\Users\Raubtier\Downloads\Razer_Synapse_Framework_V1.16.06.exe
2013-12-29 13:03 - 2013-12-29 13:03 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_RzSynapse_01007.Wdf
2013-12-29 13:02 - 2013-12-29 13:05 - 00000000 ____D C:\Program Files (x86)\Razer
2013-12-29 13:02 - 2013-12-29 13:03 - 00007312 _____ C:\Windows\DPINST.LOG
2013-12-29 13:02 - 2013-12-29 13:02 - 00000000 ____D C:\Program Files\Razer
2013-12-29 12:59 - 2013-12-29 13:00 - 40394840 _____ (Razer USA Ltd. ) C:\Users\Raubtier\Downloads\Razer_NagaEpic_Driver_v3.03.exe
2013-12-29 12:57 - 2013-12-29 12:57 - 00000909 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2013-12-29 12:57 - 2013-12-29 12:57 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-12-29 12:55 - 2013-12-29 12:56 - 32520760 _____ (TeamSpeak Systems GmbH) C:\Users\Raubtier\Downloads\TeamSpeak3-Client-win64-3.0.13.1.exe
2013-12-29 12:49 - 2014-01-14 21:21 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-29 12:49 - 2014-01-14 20:42 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-29 12:49 - 2013-12-29 13:16 - 00004110 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-29 12:49 - 2013-12-29 13:16 - 00003858 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-29 12:49 - 2013-12-29 12:51 - 00000000 ____D C:\Users\Raubtier\AppData\Local\Google
2013-12-29 12:49 - 2013-12-29 12:51 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-29 12:49 - 2013-12-29 12:49 - 00000000 ____D C:\Users\Raubtier\AppData\Local\Deployment
2013-12-29 12:49 - 2013-12-29 12:49 - 00000000 ____D C:\Users\Raubtier\AppData\Local\Apps\2.0
2013-12-29 12:30 - 2013-12-29 12:30 - 00000000 ____D C:\Users\Raubtier\AppData\Roaming\ATI
2013-12-29 12:30 - 2013-12-29 12:30 - 00000000 ____D C:\Users\Raubtier\AppData\Local\ATI
2013-12-29 12:30 - 2013-12-29 12:30 - 00000000 ____D C:\Users\Raubtier\AppData\Local\AMD
2013-12-29 12:30 - 2013-12-29 12:30 - 00000000 ____D C:\ProgramData\ATI
2013-12-29 12:29 - 2013-12-29 12:29 - 00000000 _____ C:\Windows\ativpsrm.bin
2013-12-29 12:23 - 2013-02-04 22:46 - 02738264 _____ (Sysinternals - www.sysinternals.com) C:\Users\Raubtier\Desktop\Process Explorer.exe
2013-12-29 12:22 - 2013-12-29 21:06 - 00000000 ____D C:\Users\Raubtier\AppData\Local\Origin
2013-12-29 12:22 - 2013-12-29 12:36 - 00000000 ____D C:\Users\Raubtier\AppData\Roaming\Origin
2013-12-29 12:21 - 2014-01-12 17:03 - 00000000 ____D C:\ProgramData\Origin
2013-12-29 12:21 - 2014-01-10 22:00 - 00000000 ____D C:\Program Files\Steam
2013-12-29 12:21 - 2013-12-29 21:06 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-12-29 12:20 - 2014-01-14 20:46 - 00000000 ____D C:\Program Files\Origin
2013-12-29 12:19 - 2013-12-30 05:43 - 00000000 ____D C:\Users\Raubtier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-12-29 12:18 - 2014-01-11 23:12 - 00000000 ____D C:\ProgrammeVirtualCloneDrive
2013-12-29 12:18 - 2013-12-29 12:18 - 00000000 ____D C:\Program Files\VLC
2013-12-29 12:17 - 2013-12-29 12:19 - 00000000 ____D C:\Program Files\WinRAR
2013-12-29 12:13 - 2014-01-13 17:27 - 00001912 _____ C:\Windows\epplauncher.mif
2013-12-29 12:13 - 2013-12-30 05:46 - 00059296 _____ C:\Users\Raubtier\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-29 12:13 - 2013-12-29 12:13 - 00000000 ____D C:\Program Files (x86)\AMD APP
2013-12-29 12:13 - 2012-03-30 15:49 - 00056448 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
2013-12-29 12:08 - 2011-09-29 10:30 - 00646248 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2013-12-29 12:08 - 2011-09-29 10:30 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2013-12-29 12:08 - 2011-09-29 10:30 - 00074272 _____ C:\Windows\system32\RtNicProp64.dll
2013-12-29 12:07 - 2014-01-10 22:00 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-29 12:07 - 2013-12-29 12:08 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-12-29 12:07 - 2013-12-29 12:07 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-12-29 12:07 - 2013-12-29 12:07 - 00000000 ____D C:\Program Files\Realtek
2013-12-29 12:07 - 2013-12-29 12:07 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-12-29 12:07 - 2012-06-19 09:54 - 04065296 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2013-12-29 12:07 - 2012-06-19 06:31 - 00293889 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2013-12-29 12:07 - 2012-06-08 09:23 - 00083072 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2013-12-29 12:07 - 2012-06-08 09:21 - 00897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2013-12-29 12:07 - 2012-06-08 09:21 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2013-12-29 12:07 - 2012-06-08 09:18 - 03615888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2013-12-29 12:07 - 2012-06-06 03:44 - 00869520 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2013-12-29 12:07 - 2012-06-05 06:45 - 00237968 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtHDMIVX.sys
2013-12-29 12:07 - 2012-06-01 02:37 - 02674320 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2013-12-29 12:07 - 2012-05-31 11:08 - 00105616 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2013-12-29 12:07 - 2012-05-25 11:06 - 01706640 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2013-12-29 12:07 - 2012-05-17 04:29 - 07163744 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64H.dll
2013-12-29 12:07 - 2012-05-17 04:29 - 00433504 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64H.dll
2013-12-29 12:07 - 2012-05-17 04:29 - 00141152 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64H.dll
2013-12-29 12:07 - 2012-05-17 04:29 - 00123744 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64H.dll
2013-12-29 12:07 - 2012-05-17 04:29 - 00074592 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64H.dll
2013-12-29 12:07 - 2012-05-10 08:22 - 01262696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2013-12-29 12:07 - 2012-04-10 07:40 - 02533952 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2013-12-29 12:07 - 2012-04-03 11:42 - 01015640 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2013-12-29 12:07 - 2012-03-08 04:47 - 00202336 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2013-12-29 12:07 - 2012-03-08 04:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2013-12-29 12:07 - 2012-02-21 12:45 - 02605400 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2013-12-29 12:07 - 2011-12-20 08:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2013-12-29 12:07 - 2011-12-18 10:58 - 02131288 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2013-12-29 12:07 - 2011-12-16 07:57 - 00065112 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
2013-12-29 12:07 - 2011-12-13 09:58 - 01560168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2013-12-29 12:07 - 2011-12-02 07:20 - 03746408 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkHDM64.dll
2013-12-29 12:07 - 2011-11-22 09:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2013-12-29 12:07 - 2011-09-27 07:04 - 02526824 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RHDMEx64.dll
2013-12-29 12:07 - 2011-07-06 06:27 - 00092264 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RHCoInst64.dll
2013-12-29 12:07 - 2010-11-08 00:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2013-12-29 12:07 - 2010-11-08 00:31 - 00372056 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64H.dll
2013-12-29 12:07 - 2010-11-08 00:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2013-12-29 12:07 - 2010-11-08 00:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2013-12-29 12:07 - 2010-11-08 00:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RH3DHT64.dll
2013-12-29 12:07 - 2010-11-08 00:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RH3DAA64.dll
2013-12-29 12:07 - 2010-11-08 00:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64H.dll
2013-12-29 12:07 - 2010-11-08 00:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2013-12-29 12:07 - 2010-11-08 00:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2013-12-29 12:07 - 2010-11-08 00:31 - 00097624 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64H.dll
2013-12-29 12:07 - 2010-11-08 00:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64H.dll
2013-12-29 12:07 - 2010-11-08 00:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2013-12-29 12:07 - 2010-11-03 11:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2013-12-29 12:07 - 2010-09-27 02:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2013-12-29 12:07 - 2009-11-24 02:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2013-12-29 12:07 - 2009-11-24 02:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2013-12-29 12:07 - 2009-11-24 02:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2013-12-29 12:07 - 2009-11-24 02:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2013-12-29 12:07 - 2009-11-18 00:13 - 00060504 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn64.dll
2013-12-29 12:06 - 2013-12-29 12:07 - 00000000 ____D C:\ProgramData\AMD
2013-12-29 12:06 - 2013-12-29 12:06 - 00060197 _____ C:\Windows\SysWOW64\CCCInstall_201312291206544121.log
2013-12-29 12:05 - 2013-12-29 12:05 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-12-29 12:03 - 2013-12-29 16:04 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-29 12:03 - 2013-12-29 12:03 - 00000000 ____D C:\Program Files\ATI
2013-12-29 12:02 - 2013-12-29 12:06 - 00000000 ____D C:\Program Files\AMD
2013-12-29 12:01 - 2013-12-29 12:01 - 00372091 __RSH C:\WOYBL
2013-12-29 11:58 - 2014-01-11 21:28 - 00000000 ____D C:\Users\Raubtier
2013-12-29 11:58 - 2014-01-11 21:27 - 00000000 ____D C:\Users\Raubtier\AppData\Local\VirtualStore
2013-12-29 11:58 - 2013-12-30 06:31 - 00001421 _____ C:\Users\Raubtier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-29 11:58 - 2013-12-30 05:43 - 00000000 ___RD C:\Users\Raubtier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-12-29 11:58 - 2013-12-30 05:43 - 00000000 ___RD C:\Users\Raubtier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-12-29 11:58 - 2013-12-29 11:59 - 00000000 ___RD C:\Users\Raubtier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-29 11:58 - 2013-12-29 11:59 - 00000000 ___RD C:\Users\Raubtier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-29 11:58 - 2013-12-29 11:58 - 00000020 ___SH C:\Users\Raubtier\ntuser.ini
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Raubtier\Vorlagen
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Raubtier\Startmenü
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Raubtier\Netzwerkumgebung
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Raubtier\Lokale Einstellungen
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Raubtier\Eigene Dateien
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Raubtier\Druckumgebung
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Raubtier\Documents\Eigene Musik
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Raubtier\Documents\Eigene Bilder
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Raubtier\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Raubtier\AppData\Local\Verlauf
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Raubtier\AppData\Local\Anwendungsdaten
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Raubtier\Anwendungsdaten
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Default\Vorlagen
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Programme
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\ProgramData\Vorlagen
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\ProgramData\Favoriten
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Dokumente und Einstellungen
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 ____D C:\Users\Raubtier\AppData\Roaming\Adobe
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 ____D C:\Recovery
2013-12-29 11:50 - 2013-12-30 06:21 - 01591896 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-29 11:44 - 2013-12-29 11:44 - 00001355 _____ C:\Windows\TSSysprep.log
2013-12-29 11:43 - 2014-01-14 20:58 - 01752098 _____ C:\Windows\WindowsUpdate.log
2013-12-29 11:39 - 2014-01-11 19:25 - 00000000 ____D C:\Windows\Panther
2013-12-29 11:39 - 2013-12-29 11:39 - 00008192 __RSH C:\BOOTSECT.BAK
2013-12-29 11:39 - 2010-11-21 04:23 - 00383786 __RSH C:\bootmgr
2013-12-29 11:17 - 2013-12-06 23:07 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2013-12-29 11:17 - 2013-12-06 23:07 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2013-12-29 11:17 - 2013-12-06 23:07 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2013-12-29 11:17 - 2013-12-06 23:07 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2013-12-29 11:17 - 2013-12-06 23:04 - 00143304 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2013-12-29 11:17 - 2013-12-06 23:03 - 00126336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2013-12-29 11:17 - 2013-12-06 23:03 - 00115512 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2013-12-29 11:17 - 2013-12-06 23:02 - 00098496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2013-12-29 11:17 - 2013-12-06 23:01 - 01318552 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2013-12-29 11:17 - 2013-12-06 23:01 - 01100216 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2013-12-29 11:17 - 2013-12-06 23:00 - 09753752 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2013-12-29 11:17 - 2013-12-06 22:59 - 08406024 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2013-12-29 11:17 - 2013-12-06 22:59 - 08287008 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2013-12-29 11:17 - 2013-12-06 22:58 - 06630232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2013-12-29 11:17 - 2013-12-06 22:57 - 08927704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2013-12-29 11:17 - 2013-12-06 22:56 - 07751920 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2013-12-29 11:17 - 2013-12-06 22:52 - 13207552 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2013-12-29 11:17 - 2013-12-06 22:38 - 01187342 _____ C:\Windows\system32\amdocl_as64.exe
2013-12-29 11:17 - 2013-12-06 22:38 - 01061902 _____ C:\Windows\system32\amdocl_ld64.exe
2013-12-29 11:17 - 2013-12-06 22:38 - 00995342 _____ C:\Windows\SysWOW64\amdocl_as32.exe
2013-12-29 11:17 - 2013-12-06 22:38 - 00798734 _____ C:\Windows\SysWOW64\amdocl_ld32.exe
2013-12-29 11:17 - 2013-12-06 22:38 - 00099840 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2013-12-29 11:17 - 2013-12-06 22:38 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2013-12-29 11:17 - 2013-12-06 22:38 - 00083968 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2013-12-29 11:17 - 2013-12-06 22:38 - 00073728 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2013-12-29 11:17 - 2013-12-06 22:37 - 29382144 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2013-12-29 11:17 - 2013-12-06 22:35 - 24860160 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2013-12-29 11:17 - 2013-12-06 22:33 - 00063488 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2013-12-29 11:17 - 2013-12-06 22:33 - 00057344 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2013-12-29 11:17 - 2013-12-06 22:26 - 00129536 _____ (AMD) C:\Windows\system32\coinst_13.251.dll
2013-12-29 11:17 - 2013-12-06 22:16 - 26352128 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2013-12-29 11:17 - 2013-12-06 22:13 - 00550456 _____ C:\Windows\SysWOW64\atiapfxx.blb
2013-12-29 11:17 - 2013-12-06 22:13 - 00550456 _____ C:\Windows\system32\atiapfxx.blb
2013-12-29 11:17 - 2013-12-06 22:13 - 00368640 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2013-12-29 11:17 - 2013-12-06 22:12 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2013-12-29 11:17 - 2013-12-06 22:12 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2013-12-29 11:17 - 2013-12-06 22:12 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2013-12-29 11:17 - 2013-12-06 22:12 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2013-12-29 11:17 - 2013-12-06 22:12 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2013-12-29 11:17 - 2013-12-06 22:09 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2013-12-29 11:17 - 2013-12-06 21:58 - 22157824 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2013-12-29 11:17 - 2013-12-06 21:53 - 00588288 _____ (AMD) C:\Windows\system32\atieclxx.exe
2013-12-29 11:17 - 2013-12-06 21:53 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2013-12-29 11:17 - 2013-12-06 21:53 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2013-12-29 11:17 - 2013-12-06 21:52 - 00239616 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2013-12-29 11:17 - 2013-12-06 21:50 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2013-12-29 11:17 - 2013-12-06 21:42 - 03426688 _____ C:\Windows\system32\atiumd6a.cap
2013-12-29 11:17 - 2013-12-06 21:39 - 00204952 _____ C:\Windows\SysWOW64\ativvsvl.dat
2013-12-29 11:17 - 2013-12-06 21:39 - 00204952 _____ C:\Windows\system32\ativvsvl.dat
2013-12-29 11:17 - 2013-12-06 21:39 - 00157144 _____ C:\Windows\SysWOW64\ativvsva.dat
2013-12-29 11:17 - 2013-12-06 21:39 - 00157144 _____ C:\Windows\system32\ativvsva.dat
2013-12-29 11:17 - 2013-12-06 21:31 - 03461040 _____ C:\Windows\SysWOW64\atiumdva.cap
2013-12-29 11:17 - 2013-12-06 21:22 - 01144320 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2013-12-29 11:17 - 2013-12-06 21:22 - 00825344 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2013-12-29 11:17 - 2013-12-06 21:22 - 00100352 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2013-12-29 11:17 - 2013-12-06 21:22 - 00074752 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2013-12-29 11:17 - 2013-12-06 21:22 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2013-12-29 11:17 - 2013-12-06 21:22 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2013-12-29 11:17 - 2013-12-06 21:21 - 00626176 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2013-12-29 11:17 - 2013-12-06 21:21 - 00096768 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2013-12-29 11:17 - 2013-12-06 21:18 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2013-12-29 11:17 - 2013-11-01 09:08 - 00721296 _____ C:\Windows\system32\atiicdxx.dat
2013-12-29 11:17 - 2013-09-30 21:48 - 00047887 _____ C:\Windows\atiogl.xml
2013-12-29 11:17 - 2013-09-26 22:14 - 00083552 _____ C:\Windows\system32\ativce02.dat
2013-12-29 11:17 - 2013-09-24 15:53 - 00094208 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW76.sys
2013-12-29 11:17 - 2013-09-24 15:51 - 00110080 _____ (TODO: <Company name>) C:\Windows\system32\DelayAPO.dll
2013-12-29 11:17 - 2013-09-12 17:31 - 00233776 _____ C:\Windows\system32\ativvaxy_cik_nd.dat
2013-12-29 11:17 - 2013-09-12 17:30 - 00234036 _____ C:\Windows\system32\ativvaxy_cik.dat
2013-12-29 11:17 - 2013-04-10 16:34 - 00332800 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODE.exe
2013-12-29 11:17 - 2013-04-10 16:34 - 00118784 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atibtmon.exe
2013-12-29 11:17 - 2013-04-10 16:34 - 00051200 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODCLI.exe
2013-12-29 11:17 - 2011-09-12 23:06 - 00003917 _____ C:\Windows\SysWOW64\atipblag.dat
2013-12-29 11:17 - 2011-09-12 23:06 - 00003917 _____ C:\Windows\system32\atipblag.dat
==================== One Month Modified Files and Folders =======
2014-01-14 21:26 - 2014-01-11 13:24 - 00006989 _____ C:\Users\Raubtier\Desktop\FRST.txt
2014-01-14 21:21 - 2014-01-14 21:21 - 02076160 _____ (Farbar) C:\Users\Raubtier\Desktop\FRST64.exe
2014-01-14 21:21 - 2013-12-29 12:49 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-14 21:20 - 2011-04-12 08:43 - 00698688 _____ C:\Windows\system32\perfh007.dat
2014-01-14 21:20 - 2011-04-12 08:43 - 00148828 _____ C:\Windows\system32\perfc007.dat
2014-01-14 21:20 - 2009-07-14 06:13 - 01618320 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-14 21:19 - 2013-12-30 23:09 - 00007607 _____ C:\Users\Raubtier\AppData\Local\Resmon.ResmonCfg
2014-01-14 21:19 - 2013-12-30 20:47 - 00000000 ____D C:\Users\Raubtier\AppData\Roaming\TS3Client
2014-01-14 20:58 - 2013-12-29 11:43 - 01752098 _____ C:\Windows\WindowsUpdate.log
2014-01-14 20:58 - 2009-07-14 05:51 - 00030576 _____ C:\Windows\setupact.log
2014-01-14 20:52 - 2013-12-29 13:09 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-14 20:49 - 2009-07-14 05:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-14 20:49 - 2009-07-14 05:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-14 20:46 - 2013-12-29 12:20 - 00000000 ____D C:\Program Files\Origin
2014-01-14 20:42 - 2013-12-29 12:49 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-14 20:42 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-14 17:56 - 2014-01-13 17:38 - 00000000 ____D C:\Users\Raubtier\Desktop\Updates
2014-01-14 05:33 - 2014-01-14 05:33 - 00000624 _____ C:\Users\Raubtier\Desktop\JRT.txt
2014-01-14 05:28 - 2014-01-14 05:28 - 00000000 ____D C:\Windows\ERUNT
2014-01-14 05:27 - 2014-01-14 05:27 - 01037068 _____ (Thisisu) C:\Users\Raubtier\Desktop\JRT (1).exe
2014-01-14 05:22 - 2014-01-14 05:17 - 00000000 ____D C:\AdwCleaner
2014-01-14 05:15 - 2014-01-14 05:15 - 01037068 _____ (Thisisu) C:\Users\Raubtier\Desktop\JRT.exe
2014-01-14 05:14 - 2014-01-14 05:14 - 01236282 _____ C:\Users\Raubtier\Desktop\adwcleaner.exe
2014-01-14 00:36 - 2014-01-12 00:13 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-13 17:27 - 2013-12-29 12:13 - 00001912 _____ C:\Windows\epplauncher.mif
2014-01-12 20:25 - 2014-01-12 20:25 - 00000000 ____D C:\Patch2
2014-01-12 20:25 - 2014-01-12 20:25 - 00000000 ____D C:\patch1
2014-01-12 20:24 - 2014-01-12 20:24 - 04693832 _____ C:\Users\Raubtier\Desktop\441065_intl_x64_zip.exe
2014-01-12 20:24 - 2014-01-12 20:23 - 00316912 _____ C:\Users\Raubtier\Desktop\441280_intl_x64_zip.exe
2014-01-12 20:10 - 2010-11-21 04:47 - 00008452 _____ C:\Windows\PFRO.log
2014-01-12 17:04 - 2014-01-12 17:03 - 00000000 ____D C:\Users\Raubtier\Desktop\Prime95
2014-01-12 17:03 - 2014-01-12 17:03 - 04277073 _____ C:\Users\Raubtier\Desktop\p95v279.win32.zip
2014-01-12 17:03 - 2013-12-29 12:21 - 00000000 ____D C:\ProgramData\Origin
2014-01-12 14:31 - 2014-01-12 14:25 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-12 14:25 - 2014-01-12 14:25 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-12 14:25 - 2014-01-12 14:24 - 00000000 ____D C:\Users\Raubtier\Desktop\mbar
2014-01-12 14:24 - 2014-01-12 14:24 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Raubtier\Desktop\mbar-1.07.0.1008.exe
2014-01-12 14:17 - 2014-01-12 14:17 - 00000914 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-12 14:17 - 2014-01-12 14:17 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-12 14:16 - 2014-01-12 00:13 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-12 14:13 - 2014-01-12 14:13 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Raubtier\Desktop\mbam-setup-1.75.0.1300.exe
2014-01-12 13:43 - 2014-01-12 13:43 - 00021244 _____ C:\ComboFix.txt
2014-01-12 13:43 - 2014-01-12 13:35 - 00000000 ____D C:\Qoobox
2014-01-12 13:41 - 2014-01-12 13:34 - 00000000 ____D C:\Windows\erdnt
2014-01-12 13:40 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-12 13:32 - 2014-01-12 13:32 - 05162489 ____R (Swearware) C:\Users\Raubtier\Desktop\ComboFix.exe
2014-01-12 00:13 - 2014-01-12 00:13 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-12 00:13 - 2014-01-12 00:13 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-12 00:13 - 2014-01-12 00:13 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-12 00:13 - 2014-01-12 00:13 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-12 00:13 - 2014-01-12 00:13 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-01-12 00:13 - 2014-01-12 00:13 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-12 00:13 - 2014-01-12 00:13 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-12 00:13 - 2014-01-12 00:13 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-12 00:13 - 2014-01-12 00:13 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-11 23:12 - 2013-12-29 12:18 - 00000000 ____D C:\ProgrammeVirtualCloneDrive
2014-01-11 22:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-11 21:28 - 2014-01-11 21:28 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-01-11 21:28 - 2013-12-29 11:58 - 00000000 ____D C:\Users\Raubtier
2014-01-11 21:27 - 2014-01-11 18:34 - 00000000 ____D C:\Users\Raubtier\Desktop\rootkit detektiv
2014-01-11 21:27 - 2013-12-30 22:20 - 00000000 ____D C:\Windows\pss
2014-01-11 21:27 - 2013-12-29 15:29 - 00000000 ____D C:\Users\Raubtier\AppData\Roaming\DAEMON Tools Lite
2014-01-11 21:27 - 2013-12-29 11:58 - 00000000 ____D C:\Users\Raubtier\AppData\Local\VirtualStore
2014-01-11 21:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2014-01-11 19:37 - 2014-01-11 01:28 - 00050568 _____ C:\Users\Raubtier\Desktop\Extras.Txt
2014-01-11 19:37 - 2014-01-11 01:27 - 00217022 _____ C:\Users\Raubtier\Desktop\OTL.Txt
2014-01-11 19:25 - 2014-01-11 14:00 - 00000000 ____D C:\Windows\Minidump
2014-01-11 19:25 - 2013-12-29 22:42 - 00000000 ___DC C:\Users\Raubtier\AppData\Local\MigWiz
2014-01-11 19:25 - 2013-12-29 11:39 - 00000000 ____D C:\Windows\Panther
2014-01-11 17:59 - 2014-01-11 17:59 - 00000000 ____D C:\Users\Raubtier\Desktop\RootkitRevealer171
2014-01-11 17:56 - 2014-01-11 18:34 - 01720705 _____ C:\Users\Raubtier\Desktop\McafeeRootkitDetective11.zip
2014-01-11 13:32 - 2014-01-11 13:32 - 00225630 _____ C:\Users\Raubtier\Desktop\Gmer.txt
2014-01-11 13:22 - 2014-01-11 13:22 - 00000000 ____D C:\FRST
2014-01-11 13:21 - 2014-01-11 13:21 - 00000148 _____ C:\Users\Raubtier\defogger_reenable
2014-01-11 12:47 - 2014-01-11 12:47 - 00000000 ____D C:\Program Files (x86)\Sophos
2014-01-11 02:08 - 2014-01-11 02:08 - 00000000 ____D C:\Users\Raubtier\AppData\Roaming\AVAST Software
2014-01-11 02:07 - 2014-01-11 02:07 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-11 02:07 - 2014-01-11 02:07 - 00000000 ____D C:\Program Files\AVAST Software
2014-01-11 02:06 - 2014-01-11 02:05 - 91412976 _____ (AVAST Software) C:\Users\Raubtier\Desktop\avast_free_antivirus_setup.exe
2014-01-11 01:41 - 2014-01-11 01:41 - 04745728 _____ (AVAST Software) C:\Users\Raubtier\Desktop\aswMBR.exe
2014-01-11 01:23 - 2014-01-11 01:23 - 00602112 _____ (OldTimer Tools) C:\Users\Raubtier\Desktop\OTL.exe
2014-01-11 00:53 - 2009-07-14 06:08 - 00015246 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-10 22:04 - 2014-01-10 22:04 - 00791552 _____ (AMD) C:\Users\Raubtier\Desktop\amddriverdownloader.exe
2014-01-10 22:00 - 2014-01-10 21:40 - 00000000 ____D C:\Users\Raubtier\Desktop\cpu-z-168
2014-01-10 22:00 - 2014-01-07 12:55 - 00000000 ____D C:\Program Files (x86)\Windows Live
2014-01-10 22:00 - 2014-01-01 21:18 - 00000000 ____D C:\Users\Raubtier\AppData\Roaming\Skype
2014-01-10 22:00 - 2013-12-29 12:21 - 00000000 ____D C:\Program Files\Steam
2014-01-10 22:00 - 2013-12-29 12:07 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-10 22:00 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2014-01-10 22:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2014-01-10 21:38 - 2014-01-10 21:38 - 01994222 _____ C:\Users\Raubtier\Desktop\cpu-z-168.zip
2014-01-10 21:16 - 2014-01-10 21:16 - 00000010 _____ C:\csb.log
2014-01-10 01:01 - 2014-01-07 00:57 - 00000000 ____D C:\Users\Raubtier\AppData\Roaming\Usenet.nl
2014-01-10 00:55 - 2014-01-07 00:57 - 00000000 ____D C:\Users\Raubtier\Documents\Usenet.nl
2014-01-08 20:14 - 2014-01-07 20:43 - 00000000 ____D C:\Users\Raubtier\Tracing
2014-01-08 00:21 - 2014-01-07 12:50 - 00000000 ____D C:\Users\Raubtier\AppData\Local\Windows Live
2014-01-07 12:56 - 2014-01-07 12:56 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-01-07 12:55 - 2014-01-07 12:55 - 00000000 ____D C:\Windows\PCHEALTH
2014-01-07 12:51 - 2014-01-07 12:51 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2014-01-07 12:50 - 2014-01-07 12:50 - 01245168 _____ (Microsoft Corporation) C:\Users\Raubtier\Desktop\wlsetup-web.exe
2014-01-07 12:49 - 2013-12-30 19:28 - 00000000 ____D C:\Program Files\HDDGURU LLF Tool
2014-01-07 12:48 - 2013-12-30 11:02 - 00000000 ____D C:\Windows\System32\Tasks\Abelssoft
2014-01-07 12:48 - 2013-12-29 20:26 - 00000000 ____D C:\Program Files\CheckDrive
2014-01-07 01:48 - 2013-12-31 01:25 - 00000000 ____D C:\Users\Raubtier\AppData\Roaming\vlc
2014-01-07 00:57 - 2014-01-07 00:57 - 07457256 _____ ( ) C:\Users\Raubtier\Desktop\UsenetNLSetup.exe
2014-01-07 00:57 - 2014-01-07 00:57 - 00001682 _____ C:\Users\Raubtier\Desktop\Usenet.nl.lnk
2014-01-07 00:57 - 2014-01-07 00:57 - 00000000 ____D C:\Program Files\Usenet.nl
2014-01-07 00:39 - 2014-01-02 00:30 - 00000000 ____D C:\Users\Raubtier\AppData\Local\Microsoft Games
2014-01-03 21:18 - 2014-01-03 21:18 - 00000000 ____D C:\Users\Raubtier\AppData\Roaming\Malwarebytes
2014-01-03 21:18 - 2014-01-03 21:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-02 23:15 - 2014-01-02 23:15 - 00000000 ____D C:\Users\Raubtier\Documents\WB Games
2014-01-02 23:11 - 2014-01-02 23:11 - 00001520 _____ C:\Users\Raubtier\Desktop\TheBureau.lnk
2014-01-02 23:11 - 2014-01-02 23:11 - 00000000 ____D C:\Users\Raubtier\AppData\Roaming\2K Sports
2014-01-02 23:10 - 2014-01-02 23:10 - 00001045 _____ C:\Users\Raubtier\Desktop\nba2k14.lnk
2014-01-02 23:09 - 2014-01-02 23:09 - 00001669 _____ C:\Users\Raubtier\Desktop\BatmanOrigins.lnk
2014-01-02 23:02 - 2013-12-29 16:01 - 00074987 _____ C:\Windows\DirectX.log
2014-01-01 22:52 - 2014-01-01 20:53 - 00000000 ____D C:\Users\Raubtier\AppData\Local\ESN Sonar
2014-01-01 22:35 - 2014-01-01 22:35 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2014-01-01 22:35 - 2014-01-01 22:35 - 00000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories
2014-01-01 22:17 - 2013-12-29 16:04 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2014-01-01 22:02 - 2013-12-29 16:04 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2014-01-01 21:18 - 2014-01-01 21:17 - 00000000 ____D C:\ProgramData\Skype
2014-01-01 21:17 - 2014-01-01 21:17 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2014-01-01 21:17 - 2014-01-01 21:17 - 00000000 ___RD C:\Program Files (x86)\Skype
2014-01-01 12:27 - 2013-12-29 16:04 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2014-01-01 03:02 - 2014-01-01 03:02 - 00000857 _____ C:\Users\Raubtier\Desktop\Yahoo! Messenger.lnk
2013-12-31 01:07 - 2013-12-31 01:07 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-12-30 19:29 - 2013-12-30 19:29 - 00000001 _____ C:\Users\Raubtier\AppData\Local\llftool.4.30.agreement
2013-12-30 12:35 - 2013-12-30 12:34 - 00000000 ____D C:\Program Files\Data Lifeguard Diagnostic for Windows
2013-12-30 11:02 - 2013-12-29 20:26 - 00000000 ____D C:\Users\Raubtier\AppData\Local\Abelssoft
2013-12-30 07:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-30 06:40 - 2013-12-29 22:28 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-30 06:40 - 2013-12-29 22:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-12-30 06:31 - 2013-12-29 11:58 - 00001421 _____ C:\Users\Raubtier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-30 06:28 - 2013-12-30 06:28 - 00000000 ____D C:\Program Files (x86)\Etron Technology
2013-12-30 06:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-30 06:21 - 2013-12-29 11:50 - 01591896 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-30 06:19 - 2013-12-30 05:57 - 00015952 _____ C:\Windows\IE11_main.log
2013-12-30 06:15 - 2013-12-30 06:15 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-30 06:15 - 2013-12-30 06:15 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-30 06:15 - 2013-12-30 06:15 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-30 06:15 - 2013-12-30 06:15 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-30 06:15 - 2013-12-30 06:15 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-30 06:15 - 2013-12-30 06:15 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-30 06:15 - 2013-12-30 06:15 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-30 06:15 - 2013-12-30 06:15 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-30 06:15 - 2013-12-30 06:15 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-30 06:15 - 2013-12-30 06:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-30 06:15 - 2013-12-30 06:15 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-30 06:15 - 2013-12-30 06:15 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-30 06:15 - 2013-12-30 06:15 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-30 06:15 - 2013-12-30 06:15 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-30 06:15 - 2013-12-30 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-30 06:15 - 2013-12-30 06:15 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-30 06:15 - 2013-12-30 06:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-30 06:15 - 2013-12-30 06:15 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-30 06:15 - 2013-12-30 06:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-30 06:15 - 2013-12-30 06:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-30 06:15 - 2013-12-30 06:15 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-30 06:08 - 2009-07-14 05:45 - 00294344 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-30 05:56 - 2013-12-29 22:25 - 00000000 ____D C:\Windows\system32\MRT
2013-12-30 05:46 - 2013-12-29 12:13 - 00059296 _____ C:\Users\Raubtier\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-30 05:44 - 2009-07-14 04:20 - 00000000 __RSD C:\Windows\Media
2013-12-30 05:43 - 2013-12-29 12:19 - 00000000 ____D C:\Users\Raubtier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-12-30 05:43 - 2013-12-29 11:58 - 00000000 ___RD C:\Users\Raubtier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-12-30 05:43 - 2013-12-29 11:58 - 00000000 ___RD C:\Users\Raubtier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-12-30 05:43 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-12-30 05:35 - 2013-12-29 13:05 - 00000000 ____D C:\ProgramData\Razer
2013-12-29 23:37 - 2013-12-29 23:36 - 00000000 ____D C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige
2013-12-29 22:05 - 2013-12-29 22:05 - 00000000 ____D C:\Users\Raubtier\AppData\Roaming\WinRAR
2013-12-29 21:28 - 2013-12-29 21:28 - 00000000 ____D C:\Users\Raubtier\AppData\Local\PunkBuster
2013-12-29 21:06 - 2013-12-29 21:06 - 00000000 ____D C:\Users\Raubtier\Documents\Battlefield 4
2013-12-29 21:06 - 2013-12-29 12:22 - 00000000 ____D C:\Users\Raubtier\AppData\Local\Origin
2013-12-29 21:06 - 2013-12-29 12:21 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-12-29 20:34 - 2013-12-29 20:34 - 00000000 ____D C:\Users\Raubtier\AppData\Local\Razer
2013-12-29 20:15 - 2013-12-29 20:15 - 00000000 ____D C:\Users\Raubtier\AppData\Local\ESN
2013-12-29 16:14 - 2013-12-29 16:14 - 00000000 ____D C:\ProgramData\Steam
2013-12-29 16:04 - 2013-12-29 16:04 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-12-29 16:04 - 2013-12-29 12:03 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-29 15:54 - 2013-12-29 15:28 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-12-29 15:29 - 2013-12-29 15:29 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-12-29 15:29 - 2013-12-29 15:29 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2013-12-29 13:16 - 2013-12-29 12:49 - 00004110 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-29 13:16 - 2013-12-29 12:49 - 00003858 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-29 13:11 - 2013-12-29 13:11 - 00000000 ____D C:\Users\Raubtier\AppData\Roaming\Yahoo!
2013-12-29 13:10 - 2013-12-29 13:10 - 00000000 ____D C:\Users\Raubtier\AppData\Roaming\Macromedia
2013-12-29 13:09 - 2013-12-29 13:09 - 00419488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-29 13:09 - 2013-12-29 13:09 - 00070304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-29 13:09 - 2013-12-29 13:09 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-29 13:09 - 2013-12-29 13:09 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-12-29 13:09 - 2013-12-29 13:09 - 00000000 ____D C:\ProgramData\Yahoo!
2013-12-29 13:09 - 2013-12-29 13:09 - 00000000 ____D C:\Program Files\Messenger
2013-12-29 13:09 - 2013-12-29 13:07 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-12-29 13:07 - 2013-12-29 13:07 - 00444024 _____ (Yahoo! Inc.) C:\Users\Raubtier\Downloads\msgr11de.exe
2013-12-29 13:05 - 2013-12-29 13:04 - 13163200 _____ (Razer Inc.) C:\Users\Raubtier\Downloads\Razer_Synapse_Framework_V1.16.06.exe
2013-12-29 13:05 - 2013-12-29 13:02 - 00000000 ____D C:\Program Files (x86)\Razer
2013-12-29 13:03 - 2013-12-29 13:03 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_RzSynapse_01007.Wdf
2013-12-29 13:03 - 2013-12-29 13:02 - 00007312 _____ C:\Windows\DPINST.LOG
2013-12-29 13:02 - 2013-12-29 13:02 - 00000000 ____D C:\Program Files\Razer
2013-12-29 13:00 - 2013-12-29 12:59 - 40394840 _____ (Razer USA Ltd. ) C:\Users\Raubtier\Downloads\Razer_NagaEpic_Driver_v3.03.exe
2013-12-29 12:57 - 2013-12-29 12:57 - 00000909 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2013-12-29 12:57 - 2013-12-29 12:57 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-12-29 12:56 - 2013-12-29 12:55 - 32520760 _____ (TeamSpeak Systems GmbH) C:\Users\Raubtier\Downloads\TeamSpeak3-Client-win64-3.0.13.1.exe
2013-12-29 12:51 - 2013-12-29 12:49 - 00000000 ____D C:\Users\Raubtier\AppData\Local\Google
2013-12-29 12:51 - 2013-12-29 12:49 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-29 12:49 - 2013-12-29 12:49 - 00000000 ____D C:\Users\Raubtier\AppData\Local\Deployment
2013-12-29 12:49 - 2013-12-29 12:49 - 00000000 ____D C:\Users\Raubtier\AppData\Local\Apps\2.0
2013-12-29 12:36 - 2013-12-29 12:22 - 00000000 ____D C:\Users\Raubtier\AppData\Roaming\Origin
2013-12-29 12:30 - 2013-12-29 12:30 - 00000000 ____D C:\Users\Raubtier\AppData\Roaming\ATI
2013-12-29 12:30 - 2013-12-29 12:30 - 00000000 ____D C:\Users\Raubtier\AppData\Local\ATI
2013-12-29 12:30 - 2013-12-29 12:30 - 00000000 ____D C:\Users\Raubtier\AppData\Local\AMD
2013-12-29 12:30 - 2013-12-29 12:30 - 00000000 ____D C:\ProgramData\ATI
2013-12-29 12:29 - 2013-12-29 12:29 - 00000000 _____ C:\Windows\ativpsrm.bin
2013-12-29 12:19 - 2013-12-29 12:17 - 00000000 ____D C:\Program Files\WinRAR
2013-12-29 12:18 - 2013-12-29 12:18 - 00000000 ____D C:\Program Files\VLC
2013-12-29 12:13 - 2013-12-29 12:13 - 00000000 ____D C:\Program Files (x86)\AMD APP
2013-12-29 12:08 - 2013-12-29 12:07 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-12-29 12:07 - 2013-12-29 12:07 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-12-29 12:07 - 2013-12-29 12:07 - 00000000 ____D C:\Program Files\Realtek
2013-12-29 12:07 - 2013-12-29 12:07 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-12-29 12:07 - 2013-12-29 12:06 - 00000000 ____D C:\ProgramData\AMD
2013-12-29 12:06 - 2013-12-29 12:06 - 00060197 _____ C:\Windows\SysWOW64\CCCInstall_201312291206544121.log
2013-12-29 12:06 - 2013-12-29 12:02 - 00000000 ____D C:\Program Files\AMD
2013-12-29 12:05 - 2013-12-29 12:05 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-12-29 12:03 - 2013-12-29 12:03 - 00000000 ____D C:\Program Files\ATI
2013-12-29 12:03 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\restore
2013-12-29 12:01 - 2013-12-29 12:01 - 00372091 __RSH C:\WOYBL
2013-12-29 11:59 - 2013-12-29 11:58 - 00000000 ___RD C:\Users\Raubtier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-29 11:59 - 2013-12-29 11:58 - 00000000 ___RD C:\Users\Raubtier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-29 11:58 - 2013-12-29 11:58 - 00000020 ___SH C:\Users\Raubtier\ntuser.ini
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Raubtier\Vorlagen
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Raubtier\Startmenü
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Raubtier\Netzwerkumgebung
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Raubtier\Lokale Einstellungen
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Raubtier\Eigene Dateien
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Raubtier\Druckumgebung
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Raubtier\Documents\Eigene Musik
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Raubtier\Documents\Eigene Bilder
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Raubtier\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Raubtier\AppData\Local\Verlauf
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Raubtier\AppData\Local\Anwendungsdaten
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Raubtier\Anwendungsdaten
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Default\Vorlagen
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Programme
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\ProgramData\Vorlagen
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\ProgramData\Favoriten
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 _SHDL C:\Dokumente und Einstellungen
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 ____D C:\Users\Raubtier\AppData\Roaming\Adobe
2013-12-29 11:58 - 2013-12-29 11:58 - 00000000 ____D C:\Recovery
2013-12-29 11:58 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-12-29 11:58 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\Recovery
2013-12-29 11:58 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Windows NT
2013-12-29 11:44 - 2013-12-29 11:44 - 00001355 _____ C:\Windows\TSSysprep.log
2013-12-29 11:44 - 2009-07-14 05:46 - 00002790 _____ C:\Windows\DtcInstall.log
2013-12-29 11:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\sysprep
2013-12-29 11:41 - 2011-04-12 08:54 - 00000000 ____D C:\Windows\CSC
2013-12-29 11:39 - 2013-12-29 11:39 - 00008192 __RSH C:\BOOTSECT.BAK
2013-12-29 11:39 - 2009-07-14 06:38 - 00025600 ___SH C:\Windows\system32\config\BCD-Template.LOG
2013-12-29 11:39 - 2009-07-14 06:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2013-12-29 11:39 - 2009-07-14 05:45 - 00000000 ____D C:\Windows\Setup
Some content of TEMP:
====================
C:\Users\Raubtier\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-09 22:50
==================== End Of Log ============================
--- --- --- |
|
14.01.2014, 21:32
| #13 |
| | Windows 7 Bootmanager verändert, Prozessorkerne werden abgezweigt, Rootkit, Bootmanagertool?Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-01-2014 02
Ran by Raubtier at 2014-01-14 21:26:30
Running from C:\Users\Raubtier\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
Adobe Flash Player 11 ActiveX (x32 Version: 11.2.202.235 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
avast! Free Antivirus (x32 Version: 9.0.2011 - Avast Software)
Batman Arkham Origins (x32 Version: 1 - )
Battlefield 4™ (x32 Version: 1.0.0.1 - Electronic Arts)
Battlelog Web Plugins (x32 Version: 2.3.2 - EA Digital Illusions CE AB)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
DAEMON Tools Lite (x32 Version: 4.48.1.0347 - Disc Soft Ltd)
Data Lifeguard Diagnostic for Windows 1.24 (x32 Version: - Western Digital Corporation)
ESN Sonar (x32 Version: 0.70.4 - ESN Social Software AB)
Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0 - Microsoft)
NBA 2K14 (x32 Version: 1.0.0 - 2K Sports)
No More Room in Hell (x32 Version: - No More Room in Hell Team)
Origin (x32 Version: 9.3.11.2762 - Electronic Arts, Inc.)
PunkBuster Services (x32 Version: 0.993 - Even Balance, Inc.)
Razer Naga (x32 Version: 3.03.01 - Razer USA Ltd.)
Razer Synapse 2.0 (x32 Version: 1.16.6 - Razer Inc.)
Realtek Ethernet Controller Driver (x32 Version: 7.49.927.2011 - Realtek)
Realtek HDMI Audio Driver for ATI (x32 Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Steam (x32 Version: - Valve Corporation)
TeamSpeak 3 Client (Version: 3.0.13 - TeamSpeak Systems GmbH)
The Bureau: XCOM Declassified (x32 Version: 1 - )
Usenet.nl (x32 Version: - )
VLC media player 2.1.2 (x32 Version: 2.1.2 - VideoLAN)
WinRAR 5.00 (64-Bit) (Version: 5.00.0 - win.rar GmbH)
Yahoo! Messenger (x32 Version: - Yahoo! Inc.)
==================== Restore Points =========================
10-01-2014 13:40:18 Windows Update
10-01-2014 20:56:45 Configured Etron USB3.0 Host Controller
10-01-2014 20:59:11 Wiederherstellungsvorgang
10-01-2014 21:13:05 Windows Update
11-01-2014 01:07:25 avast! antivirus system restore point
11-01-2014 23:12:49 avast! antivirus system restore point
12-01-2014 19:26:02 Windows Update
12-01-2014 19:27:31 Windows Update
12-01-2014 19:31:32 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {08D4B8B1-9185-4CA9-A9EC-2EE7CA338D17} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-12] (AVAST Software)
Task: {49271653-5C6F-4686-9810-335BAF8B9F80} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {6E7B4529-29ED-4013-93A9-C50CDC123A42} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-29] (Adobe Systems Incorporated)
Task: {7B97527C-D3F3-414E-9B0D-7E3D8F2330E6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-29] (Google Inc.)
Task: {968D6584-599F-4831-902B-E2F584557820} - System32\Tasks\Games\UpdateCheck_S-1-5-21-199586521-2663480010-3892174971-1000
Task: {F04774E6-327B-4C2A-AB20-43DF7D1744F1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-29] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-12-06 16:06 - 2013-12-06 16:06 - 00102400 _____ () C:\Programme\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-01-14 17:03 - 2014-01-14 08:32 - 02153984 _____ () C:\Program Files\AVAST Software\Avast\defs\14011400\algo.dll
2014-01-14 20:43 - 2014-01-14 18:11 - 02153984 _____ () C:\Program Files\AVAST Software\Avast\defs\14011401\algo.dll
2014-01-12 00:13 - 2014-01-12 00:13 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: DAEMON Tools Virtual Bus
Description: DAEMON Tools Virtual Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: DT Soft Ltd
Service: dtsoftbus01
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Enumerator-Treiber für Microsoft Virtual Drive
Description: Enumerator-Treiber für Microsoft Virtual Drive
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardsystemgeräte)
Service: vdrvroot
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/14/2014 09:25:40 PM) (Source: Application Hang) (User: )
Description: Programm FRST64.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: f24
Startzeit: 01cf116650aecaa5
Endzeit: 32
Anwendungspfad: C:\Users\Raubtier\Desktop\FRST64.exe
Berichts-ID:
Error: (01/14/2014 08:44:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/14/2014 05:04:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (01/14/2014 08:42:53 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
dtsoftbus01
vdrvroot
Error: (01/14/2014 08:42:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Net.Tcp Listener Adapter" ist vom Dienst "Net.Tcp Port Sharing Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (01/14/2014 08:42:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Net.Pipe Listener Adapter" ist von folgendem Dienst abhängig: was. Dieser Dienst ist eventuell nicht installiert.
Error: (01/14/2014 08:42:41 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Net.Msmq Listener Adapter" ist von folgendem Dienst abhängig: msmq. Dieser Dienst ist eventuell nicht installiert.
Error: (01/14/2014 05:03:36 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
dtsoftbus01
vdrvroot
Error: (01/14/2014 05:03:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Net.Tcp Listener Adapter" ist vom Dienst "Net.Tcp Port Sharing Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (01/14/2014 05:03:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Net.Pipe Listener Adapter" ist von folgendem Dienst abhängig: was. Dieser Dienst ist eventuell nicht installiert.
Error: (01/14/2014 05:03:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Net.Msmq Listener Adapter" ist von folgendem Dienst abhängig: msmq. Dieser Dienst ist eventuell nicht installiert.
Microsoft Office Sessions:
=========================
Error: (01/14/2014 09:25:40 PM) (Source: Application Hang)(User: )
Description: FRST64.exe0.0.0.0f2401cf116650aecaa532C:\Users\Raubtier\Desktop\FRST64.exe
Error: (01/14/2014 08:44:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/14/2014 05:04:42 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2014-01-11 18:24:07.182
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\535E.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-01-11 18:24:07.135
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\535E.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-01-11 18:24:07.088
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\535E.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-01-11 18:24:07.041
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\535E.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-01-11 18:24:06.901
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\535E.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-01-11 18:24:06.854
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\535E.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-01-11 18:19:01.125
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\535E.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-01-11 18:19:01.078
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\535E.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-01-11 18:17:02.642
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\535E.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-01-11 18:17:02.596
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\535E.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 17%
Total physical RAM: 8173.43 MB
Available physical RAM: 6723.8 MB
Total Pagefile: 16345.04 MB
Available Pagefile: 14776.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:146.48 GB) (Free:93.56 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (frei) (Fixed) (Total:488.28 GB) (Free:262.91 GB) NTFS
Drive e: (Daten_BACKUP) (Fixed) (Total:443.1 GB) (Free:290.16 GB) NTFS
Drive f: (INTENSO) (Removable) (Total:14.44 GB) (Free:14.44 GB) FAT32
Drive g: (Volume) (Fixed) (Total:341.8 GB) (Free:163.85 GB) NTFS
Drive h: (Musik) (Fixed) (Total:443.23 GB) (Free:42.78 GB) NTFS
Drive i: (W7AiO_Okt13) (CDROM) (Total:6.99 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: D51718CD)
Partition 1: (Active) - (Size=146 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=342 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=443 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 0891393C)
Partition: GPT Partition Type
========================================================
Disk: 2 (Size: 14 GB) (Disk ID: 01CE7825)
Partition 1: (Active) - (Size=14 GB) - (Type=0C)
==================== End Of Log ============================
B3AM3R |
|
15.01.2014, 12:57
| #14 |
| /// the machine /// TB-Ausbilder | Windows 7 Bootmanager verändert, Prozessorkerne werden abgezweigt, Rootkit, Bootmanagertool? Deine Windows Version, inklusiver der vorab installierten Updates sind schon älter, du bekommst das Dateum der Erstellung angezeigt, nicht wann es installiert wurde Was bestehen denn noch für Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.01.2014, 05:44
| #15 |
| | Windows 7 Bootmanager verändert, Prozessorkerne werden abgezweigt, Rootkit, Bootmanagertool? Moin Schrauber, entschuldige meine späte Antwort. Also, ich fang denn mal an: Rechner läuft nur auf 2 Kernen, laut Process Explorer. Zeigt zwar 4 Kerne, jedoch 2 Kerne und 2 logische. Task Manager zeigt 4. Irgendwelche Prozesse und Hostprozesse die zu komischen Pfaden führen und Berechtigungen für irgendwelche Benutzer im Vollzugriff zulassen. Like this:   Das immer viele "SVCHost"-Prozesse laufen war mir klar. Mir erscheint das nur sehr viel. Auf meiner C: Platte sind mehrere Ordner mit Namen "boot" aufgetaucht, mit Anwendungen oder Anwendungserweiterungen. Mein Browser speichert keine Passwörter mehr und ich hab den Eindruck das mein Google Konto und mein Yahoo von jemand anderem benutzt wurden. Passwörter geändert. Mein browser leitet mich neuerdings gerne auf englische Seiten weiter. Auch bei Yahoo, wenn ich meine mails abfragen möchte.   Die Umgebungsvariablen, auch wenn ich davon nicht wirklich Ahnung habe, erscheinen mir die Pfade extrem lang und unnatürlich, genau wie das OS Win NT? Ich danke Dir vielmals für Deine Mühe. Lieben Gruß B3AM3R |
|
| Themen zu Windows 7 Bootmanager verändert, Prozessorkerne werden abgezweigt, Rootkit, Bootmanagertool? |
| abgesicherten, anderen, bootmanager, fehler, fehlermeldung, festgestellt, freunde, funktionieren, gen, malwarebytes, manager, modus, problem, prozessor, registry, rootkit, start, stelle, tools, verdacht, verändert, windows, windows 7, wissen, Änderungen |
Linear-Darstellung
